We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Apple says it's investigating App Store hack

Apple has responded to news of the App Store in-app purchases hack, claiming that it is investigating.

Apple has responded to news of the App Store in-app purchases hack, claiming that it is investigating.

Apple told The Loop: "The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating."

It turns out crime doesn't pay anyway. The Russian developer, who published the method of obtaining free in-app purchases (IAP), netted just $6.78 in PayPal donations, despite the fact that over 30,000 in-app transactions were made using his hack.

The people who really lose out are Apple's developers. The best advice to developers is to use their own mechanism to validate IAP receipts.

The hack lets iOS users trick the App Store into giving them in-app purchases for free went public at the end of last week, potentially costing app makers revenue and causing Apple a major headache.

Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps - including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they're communicating with the App Store, when they're actually going to a web server that pretends to the App Store instead. The exploit works in part by faking - or "spoofing" - the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.

Related:

Hacker exploits iOS flaw for free in-app purchases


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite