Ensure in_app_purchase plugin in compliance with new App Store SHA-256 receipts

[jmagman]

Apple will soon use SHA-256 for In-App Purchase receipts
https://developer.apple.com/news/?id=b6tejt6f

As part of ongoing efforts to improve security and privacy on Apple platforms, the App Store receipt signing intermediate certificate is being updated to use the SHA-256 cryptographic algorithm. This certificate is used to sign App Store receipts, which are the proof of purchase for apps and In-App Purchases.

Starting January 24, 2025, if your app performs on-device receipt validation and doesn't support a SHA-256 algorithm, your app will fail to validate the receipt. If your app prevents customers from accessing the app or premium content when receipt validation fails, your customers may lose access to their content.

More details in https://developer.apple.com/documentation/technotes/tn3138-handling-app-store-receipt-signing-certificate-changes

Ensure the StoreKit in_app_purchase implementation can handle this.
flutter/packages#7887

[jmagman]

@LouiseHsu assigning this to you to make sure the StoreKit 1 plugin is compliant, since you were just touching it flutter/packages#7887.

[LouiseHsu]

So after some investigating, I don't think this will affect in_app_purchase. This mostly affects on device receipt validation (eg. when you want to provide access to paid content while offline) which is not handled by the IAP package, and done by the developers themselves. I think we can close this.

[github-actions]

This thread has been automatically locked since there has not been any recent activity after it was closed. If you are still experiencing a similar issue, please open a new bug, including the output of flutter doctor -v and a minimal reproduction of the issue.