Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

MacRumors

macrumors bot
Original poster
Apr 12, 2001
63,290
30,373



As noticed by 9to5Mac, Apple has offered developers a series of best practices to prevent the In-App Purchase vulnerability, as well as promising a full fix in iOS 6. The advisement was sent to developers in an email today.

NewImage18.png



CNET was issued this statement by Apple:
"We recommend developers follow best practices at developer.apple.com to help ensure they are not vulnerable to fraudulent In-App purchases," Apple spokesperson Tom Neumayr told CNET. "This will also be addressed with iOS 6."
Apple issued this note to developers on the iOS Developer webpage, along with a series of suggestions to help verify that in-app purchases are legitimate:
A vulnerability has been discovered in iOS 5.1 and earlier related to validating in-app purchase receipts by connecting to the App Store server directly from an iOS device. An attacker can alter the DNS table to redirect these requests to a server controlled by the attacker. Using a certificate authority controlled by the attacker and installed on the device by the user, the attacker can issue a SSL certificate that fraudulently identifies the attacker's server as an App Store server. When this fraudulent server is asked to validate an invalid receipt, it responds as if the receipt were valid.
News of the in-app purchase hack broke a week ago, and Apple has made several attempts to prevent users using the hack. It allows users to avoid paying for in-app purchases by using a third-party server as a "man-in-the-middle" attack. Apple now includes the UDID identifier in in-app purchase receipts in an attempt to increase the security of purchases.

Article Link: In-App Purchase Vulnerability to Be Fixed in iOS 6; Apple Offers Best Practices to Developers
 

ideal.dreams

macrumors 68020
Jul 19, 2010
2,374
1,073
I'm so-so on this. I can understand paying in-app for an application you initially downloaded for free, but if you've already paid for an app, why should you have to pay MORE to gain enhancements? I'm all for supporting the developers, believe me, I know that they work hard and it's a steady income for most, but I'm not going to find myself paying additional money for something in an app that I've already paid for to get more from the app.
 

jeckels

macrumors newbie
Jul 20, 2012
6
0
Some of the in-app purchases are just ridiculous but still doesn't mean you should cheat a developer out of money. They need to make a living too.
 

dave420

macrumors 65816
Jun 15, 2010
1,426
276
I think they're going to prevent in-app purchases from occurring in iOS 5.
So the original iPad is going to lose the ability to do in-app purchases? Maybe that's a good thing anyway.
 
Last edited by a moderator:

koolmagicguy

macrumors 6502
Feb 19, 2012
375
335
New York
I'm so-so on this. I can understand paying in-app for an application you initially downloaded for free, but if you've already paid for an app, why should you have to pay MORE to gain enhancements? I'm all for supporting the developers, believe me, I know that they work hard and it's a steady income for most, but I'm not going to find myself paying additional money for something in an app that I've already paid for to get more from the app.

I firmly agree. The Amazing Spider-Man (Gameloft, $6.99, LINK) has 10 in app purchases from $1.99 to $49.99. How can an in app purchase be worth more than the game itself? This from a game that has almost 4,000 reviews. Not everyone who buys the game writes a review. I can't do the math, but c'mon. I'm never going to buy a Gameloft game ever again.
 

faroZ06

macrumors 68040
Apr 3, 2009
3,387
1
I firmly agree. The Amazing Spider-Man (Gameloft, $6.99, LINK) has 10 in app purchases from $1.99 to $49.99. How can an in app purchase be worth more than the game itself? This from a game that has almost 4,000 reviews. Not everyone who buys the game writes a review. I can't do the math, but c'mon. I'm never going to buy a Gameloft game ever again.

Yeah, I think these kinds of in-app purchases are just unethical. I want to buy an app, but I don't know if it will let me do everything I want to in it. Some paid apps just don't let you do much unless you buy more stuff in the app.

Also, those things where you pay in order to cheat the game and unlock stuff that you're supposed to get by playing are dumb. An example would be paying real money to buy points in Temple Run. That's when I just go and modify my save file.
 

TouchMint.com

macrumors 68000
May 25, 2012
1,625
318
Phoenix
First off I have no IAP in my apps but I wish/pray that Apple could find a way to back charge for all the IAP bought through this hack.

If there is a credit card/gift card on file for the account charge it. If it goes over the balance rough deal with the bounce fees. Until the balance is even that users app store should be disabled.

If this was possible I think Apple could really send a message.
 

bbeagle

macrumors 68040
Oct 19, 2010
3,539
2,972
Buffalo, NY
I'm so-so on this. I can understand paying in-app for an application you initially downloaded for free, but if you've already paid for an app, why should you have to pay MORE to gain enhancements?

An app developer might have worked on his app for months, and the proper price would be $9.99 to pay for his time, but he doesn't get any bites, as it seems too high priced. He lowers the 'point of entry' to $2.99 - now many people download his app. But this is not enough to keep him afloat. He would rather develop software and work from his home than work for 'the man' in a big company at an office. He needs more money. So he can either make another app, or keep developing this app by making add-ins. He decides add-ins are the route to go, people love his .99 cent add-ins, and it helps him make enough money to work on another app.

... until this hacker comes along and allows people who would have bought his add-ins to get them for free. He now doesn't have much money to develop. You've now got a lost developer in the iOS app world. Apple, of course, doesn't like it. The more app developers they have, the more money they get both from the apps and from the hardware that runs the apps.
 

WardC

macrumors 68030
Oct 17, 2007
2,726
213
Fort Worth, TX
Apple needs to step in and make in-app purchases illegal altogether...all that stuff is just a ploy and gimmick to make developer's more money. If I am paying for an application, I don't want "half-ass" functionality which requires 10-100x what I paid for the app to get to use all the features. That is just ridiculous!

The way I basically see it, is the in-app purchases (especially games) feed on a user's craving for "more" out of the game. When a user realizes they cannot advance in a game or achieve a goal in the game without the in-app purchase, they will tap a button and charge a fee to their Apple Store account. A few of these "taps" and the user feels comfortable using this feature....and before you know it, they have tacked on $200 in fees for a $2.99 or FREE game download originally. The whole thing feeds on an addictive-nature to get you "hooked" on using the in-app purchases with the game....and it's making developer's bookoos of money. Now that a hacker has circumvented this, devs are crying about it, but the truth of the matter is in-app purchases are an evil, luring, deceptive, scheming beast altogether to sucker the public into forking over their wallets!!!

And that, my friends, is the reason I refuse to download and use apps and games with the in-app purchase feature. It's a gimmick made by *greedy greedy* developer types, and I am not buying into any of that junk, at all. Just not worth it.
 
Last edited:

nagromme

macrumors G5
May 2, 2002
12,546
1,196
I'm so-so on this. I can understand paying in-app for an application you initially downloaded for free, but if you've already paid for an app, why should you have to pay MORE to gain enhancements? I'm all for supporting the developers, believe me, I know that they work hard and it's a steady income for most, but I'm not going to find myself paying additional money for something in an app that I've already paid for to get more from the app.

How will I pay for making new levels for my game (no, I don’t really have one—right now) if you think all additions should be made free?

Never buy a game that isn’t worth the price you paid, “right out of the box"; reviews will help, and if you get ripped off I fee your pain.

And if the game IS worth what you paid, then there’s no need to get any more value, for free, out of the programmer’s sweat and dreams.

Therefore, buy the add-ons if they’re worth it, skip them if they’re not, but don’t steal them.

Some companies charge absurd prices for their games. Some do that for their IAP. Skip those companies, rather than spreading hacks that hurt everyone.


Apple needs to step in and make in-app purchases illegal altogether...all that stuff is just a ploy and gimmick to make developer's more money. If I am paying for an application, I don't want "half-ass" functionality which requires 10-100x what I paid for the app to get to use all the features. That is just ridiculous!

The way I basically see it, is the in-app purchases (especially games) feed on a user's craving for "more" out of the game. When a user realizes they cannot advance in a game or achieve a goal in the game without the in-app purchase, they will tap a button and charge a fee to their Apple Store account. A few of these "taps" and the user feels comfortable using this feature....and before you know it, they have tacked on $200 in fees for a $2.99 or FREE game download originally. The whole thing feeds on an addictive-nature to get you "hooked" on using the in-app purchases with the game....and it's making developer's bookoos of money. Now that a hacker has circumvented this, devs are crying about it, but the truth of the matter is in-app purchases are an evil, luring, deceptive, scheming beast altogether to sucker the public into forking over their wallets!!!

And that, my friends, is the reason I refuse to download and use apps and games with the in-app purchase feature. It's a gimmick made by *greedy greedy* developer types, and I am not buying into any of that junk, at all. Just not worth it.

You’re making the mistake of assuming that ALL IAP works the same and is a rip-off. It’s not.

And how do you know whether a developer is greedy or not? Maybe they should include all 500 levels in the original $1 game, say, and not just 200. But do we know what it cost him to develop that app and those levels? Do we know what his rent, food and health care cost? Are we asking him to give us more for free than we’d be willing to in his shoes?

I think it’s fair for a developer to set any kind of business model they want, as long as they’re honest about what it is. You can then skip those games that aren’t worth it to you.
 

MrClam

macrumors newbie
Jul 20, 2012
23
6
What i find interesting is that when pirates normally try to justify their actions - they usually use the high price of software as an excuse, and that if prices were cheaper.. They'd stop doing it.

If you're enjoying a developers hard work and not paying for it - then you are stealing that developers time. It'd be akin to going to a barbers - getting a haircut and not paying for it... You've not stolen anything physical from him, but you have stolen his time from him - he gave you a service, you didn't pay.

You can try to justify that however you like, but that barber gave you a service you didnt pay for, and as such you have just stolen from him. Same goes for software development - people spend their time to make something for you to enjoy - if you benefit from it and havent paid for it, that is theft. Pure and simple.

If you worked for your boss for a month, only for him to refuse to pay you at the end of that.. And just laughed it off as "piracy" - how would that make you feel? He's got the benefit of your work but refused to pay you for it.

I put a LOT of time and effort into my software - if i cant put food on the table because people are ripping my work off... then i'll stop doing it.. If everyone did that - then you'd have nothing left to pirate.

I guess that's just the way the self-entitled nature of todays kids are...
 
Last edited by a moderator:

Kar98

macrumors 65816
Feb 20, 2007
1,256
867
Morals aside, using this "hack" is akin to handing over the keys to your car and house and your credit card because somebody said he'd get your free stuff.
 

Kaibelf

Suspended
Apr 29, 2009
2,445
7,444
Silicon Valley, CA
I'm so-so on this. I can understand paying in-app for an application you initially downloaded for free, but if you've already paid for an app, why should you have to pay MORE to gain enhancements? I'm all for supporting the developers, believe me, I know that they work hard and it's a steady income for most, but I'm not going to find myself paying additional money for something in an app that I've already paid for to get more from the app.

I suppose you think remodeling your home should be free also?
 

neiltc13

macrumors 68040
May 27, 2006
3,126
19
Wait, what? iOS 6?

This is a serious security flaw in the OS. Apple is forcing users (and developers) to wait months for a fix and some devices won't even get that fix because they won't get iOS 6?

Seems quality software is not the priority in Cupertino any more. Remember how long it took for Apple to fix Safari on iOS and Mac OS after the DigiNotar hack?
 

ideal.dreams

macrumors 68020
Jul 19, 2010
2,374
1,073
How will I pay for making new levels for my game (no, I don’t really have one—right now) if you think all additions should be made free?

I see your point, but there are some developers who have incorporated in-app purchases to their app for upgrades that are ridiculous. For example, Temple Run and now Fruit Ninja offer 'coins' for sale -- you pay real money for fake game money to buy upgrades, etc within the game to improve your experience. Why should you have to pay MORE to get a better experience after you've already paid for the game itself?

However, I think it's a complete different story if a developer has had an established game for a while and decides that they want to charge $x.xx for an entire new addition to their game. I think a new level or something similar is worth a lot more than upgrades that simply improve your gameplay.

I suppose you think remodeling your home should be free also?

You're comparing apples to oranges.
 

pdjudd

macrumors 601
Jun 19, 2007
4,037
65
Plymouth, MN
Why should you have to pay MORE to get a better experience after you've already paid for the game itself?

You don’t have to. You can always delete the app, complain to the dev, and take your business elsewhere. Just like any other business that does something you do not like but is perfectly legal.
 

MrClam

macrumors newbie
Jul 20, 2012
23
6
Why should you have to pay MORE to get a better experience after you've already paid for the game itself?

I go to watch football on a regular basis.

The price for a ticket is quite high.

But yet, if i want a hotdog, or a beer - to make my experience better after i've already paid to watch the game itself... I have to *shock* pay for it.
 

dra

macrumors member
Jan 1, 2011
92
1
Sydney, Australia
I go to watch football on a regular basis.

The price for a ticket is quite high.

But yet, if i want a hotdog, or a beer - to make my experience better after i've already paid to watch the game itself... I have to *shock* pay for it.

good example some people are just too much into them self and not the real world
 

pdjudd

macrumors 601
Jun 19, 2007
4,037
65
Plymouth, MN
I go to watch football on a regular basis.

The price for a ticket is quite high.

But yet, if i want a hotdog, or a beer - to make my experience better after i've already paid to watch the game itself... I have to *shock* pay for it.

Same thing with concerts. The price of tickets are ridiculous (and mostly probably do not go to the artist anyhow). But if you want any concessions (food and drinks) or band merchandise (which the musicians probably make more of their money on) you have to pay for that too - and the costs for some items are way over retail.
 

ideal.dreams

macrumors 68020
Jul 19, 2010
2,374
1,073
You don’t have to. You can always delete the app, complain to the dev, and take your business elsewhere. Just like any other business that does something you do not like but is perfectly legal.

I'm not saying I'm partaking in the stealing of in-app purchases, nor do I condone it. I'm arguing that some developers are adding in-app purchases for things that should come with the app regardless, which is why this whole ordeal started in the first place.

I go to watch football on a regular basis.

The price for a ticket is quite high.

But yet, if i want a hotdog, or a beer - to make my experience better after i've already paid to watch the game itself... I have to *shock* pay for it.

Again, comparing apples to oranges. When you download an app you're expecting to get all of the features advertised when you initially pay for it. When you go to a football game, it is expected that you pay for the ticket and then buy food/beverages.
 

pdjudd

macrumors 601
Jun 19, 2007
4,037
65
Plymouth, MN
I'm not saying I'm partaking in the stealing of in-app purchases, nor do I condone it. I'm arguing that some developers are adding in-app purchases for things that should come with the app regardless, which is why this whole ordeal started in the first place.

The only person who gets to decide what goes in an app is the developer. They make an offer. You are free to refuse it. And I speak as a person who has purchased maybe 3-4 things as an in app purchase. I buy things if they provide value to me. If I don’t see a value in it, I stop using it. That’s how the free market works. Nobody is forcing you to purchase anything within an app.

ETA: I should also point out that you should know what you are getting into when you buy an app. It shouldn’t be hard to find and avoid the apps that try to engage in overuse of in-app purchase. Revues and the disclosure of the top selling in app purchases should give you a hint.
 

WardC

macrumors 68030
Oct 17, 2007
2,726
213
Fort Worth, TX
Well. I'm not exactly on topic here, but I'd like to share my dislike of "in app purchase" games.

I don't mind paying a hefty sum for a good game but I absolutely refuse to encourage IAP games. (Pay or wait, pay for better score, pay to refuel your game…)

Note: When I say I don't want to encourage IAP games, I don't mean that I'd pirate the content instead. I simply won't download them in the first place. (I vote with my wallet)

This is exactly, 100% the point I was making in my post above -- I will pay decent money for a "good" game for my iPad, I would say as much as $20.00 if it is a *great* game...but I am not going to download the game at all if I discover it's one laden with the IAP system -- not now, not ever. And like you said, it's really sad, because most of the nicer games are turning to In-App purchases so the selection of non-IAP "newer" games is getting very small.

Look at the PC/Mac games side -- some of these games are as much as $50, but provide full functionality without requiring In-App purchasing. One of the reasons I don't play World of Warcraft is because of this pay-in-to-play pricing system...I believe when you buy a game, it's like buying a Nintendo game...you get the code and you can play the whole damn thing, all the time, as much as you want, and every level, discovery, and ability is still there.

Call me old school. I grew up on an NES.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.