Last week, reports from MacWorld featured a “hack” in the iOS system, one which allowed for the “free access” for in-app purchases for a given number of apps. The said “hack” is slated to cause concern for a number of app developers, who potentially loose the chance to gain significant income from its proliferation.
A Russian coder identified as Alexey Borodin, as reported by MacWorld, is ascribed to be responsible for beefing up the hack, exploiting the utilization of digital certificates and working on specific DNS servers which could “fool” Apple’s App Store.
The thing with this hack is that it doesn’t involve any jailbreaking techniques, since it actually plays with a hole or a gap in the Apple ecosystem’s purchase/app ecosystem. Unlike other hacks, this one can work with a “pristine” iOS device, working with a set of “fixed code receipts” that indicate the authenticity of a given app’s purchase.
With the “hack”, an iPhone or iPad user could easily avail of in-app purchases, given that the App Store would see the hacked unit bear proof of purchase receipts.
Apple is well aware of the existence of the hack, and is currently investigating its proliferation and the gap it exploits in its own internal app purchase system. Various experts note that Apple won’t really be having a difficult time in “patching” the hack, but also notes that it should’ve been something Apple should’ve kept a close watch over.
Given the way Apple prices its products and services on premium purchase/subscription terms, something like an in-app hack shouldn’t be heard of.
Either way, it happened, which raises a lot of questions regarding just how secure and stable the Apple ecosystem actually is.