I received the following warning in my Apple account: 'App Store receipt signing certificate SHA-1 intermediate certificate used for signing App Store receipts expires on January 24, 2025. If your app performs on-device receipt validation, make sure it supports the SHA-256 algorithm.'
My React Native app uses react-native-billing and InAppUtils. After a successful purchase, a backend API is called to verify the receipt.
In my case, do I need to update the app-side code, or should I update the server-side code to use the SHA-256 algorithm?
We know, App Store receipt signing certificate changes affect the following
Perform on-device receipt validation, as described in Validating receipts on the device
Use code to verify the chain of trust that doesn’t support the SHA-256 algorithm or relies on an expectation that the certificate encryption uses only SHA-1.
Does NOT affect any of the following transaction or receipt validation methods
So if there is NO local device receipt validation and only server-to-server receipt verification, there is nothing you should do.