We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
79,018 News Articles

Apple says it's investigating App Store hack

Apple has responded to news of the App Store in-app purchases hack, claiming that it is investigating.

Apple has responded to news of the App Store in-app purchases hack, claiming that it is investigating.

Apple told The Loop: "The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating."

It turns out crime doesn't pay anyway. The Russian developer, who published the method of obtaining free in-app purchases (IAP), netted just $6.78 in PayPal donations, despite the fact that over 30,000 in-app transactions were made using his hack.

The people who really lose out are Apple's developers. The best advice to developers is to use their own mechanism to validate IAP receipts.

The hack lets iOS users trick the App Store into giving them in-app purchases for free went public at the end of last week, potentially costing app makers revenue and causing Apple a major headache.

Alexey V. Borodin of Russia built the in-app purchase hack, which requires several steps - including installing bogus certificates on your device, and using a specially-crafted DNS server. Those ingredients combine to fool apps into believing that they're communicating with the App Store, when they're actually going to a web server that pretends to the App Store instead. The exploit works in part by faking - or "spoofing" - the code receipts that Apple issues for in-app purchases which developers use for validation, with the iOS device configured to mistakenly believe that those receipts are coming directly from Apple.

Related:

Hacker exploits iOS flaw for free in-app purchases


IDG UK Sites

The 10 most ridiculously opulent, mega expensive and utterly stupid gadgets you can't afford

IDG UK Sites

iOS 8 review: Hands on with the iOS 8 beta

IDG UK Sites

5 things Android Wear *can't* do: Smartwatch OS is great but not flawless

IDG UK Sites

Free QuarkXPress update offers redlining, notes and image enhancement