Saturday, July 14, 2012

Hacker develops method to sidestep the iOS in-app purchasing process

Lovin' your iOS device, but hating games that seem to require in-app purchases to beat them, or any other apps that have similar in-app purchases? Well, this Russian hacker has a deal for you.

Using a "we're sure it's going to be closed soon" exploit, Russian developer ZonD80 has created a method that enables "buying" of in-app purchases from iOS apps for free. The hack requires users to install special security certificates on their iDevice, as well as being on a wi-fi network so that the DNS settings can be altered.

Notably, the hack does not require jailbreaking of the device; ZonD80 has posted a video demo of the method to YouTube (embedded) as well.

It works by sending purchase attempts to third-party servers where they are validated and returned to the application as if the transaction was completed.  Once that's done, you'll see the prompt above, rather than the normal in-app purchase dialog.

ZonD80 also runs a website called where donations are being accepted to support the development of the "project" and help keep the aforementioned servers running.

He doesn't seem to really be in it for the money, though. ZonD80 has a post up on that site, one that says:

"Apple, please contact me: I want to share my experience with you, if you give me one iPhone 5 for free!"
Somehow we expect he will receive no response. Apple doesn't look too kindly on "extortion."

Though we certainly do not approve of this method of (let's face it) ripping off developers and Apple, quite a few appear to be trying it, and while it works sometimes, it's not working in all cases.

Although ZonD80 warns users to “not pirate AppStore apps," he seems to be actively assisting users of the hack who are having difficulties. It's unclear if a change to fix this exploit will require on-device ROM changes, back-end changes, or both.

No comments: