Apple in-app purchasing hack blocked in part

Jul 16, 2012
0
Apple in-app purchasing hack blocked in part

Last week there was a bit of break in Apple's in-app purchasing rules with a Russian developer pushing a mechanism that bypassed in-place locks: this weekend, Apple fixed it up real nice. It appears that the developer, Alexey V Borodin, has had the server for his app blocked by Apple, while Apple also followed up with a takedown request on the original server, took down third-party authentication of it, and issued a copyright claim with the YouTube video used to document the method used to break the system. At the moment, the method itself is being reported as still working - just not through anything Borodin has made.

Apple did issue a statement on Friday on the issue, saying that "the security of the App Store is incredible important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating." After Borodin claimed he'd had over 30,000 in-app payment requests, Apple cut his efforts down.

Borodin notes now that he's working with an offshore country that will supposedly be able to evade Apple's legal requests. His method currently requires that users still sign in to their iTunes account so that, as he says, "they don't scream to the Internet that I am stealing their credentials."

The reason Borodin is doing this remains ever so slightly unclear, though his evading of Apple's restrictions on his methods may seem reason enough for a developer such as he. Borodin has said that he's calling on Apple to place new blocks on its service or to adapt its APIs - though we're pretty sure Apple isn't going to be taking orders from what they consider a hacker, one way or another, any time soon.

[via The Next Web]


Must Read Bits & Bytes