Apple responds to hacked in-app purchasing system

Apple has responded to news broke earlier today about a Russian hacker that was able to circumvent the company’s in-app purchasing system.

“The security of the App Store is incredibly important to us and the developer community,” Apple representative Natalie Harrison, told The Loop. “We take reports of fraudulent activity very seriously and we are investigating.”

9to5Mac says the “in-app proxy” hack doesn’t require the phone to be jailbroken and will allow users to install in-app purchases for free. However, this means that you will give information to the Russian hacker’s server, which doesn’t seem like the best idea to me.

Of course, stealing in-app purchases from developers isn’t a good idea either.

  • Jim I’d say that stealing from developers is pretty low, even if some developers (“free” games that are really “insert coin to advance” schemes) seem greedy enough to deserve it.

    • Uther_Pendragon

      The reason developers do that is because there is no way for users to “try before you buy.” Only your mother would work 100+ hours purely for your enjoyment. To think otherwise is just silly.

      • deviladv

        Uther, some are try before you buy, but that’s not what Steve is talking about, he’s talking about these games where the game is free, but you end up spending $100 because you can’t possibly get any enjoyment or even any advancement out of the game without buying the extras. Worse, it makes you pay in drips and drabs so you don’t know how much you are paying until too late. With something like Call of Duty I know what I’m getting up front and how much it costs. With these types of games it advertises as free but tries to find people to trick into paying money over time.

        Steve is definitely NOT talking about games where you try level 1 for free and the remaining 39 levels are $6.99. That’s understandable and not low down.

        • Uther_Pendragon

          Ah, I see. Yes I know what you are talking about. I’ve never tried one of those games. If I see a bunch of stuff in the in-app-purchase list, I avoid like the plague. lol.

  • Jonathan Fletcher

    They can make money any way they want, in my book. If I don’t like their techniques I can just uninstall their app. If I like the app I will pay for it. The amounts involved are usually pretty minuscule. Sounds to me like the most self-regulating system there is. In fact, just invented a name for it. I call it “free market.” What a great idea! I think I’ll trademark it. ::-)

    • NowYouOweMe

      Yeah, you should trademark it, calling it “TradeMarket”.

    • albertkinng

      Well, one app that is good but I ended up deleting it was Pages 5/3 a sketching app that is free and don’t let you sketch as you should until you pay $7.99 to start sketching. Lame lame lame. Good I found Procreate for $4.99 with everything included and a store to superchage it if YOU WANT.

  • My understanding is that it might also be the developers fault.

    When you receive a purchase receipt for an in app purchase from Apple, you are supposed to validate it (Apple documents this and explain how to do it). Since those receipts are handed over by the network and anyone controlling the network can fake those receipts, you need to validate them and not blindly accept everything you get served. This would explain why this technic works only for some apps (not authenticating the receipt) while it gets rejected by others (that do authenticate the receipts).

    Conclusion ? RTFM and follow Apple guidelines.

    • Peter Johnson

      I just knew someone would take this half-informed view!

      The method Apple suggests is fine if your app is already using a server to download content- (just add code to validate the app store information directly from your server to Apple) but that is an enormous overhead to add if your app does not already communicate with a server.

      Conclusion ? Its more complicated than you think

      • ev0lution

        I think ‘enormous overhead’ is a bit of an overstatement but hey, it’s entirely up to app developers how far they go to protect their sales – Apple gives a method of validation and I think it goes to show how lazy some people can be!

      • Indeed. My bad.

  • cparnot

    Hopefully the guy gets sued by Lodsys.

  • Angry customer

    I think its not good because i see THE last year more hacks on Apple,their is on internet also too Find that Apple servers also are hacked since 2010 and people get robbed off their real money!and they tell in THE media Apple cant be hacked sure! Their is 1 game who deserve that their in app purchases are free!the app is called Card ace casino from big fish company that are THE new owners!Why: they tell every where they can in media and social media About their fair game Play but they steal our prices we won on slots back in next spin i told them in oktober 2011 too fix it,they never did.they stole for more then 100 ml chips off me,never got It back and 100 ml means when you have too buy that amount off chips its worth 4000 real dollars $ or in europe it is 3199,60 euro€!its à big scam worldwide i Find they must give my chips back or be banned off THE app store!with their built in stealing bug,i got THE data who knows à independent american company that controls their data with my data!because i only now that i must leave it by THE FBI otherwise and im not alone!thats why they talk over à 54 ml $ profit on yearly base but they really must tell that they steal from 54 ml $ 15% of that amount is free stolen money from usersthats how they make money i hope gamemakers have told it too big fish company that they have à built in stealing bug when they sold it too them!!i have emails they admit their stealing bug!!

  • Erik Scrafford

    I’m surprised everyone is so focused on the piracy issue, and not the potential for this to become a real man in the middle attack where someone is stealing itunes account credentials without anyone noticing.

    • James

      Either you don’t understand this “hack” or you have misplaced sympathy for user. This isn’t something that can be imposed on iOS user against their will. This is something users are installing so they can steal in app purchase content.

  • John
  • Joyce

    Every time I make a purchase I get Charged 2 times for each purchase in Big Fish Casino

  • sky

    Gaming & apple

    ferengi rules of acquisition !!!!

    Once you have their money … never give it back. Never pay more for an acquisition than you have to. Never allow family to stand in the way of opportunity. A man is only worth the sum of his possessions. (From Enterprise, episode “Acquisition”; sloppy script-writing, as rule 6 (see above) was already given in DS9) Keep your ears open. Small print leads to large risk. Opportunity plus instinct equals profit. Greed is eternal. Anything worth doing is worth doing for money. A deal is a deal … until a better one comes along. A contract is a contract is a contract (but only between Ferengi). A Ferengi without profit is no Ferengi at all. Satisfaction is not guaranteed. Never place friendship above profit. A wise man can hear profit in the wind. Nothing is more important than your health–except for your money. There’s nothing more dangerous than an honest businessman. Never make fun of a Ferengi’s mother … insult something he cares about instead. It never hurts to suck up to the boss. War is good for business. Peace is good for business. She can touch your lobes but never your latinum. Profit is its own reward. Never confuse wisdom with luck. Expand, or die. Don’t trust a man wearing a better suit than your own. The bigger the smile, the sharper the knife. Females and finance don’t mix. Never ask when you can take. Good customers are as rare as latinum — treasure them. There is no substitute for success. Free advice is seldom cheap. Keep your lies consistent. The riskier the road, the greater the profit. Win or lose, there’s always Hyperian beetle snuff. Home is where the heart is … but the stars are made of latinum. Every once in a while, declare peace. It confuses the hell out of your enemies. Beware of the Vulcan greed for knowledge. The flimsier the product, the higher the price. Never let the competition know what you’re thinking. Ask not what your profits can do for you, but what you can do for your profits. Females and finances don’t mix. Enough … is never enough. Every man has his price. (DS9 season 6, episode 19 – “In the Pale Moonlight”) Trust is the biggest liability of all. Nature decays, but latinum lasts forever. Sleep can interfere with profit. (DS9 season 2, episode 7 – “Rules of Acquisition”) Faith moves mountains … of inventory. There is no honour in poverty. Dignity and an empty sack is worth the sack. Treat people in your debt like family … exploit them. Never have sex with the boss’s sister. Always have sex with the boss. You can’t free a fish from water. Everything is for sale, even friendship. Even a blind man can recognize the glow of latinum. You can’t make a deal if you’re dead. (DS9 season 7, episode 8 – “The Siege of AR-558”) Wives serve, brothers inherit. Only fools pay retail. There’s nothing wrong with charity … as long as it winds up in your pocket. Even in the worst of times someone turns a profit. Whisper your way to success. (DS9 season 7, episode 9 – “Covenant”) Know your enemies … but do business with them always. Not even dishonesty can tarnish the shine of profit. Let others keep their reputation. You keep their money. Hear all, trust nothing. Never cheat a Klingon … unless you’re sure you can get away with it. It’s always good business to know about new customers before they walk in the door. The justification for profit is profit. New customers are like razortoothed grubworms. They can be succulent, but sometimes they can bite back. Sometimes the only thing more dangerous than a question is an answer. Employees are rungs on the ladder of success. Don’t hesitate to step on them. Never begin a negotiation on an empty stomach. You can’t free a fish from water. Always know what you’re buying. Beware the man who doesn’t make time for oo-mox. Latinum lasts longer than lust. You can’t buy fate. Never be afraid to mislabel a product. More is good … all is better. A wife is a luxury … a smart accountant is a necessity. A wealthy man can afford anything except a conscience. Never allow doubt to tarnish your love of latinum. When in doubt, lie.

    Deep down everyone’s a Ferengi.

    No good deed ever goes unpunished.