Build With RevenueCat

Build a customized mobile subscription business with RevenueCat. We do the heavy lifting of normalizing subscribers from any source and maintain a single source of truth for subscription status, so you can get back to building your app.

RevenueCat is a powerful, secure, reliable, and free to use in-app purchase server with global support. All you need to get started is an API key.

Ask A Question



Handling purchases by a new user on an existing Apple ID

Hello! We're trying to get our heads wrapped around an edge case using the new createAlias and identify features. In this case: 1) Device with signed in Apple ID that has made a non-consumable purchase then associated with User 1 in RevenueCat. 2) User 1 signs out and User 2 launches the app on the same device. 3) Our onboarding flow allows users to make anonymous purchases (great use for createAlias) before creating a user account. User 2 makes a purchase before creating an account, thereby making an anonymous purchase with the Apple ID of User 1. 4) User 2 makes then an account, causing createAlias to be called on the anonymous purchase and then linked with the new account. 5) It seems the resulting status in RevenueCat is having User 2 linked up with User 1 and both having access to purchases made on the Apple ID. Normally this would be protected by allowSharingAppStoreAccount being false, but it is (necessarily I assume) set to true for anonymous purchases so you can link them to an account with createAlias. I think my core question is: can RevenueCat protect against an anonymous purchase being used to inappropriately link accounts with createAlias or is this an edge case the developer needs to plan for? Secondary question is just whether we're missing something and the premise is incorrect. :) My guess is that this is an edge case the developer needs to guard against this case. It's hard for me to imagine how RevenueCat could (or even whether it should). The only thing I can think of is maybe a way to pass an Apple ID to find out if it's already been "claimed" by a RevenueCat user and, if so, show appropriate UI to any other user that attempts to sign in or make transactions on that device. Thanks!

Posted by Brock Klein about a year ago