We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Apple says it's investigating App Store hack

Apple has responded to news of the App Store in-app purchases hack, claiming that it is investigating.

Apple has responded to news of the App Store in-app purchases hack, claiming that it is investigating.

Apple told The Loop: "The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating."

It turns out crime doesn't pay anyway. The Russian developer, who published the method of obtaining free in-app purchases (IAP), netted just $6.78 in PayPal donations, despite the fact that over 30,000 in-app transactions were made using his hack.

The people who really lose out are Apple's developers. The best advice to developers is to use their own mechanism to validate IAP receipts.

The hack lets iOS users trick the App Store into giving them in-app purchases for free went public at the end of last week, potentially costing app makers revenue and causing Apple a major headache.

Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps - including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they're communicating with the App Store, when they're actually going to a web server that pretends to the App Store instead. The exploit works in part by faking - or "spoofing" - the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.


Hacker exploits iOS flaw for free in-app purchases

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 off Retina iMac with new model