Changes to hosting non-consumable in-app purchases in April 2022

Apple Recommended

  • On the official App Store Connect Help you can read under the link https://help.apple.com/app-store-connect/#/dev3cd978dbd still (as of March 13, 2022):

    Non-Consumable: A product that is purchased once and does not expire or decrease with use. Example: Race track for a game app. Apple can host your non-consumable products for you.

    I think it's time to point out the planned changes that will come into effect from April 2022. Thank you.

  • What assurance do we have that ODR support will not be pulled?

    We were told by Apple to not submit many apps based on a single engine so we designed an app-store into our engine and download using hosted content, which allows us to add content WITHOUT having to update the app. (ODR would require app update which is a bad user experience - we do use ODR for other apps where this issue is not relevant) Apple gets their cut of the IAP because we do charge for it, so I don't understand this. Seems crazy, really.

    Is this a bad dream? Alternative universe? :p

Add a Comment

Replies

Dear Jason,

Thank you for confirming that the email was genuine.

Can you explain why such a short notice period has been chosen for the removal of this feature? Of course features are sometimes removed, but I can really never think of a case where there has been so little notice - just five weeks, or only three weeks if you start counting at then point when Apple stopped telling me that the email was a hoax. I had to double-check what year it is when I read "April 2022".

ODR content will ... have a similar level of security as other Apple-hosted content.

But not the same level of security as SKDownloads, which are restricted to users who have purchased the corresponding IAP. Here is a quote from the StoreKit documentation:

Most apps should use Apple-hosted content for downloaded files. You create an Apple-hosted content bundle using the In-App Purchase Content target in Xcode and submit it to App Store Connect.

(snip)

Note Alternatively, you can use On-Demand Resources (ODR) for more flexibility in downloading data in your app. ODR is an Apple-hosted service you can use to store in-app purchase data for the user to download content once you've verified the user's purchase using the app receipt. The advantage of this alternative over SKDownload is that ODR doesn't require you to call to restore transactions and authenticate the user to download content hosted on Apple's server.

My emphasis. You claim it is an advantage that ODR does not require authentication. What The?????

If you need technical advice implementing ODR, you can submit a Technical Support Incident.

Developer Technical Support does not assist with the implementation of anti-piracy / digital rights management features. (Unless that has changed. Please let us know if that policy has changed recently.)

Dear Jason,

I just have to chime in to voice our displeasure at the insanely short notice of this change. One month's notice for a change of this magnitude is very short considering that you're asking us to implement an entirely separate and secure hosting setup, test it and ensure it is ready for full scale production in four weeks, despite an already packed development schedule (for many of us I'm sure). ODR is too limited an alternative for many people to plug into and as others have pointed out does not have the security of SKDownload.

I submit that 6 months is a more reasonable timeframe for such a grand change and ask you to pass it up the chain. Thank you.

I was actually working on some new IAPs for one of my apps which is totally based around downloadable sample-based instruments. I basically had to can about two months worth of work.

It was also a nightmare (for me, at least) getting the whole SK download stuff working properly. At one point, it was all working great, then there was an iOS update, and everything was broken again.

Maybe little wonder Apple decided to "deprecate" this...

So can anyone tell me the recommended way to deal with this; I have an app since 2016 which uses non consumable content. I just tried to upload a new non consumable as a pkg to apple but noticed there was no facility to add to the IAP within 'connect'. What is the best way forward with this?

can anyone tell me the recommended way to deal with this

That will depend on what server-side technologies you are familiar with or are already using, and how much security you need.

I use AWS, and I have a Lambda function that implements AppAttest to authorise a download from CloudFront / S3. The main disadvantage of this is the bandwidth cost. If I were starting from scratch I'd look at Cloudflare R2.