Featured Post

New MacBook Pro To Come Out In 2017

Apple will launch some new MacBook Pros later this year powered by Intel’s next-generation Kaby Lake processors and up to 32GB of desktop-class RAM, rather than the latest MacBook Pro processor the Skylake which maxes out at 16 GB of RAM and doesn’t support low power RAM in larger configurations....

Read More

In-App Purchase Hack Allows You to Get Free Stuff

Posted by Zack | Posted in Consumer Electronics | Posted on 17-07-2012

Tags: , , , ,

0

In-App PurchaseAbout a week ago, Alexey Borodin, a Russian developer, hacked Apple’s In-App Purchase program for every device running anything from Apple iOS 3.0 to iOS 6.0. This allowed iPhone, iPad and iPod touch users to circumvent the payment process and basically steal any in-app content that they wanted to.

Apple confirmed the hack and stated that it was investigating the issue and, this week, tried to block the hack, though was unsuccessful. Now, Apple is starting to offer a proper solution, although it isn’t quite ready. Apple has started including unique identifiers in the validation receipts for in-app purchases. Developers recently started seeing the new receipts, which include a new field called “unique_identifier”.

According to a report from MacRumors, “As one developer noted to us, apps are no longer supposed to be collecting the UDID and thus it is unclear whether Apple’s use of the identifier for this purpose is simply a first step toward a broader implementation of unique receipt identifiers for increased security or if Apple is attempting to identify those users and devices who are sharing their receipts with the Russian hacker to allow the method to function.”

The worst part about this hack is that iOS developers have absolutely no way of protecting their apps. Store receipts don’t work since the only thing you need to bypass this is a single donated receipt which can then be used to authenticate anyone’s purchase requests. Borodin’s circumvention technique relies on installing certificates, changing DNS settings to allow the authentication of the purchases and then emulating the receipt verification server on the Apple App Store.

The unique identifiers have set Apple on a proper path to a decent solution, though Borodin has declared that he wants the company to fix the problem by either changing its APIs or placing new blocks on its service. It seems that Apple will have to start encrypting the connection and update iOS so that it is unaware of the changes being made. In turn, this will stop apps from being able to approve false purchases.

Source: ZD Net – Apple adds unique identifiers to fight iOS in-app purchase hack

Find out what is going on in the Tech Army World.

What are the Top 10 Money Making Missions?

What other companies have joined and what do they do?

How do I join the
Tech Army Organization ?

facebookShare on Facebook
TwitterTweet
FollowFollow us

Write a comment