We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple says it's investigating App Store hack

Apple has responded to news of the App Store in-app purchases hack, claiming that it is investigating.

Apple has responded to news of the App Store in-app purchases hack, claiming that it is investigating.

Apple told The Loop: "The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating."

It turns out crime doesn't pay anyway. The Russian developer, who published the method of obtaining free in-app purchases (IAP), netted just $6.78 in PayPal donations, despite the fact that over 30,000 in-app transactions were made using his hack.

The people who really lose out are Apple's developers. The best advice to developers is to use their own mechanism to validate IAP receipts.

The hack lets iOS users trick the App Store into giving them in-app purchases for free went public at the end of last week, potentially costing app makers revenue and causing Apple a major headache.

Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps - including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they're communicating with the App Store, when they're actually going to a web server that pretends to the App Store instead. The exploit works in part by faking - or "spoofing" - the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.

Related:

Hacker exploits iOS flaw for free in-app purchases


IDG UK Sites

Best Christmas 2014 UK tech deals, Boxing Day 2014 UK tech deals & January sales 2015 UK tech...

IDG UK Sites

LED vs Halogen: Why now could be the right time to invest in LED bulbs

IDG UK Sites

Christmas' best ads: See great festive spots studios have created to promote themselves and clients

IDG UK Sites

Stop running out of cellular data on your iPhone, see which apps use the most data