upcoming requirements : App store receipt sigining certificate sha-1 intermdiate certificate used for signing App store receipts expires on Jan 2025

I received the following warning in my Apple account: 'App Store receipt signing certificate SHA-1 intermediate certificate used for signing App Store receipts expires on January 24, 2025. If your app performs on-device receipt validation, make sure it supports the SHA-256 algorithm.'

My React Native app uses react-native-billing and InAppUtils. After a successful purchase, a backend API is called to verify the receipt.

In my case, do I need to update the app-side code, or should I update the server-side code to use the SHA-256 algorithm?

We know, App Store receipt signing certificate changes affect the following

• Perform on-device receipt validation, as described in Validating receipts on the device

• Use code to verify the chain of trust that doesn’t support the SHA-256 algorithm or relies on an expectation that the certificate encryption uses only SHA-1.

Does NOT affect any of the following transaction or receipt validation methods

• Validating app and in-app purchase transactions using AppTransaction and Transaction.
• Server-to-server receipt verification using the verifyReceipt endpoint. For more information, see Validating receipts with the App Store.

So if there is NO local device receipt validation and only server-to-server receipt verification, there is nothing you should do.

Ref: https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes