On Mac apps you should validate the app store receipt to ensure the .app wasn't copied and running on an unauthorized computer. Finding the receipt is easy. Reading and parsing it is another matter. All of the examples are in Objective-C and seem to include libraries not part of Mono?
For example:
/* The PKCS #7 container (the receipt) and the output of the verification. */
BIO *b_p7; // Where in Mono/Xamarin?
PKCS7 *p7;
/* The Apple root certificate, as raw data and in its OpenSSL representation. */
BIO *b_x509;
X509 *Apple;
/* The root certificate for chain-of-trust verification. */
X509_STORE *store = X509_STORE_new();
/* ... Initialize both BIO variables using BIO_new_mem_buf() with a buffer and its size ... */
/* Initialize b_out as an output BIO to hold the receipt payload extracted during signature verification. */
BIO *b_out = BIO_new(BIO_s_mem()); // Where in Mono/Xamarin?
Does anyone have a working example of how to validate a local receipt for Mac apps? Unless you do so, nothing prevents someone from copying the .app file over to any computer and running your app. Only receipt validation ensures your Mac app is running on the computer that downloaded the app from the Mac App Store.
I appreciate any feedback.
Thanks!