Developer Heads Up: Don’t Forget About Receipt Validation In The Mac App Store

You can add receipt validation code to your application to prevent unauthorized copies of your application from running. Refer to the license agreement and the review guidelines for specific information about what your application may and may not do to implement copy protection.

Receipt validation requires an understanding of cryptography and a variety of secure coding techniques. It’s important that you employ a solution that is unique to your application.

You should perform receipt validation immediately after your application is launched, before displaying any user interface or spawning any child processes. Ideally, this check should happen in main, before NSApplicationMain is called. For additional security, you may repeat this check periodically while your application is running.

Otherwise, you could just download a paid application from the App Store, and freely distribute it to your friends. We want to make developers aware of the issue before you sell your app: Apple does not take care of this for you.