It wasn’t long after the introduction of the App Store on iOS before a separate app store for hacked apps appeared. Now it looks like the in-app purchasing system may have been circumvented without requiring a jailbreak. A Russian developer has created two certificates that can be installed on an iOS device that tricks apps into believing in-app purchases have been made, all without contacting Apple’s servers.
In addition, users are required to change the DNS settings of their WiFi connection on iOS to make the hack work. When users go to purchase content, the in-app prompt is replaced with a message asking the users to “like” the website. The app is then fooled into thinking the transaction has gone through, with purchased content then able to be used. The hack gathers a whole host of information too, including the GUID of your iDevice and application version numbers.
Apple has provided the following statement on the situation:
“The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating.” -Apple Representative
The developer is accepting donations on his website in an effort to spur momentum for the project, as currently it doesn’t work with every app in Apple’s library. While the developer encourages users not to pirate apps or abuse the tool, he reportedly helps those who are running into trouble with in-app purchases that aren’t working with the hack.