Bad news for iOS developers. A Russian hacker found a way to download in-app purchases without paying for them, writes VentureBeat after information from 9to5Mac. It’s a three-step process that works on phones that are not jail-broken. Apple is working on the issue.
For iPhone app developers the security of the app store is of course of utmost importance. Many apps are free, and next to in-app advertising their developers choose to sell extra features within the app.
The Russian hacker published his findings in a YouTube video. To avoid the charge, users have to install two certificates and change their DNS settings. The video doesn’t display the settings, because the project is said to be in an early stage. According to 9to5Mac the hack works with iOS versions as far back as iOS 3.
The hack is not always successful, possibly because developers have the option to approve in-app purchase receipts before a transaction is completed.
VentureBeat warns users not to use the video’s instructions, as you will invite someone to access your data. That’s a risky business. Besides that, taking something without paying for it is of course theft. As an iPhone app developer in NYC this hacking news is troubling and could eventually cause major disruptions to the app ecosystem if the problem is not dealt with accordingly.