Featured Post

Apple’s iTunes Movie Rentals May Soon Be Facing Competition from

Whether you love it or hate it, whether you think it is incredible for the music industry or running it into the ground, Apple’s iTunes IS one of the biggest things to happen to music in recent years. One thing that stands out about iTunes is that you can get more than just music. You can buy...

Read More

In-App Purchase Hack Allows You to Get Free Stuff

Posted by Zack | Posted in Consumer Electronics | Posted on 17-07-2012

Tags: , , , ,

0

In-App PurchaseAbout a week ago, Alexey Borodin, a Russian developer, hacked Apple’s In-App Purchase program for every device running anything from Apple iOS 3.0 to iOS 6.0. This allowed iPhone, iPad and iPod touch users to circumvent the payment process and basically steal any in-app content that they wanted to.

Apple confirmed the hack and stated that it was investigating the issue and, this week, tried to block the hack, though was unsuccessful. Now, Apple is starting to offer a proper solution, although it isn’t quite ready. Apple has started including unique identifiers in the validation receipts for in-app purchases. Developers recently started seeing the new receipts, which include a new field called “unique_identifier”.

According to a report from MacRumors, “As one developer noted to us, apps are no longer supposed to be collecting the UDID and thus it is unclear whether Apple’s use of the identifier for this purpose is simply a first step toward a broader implementation of unique receipt identifiers for increased security or if Apple is attempting to identify those users and devices who are sharing their receipts with the Russian hacker to allow the method to function.”

The worst part about this hack is that iOS developers have absolutely no way of protecting their apps. Store receipts don’t work since the only thing you need to bypass this is a single donated receipt which can then be used to authenticate anyone’s purchase requests. Borodin’s circumvention technique relies on installing certificates, changing DNS settings to allow the authentication of the purchases and then emulating the receipt verification server on the Apple App Store.

The unique identifiers have set Apple on a proper path to a decent solution, though Borodin has declared that he wants the company to fix the problem by either changing its APIs or placing new blocks on its service. It seems that Apple will have to start encrypting the connection and update iOS so that it is unaware of the changes being made. In turn, this will stop apps from being able to approve false purchases.

Source: ZD Net – Apple adds unique identifiers to fight iOS in-app purchase hack

Find out what is going on in the Tech Army World.

What are the Top 10 Money Making Missions?

What other companies have joined and what do they do?

How do I join the
Tech Army Organization ?

Write a comment