SEARCH

Technology » Internet

Updated: July 16, 2012 02:33 IST

Russian hacker exposes flaws with Apple’s ‘in-app’ purchases

Karthik Subramanian
Comment   ·   print   ·   T  T  
In-app purchases have been a prominent way for developers to put out free apps for mobile devices and make money by allowing users to try the App first. This is specially the case with popular games. A Russian hacker has found a way to circumvent Apple's in-app purchase system.
In-app purchases have been a prominent way for developers to put out free apps for mobile devices and make money by allowing users to try the App first. This is specially the case with popular games. A Russian hacker has found a way to circumvent Apple's in-app purchase system.

Explains way to purchase its merchandise for free without jailbreaking iOS devices

Apple prides itself in putting out mobile gadgets that offer best-in-class security for both users and developers that any news of breach or hacks inevitably becomes a surprising event.

Over the past few days, online technology forums are abuzz about how a Russian hacker Alexy V. Borodin, who goes by the moniker ‘ZonD80’ on YouTube, has discovered a way to circumvent payments for Apple iOS’s popular ‘in-app’ purchase that could potentially lead to losses for developers who put out free Apps (applications) for Apple devices - iPhone, iPad and Mac - hoping to earn through “in-app” purchases. The format of payments has been vital to the bludgeoning growth of Apps in the Apple ecosystem as it allows users to ‘try before buying’.

Reputed Apple watch website 9to5mac.com reported the breach on Friday (July 13) citing that Borodin’s ‘in-app’ proxy had been noticed first by a Russian technology blog. In three simple steps, the proxy enabled iOS device users to make in-app purchases for free and did not even require jailbreaking of the devices. (‘Jailbreaking’ is the popular term for unlocking mobile devices from restrictions of use imposed usually by the manufacturer and the telecom service provider.)

Though the method to circumvent the in-app purchases has been doing the rounds in mostly technical forums of the Web, Apple has not commented much beyond the very cursory statement that it takes security very seriously and is looking into the problem. Over the years, the company has gained a reputation of speaking very cautiously and very little even at times of crises. The first reaction seems to have been taking down the YouTube video that promoted on how the ‘in-app’ purchases could be done for free circumventing Apple’s payment verification system.

The hacker, on his part, on the website - http://www.in-appstore.com/ - has clarified that the intention of putting out the exploit for every one to see was to raise awareness. “I did not steal any money. Nobody lost at least one cent from their iTunes store accounts. If you are claiming, that money was stolen via in-app purchases, u're wrong. Zero in-app purchases were made in real appstore via this service. I did not hack anything. I just wrote app-store replacement. And it's a big idea to create yet another world of apple for our iDevices.”

Though the news about the exploit has been out since Friday and Apple has already started acting on the exploit, the hacker has continued to keep the heat on. On a blog post dated July 15, he promised to keep putting ways how the Apple’s app-store system could be twisted illegally.

This article is closed for comments.
Please Email the Editor

Gadgets

Technology


O
P
E
N

close

Recent Article in Internet

Google may allow kids under 13 to sign up for Gmail, YouTube

For the first time, internet giant Google is to open Gmail, YouTube and some of its other services to children under the age of 13, acco... »