I am attempting to validate a receipt in the sandbox environment (https://sandbox.itunes.apple.com/verifyReceipt). The response looks successful and it is showing me the LatestReceiptInfo and any InApp transactions. The part that is confusing me is that I am able to do it with an invalid secret as well. I am even able to verify with a receipt that was generated from a very different app. It appears as if validation is ignoring the shared secret entirely.I would expect a status code of 21003 for the valid receipt that wasn't created by my app. I would also expect a 21004 for the invalid secret. In both cases I get a status code of 0 and the receipt is available.There is something that I am not understanding about how verification works. Is this expected behavior for the sandbox? Below is the response body that i am sending to verify.{ "receipt-data": "MyReceiptData", "password": "FakePassword", "exclude-old-transactions": true }

For how long can a user resubscribe after their initial subscription has expired? I'm curious if we can expect to receive INTERACTIVE_RENEWAL notifications years after their initial subscription expired or is it only weeks, months, etc?

We have confirmed that INITIAL BUY and DID RENEW notifications are sending unified receipt but testing CANCEL, REFUND, and INTERACTIVE RENEWAL cannot be tested in sandbox or easily in production. Can we assume all IAP notifications are working as expected and sending unified receipts at this time?