Apple responds to hacked in-app purchasing system

Written by

Apple has responded to news broke earlier today about a Russian hacker that was able to circumvent the company’s in-app purchasing system.

“The security of the App Store is incredibly important to us and the developer community,” Apple representative Natalie Harrison, told The Loop. “We take reports of fraudulent activity very seriously and we are investigating.”

9to5Mac says the “in-app proxy” hack doesn’t require the phone to be jailbroken and will allow users to install in-app purchases for free. However, this means that you will give information to the Russian hacker’s server, which doesn’t seem like the best idea to me.

Of course, stealing in-app purchases from developers isn’t a good idea either.



  • http://twitter.com/scblock Steve Block

    Jim I’d say that stealing from developers is pretty low, even if some developers (“free” games that are really “insert coin to advance” schemes) seem greedy enough to deserve it.

    • Uther_Pendragon

      The reason developers do that is because there is no way for users to “try before you buy.” Only your mother would work 100+ hours purely for your enjoyment. To think otherwise is just silly.

      • deviladv

        Uther, some are try before you buy, but that’s not what Steve is talking about, he’s talking about these games where the game is free, but you end up spending $100 because you can’t possibly get any enjoyment or even any advancement out of the game without buying the extras. Worse, it makes you pay in drips and drabs so you don’t know how much you are paying until too late. With something like Call of Duty I know what I’m getting up front and how much it costs. With these types of games it advertises as free but tries to find people to trick into paying money over time.

        Steve is definitely NOT talking about games where you try level 1 for free and the remaining 39 levels are $6.99. That’s understandable and not low down.

        • Uther_Pendragon

          Ah, I see. Yes I know what you are talking about. I’ve never tried one of those games. If I see a bunch of stuff in the in-app-purchase list, I avoid like the plague. lol.

  • Jonathan Fletcher

    They can make money any way they want, in my book. If I don’t like their techniques I can just uninstall their app. If I like the app I will pay for it. The amounts involved are usually pretty minuscule. Sounds to me like the most self-regulating system there is. In fact, just invented a name for it. I call it “free market.” What a great idea! I think I’ll trademark it. ::-)

    • NowYouOweMe

      Yeah, you should trademark it, calling it “TradeMarket”.

    • albertkinng

      Well, one app that is good but I ended up deleting it was Pages 5/3 a sketching app that is free and don’t let you sketch as you should until you pay $7.99 to start sketching. Lame lame lame. Good I found Procreate for $4.99 with everything included and a store to superchage it if YOU WANT.

  • http://twitter.com/Awax Awax

    My understanding is that it might also be the developers fault.

    When you receive a purchase receipt for an in app purchase from Apple, you are supposed to validate it (Apple documents this and explain how to do it). Since those receipts are handed over by the network and anyone controlling the network can fake those receipts, you need to validate them and not blindly accept everything you get served. This would explain why this technic works only for some apps (not authenticating the receipt) while it gets rejected by others (that do authenticate the receipts).

    Conclusion ? RTFM and follow Apple guidelines.

    • Peter Johnson

      I just knew someone would take this half-informed view!

      The method Apple suggests is fine if your app is already using a server to download content- (just add code to validate the app store information directly from your server to Apple) but that is an enormous overhead to add if your app does not already communicate with a server.

      Conclusion ? Its more complicated than you think

      • ev0lution

        I think ‘enormous overhead’ is a bit of an overstatement but hey, it’s entirely up to app developers how far they go to protect their sales – Apple gives a method of validation and I think it goes to show how lazy some people can be!

      • http://twitter.com/Awax Awax

        Indeed. My bad.

  • cparnot

    Hopefully the guy gets sued by Lodsys.

  • Angry customer

    I think its not good because i see THE last year more hacks on Apple,their is on internet also too Find that Apple servers also are hacked since 2010 and people get robbed off their real money!and they tell in THE media Apple cant be hacked sure! Their is 1 game who deserve that their in app purchases are free!the app is called Card ace casino from big fish company that are THE new owners!Why: they tell every where they can in media and social media About their fair game Play but they steal our prices we won on slots back in next spin i told them in oktober 2011 too fix it,they never did.they stole for more then 100 ml chips off me,never got It back and 100 ml means when you have too buy that amount off chips its worth 4000 real dollars $ or in europe it is 3199,60 euro€!its à big scam worldwide i Find they must give my chips back or be banned off THE app store!with their built in stealing bug,i got THE data who knows à independent american company that controls their data with my data!because i only now that i must leave it by THE FBI otherwise and im not alone!thats why they talk over à 54 ml $ profit on yearly base but they really must tell that they steal from 54 ml $ 15% of that amount is free stolen money from usersthats how they make money i hope gamemakers have told it too big fish company that they have à built in stealing bug when they sold it too them!!i have emails they admit their stealing bug!!

  • Erik Scrafford

    I’m surprised everyone is so focused on the piracy issue, and not the potential for this to become a real man in the middle attack where someone is stealing itunes account credentials without anyone noticing.

    • James

      Either you don’t understand this “hack” or you have misplaced sympathy for user. This isn’t something that can be imposed on iOS user against their will. This is something users are installing so they can steal in app purchase content.

  • John

    i found a site http://www.iapphacks.com

  • Joyce

    Every time I make a purchase I get Charged 2 times for each purchase in Big Fish Casino