Apple patching in-app purchase bug that allowed buying for free

Apple patching in-app purchase bug that allowed buying for free
Just recently, news broke that Apple’s implementation of in-app purchases is flawed, allowing hackers like Russian Alexey Borodin to circumvent Apple’s servers and trick apps into thinking you’ve paid for things inside it while you actually haven’t. This was all possible because of two things - first Apple didn’t use a unique identifier for each of the purchases, and secondly because developers often neglected to validate their in-app purchase receipts.

And now Apple is introducing a unique identifier for each of the purchases - a likely step towards patching that bug. It’s actually not completely clear whether the newly implemented unique identifier for in-app purchases is indeed aimed at patching that hole in the system, but at least that’s the most likely reason, especially as Apple adds it mere days after the hack was made public.

For the time being, though, you can still circumvent the system and use a third-party server to fool apps into thinking you are buying items while not actually paying.

source: MacRumors


Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit for samples and additional information.
FCC OKs Cingular's purchase of AT&T Wireless