In-App Purchase Vulnerability to Be Fixed in iOS 6; Apple Offers Best Practices to Developers

Discussion in ' News Discussion' started by MacRumors, Jul 20, 2012.

  1. macrumors bot



    As noticed by 9to5Mac, Apple has offered developers a series of best practices to prevent the In-App Purchase vulnerability, as well as promising a full fix in iOS 6. The advisement was sent to developers in an email today.


    CNET was issued this statement by Apple:
    Apple issued this note to developers on the iOS Developer webpage, along with a series of suggestions to help verify that in-app purchases are legitimate:
    News of the in-app purchase hack broke a week ago, and Apple has made several attempts to prevent users using the hack. It allows users to avoid paying for in-app purchases by using a third-party server as a "man-in-the-middle" attack. Apple now includes the UDID identifier in in-app purchase receipts in an attempt to increase the security of purchases.

    Article Link: In-App Purchase Vulnerability to Be Fixed in iOS 6; Apple Offers Best Practices to Developers
  2. macrumors regular

    yea just got this email :|
  3. macrumors regular

    So I guess this means no more free in-app purchases.... wonderful.:rolleyes:
  4. macrumors 68000


    I'm so-so on this. I can understand paying in-app for an application you initially downloaded for free, but if you've already paid for an app, why should you have to pay MORE to gain enhancements? I'm all for supporting the developers, believe me, I know that they work hard and it's a steady income for most, but I'm not going to find myself paying additional money for something in an app that I've already paid for to get more from the app.
  5. macrumors newbie

    Some of the in-app purchases are just ridiculous but still doesn't mean you should cheat a developer out of money. They need to make a living too.
  6. dave420, Jul 20, 2012
    Last edited by a moderator: Jul 20, 2012

    macrumors 65816

    So the original iPad is going to lose the ability to do in-app purchases? Maybe that's a good thing anyway.
  7. macrumors 6502

    I firmly agree. The Amazing Spider-Man (Gameloft, $6.99, LINK) has 10 in app purchases from $1.99 to $49.99. How can an in app purchase be worth more than the game itself? This from a game that has almost 4,000 reviews. Not everyone who buys the game writes a review. I can't do the math, but c'mon. I'm never going to buy a Gameloft game ever again.
  8. macrumors 68040


    Yeah, I think these kinds of in-app purchases are just unethical. I want to buy an app, but I don't know if it will let me do everything I want to in it. Some paid apps just don't let you do much unless you buy more stuff in the app.

    Also, those things where you pay in order to cheat the game and unlock stuff that you're supposed to get by playing are dumb. An example would be paying real money to buy points in Temple Run. That's when I just go and modify my save file.
  9. macrumors 65816

    First off I have no IAP in my apps but I wish/pray that Apple could find a way to back charge for all the IAP bought through this hack.

    If there is a credit card/gift card on file for the account charge it. If it goes over the balance rough deal with the bounce fees. Until the balance is even that users app store should be disabled.

    If this was possible I think Apple could really send a message.
  10. macrumors 68020


    An app developer might have worked on his app for months, and the proper price would be $9.99 to pay for his time, but he doesn't get any bites, as it seems too high priced. He lowers the 'point of entry' to $2.99 - now many people download his app. But this is not enough to keep him afloat. He would rather develop software and work from his home than work for 'the man' in a big company at an office. He needs more money. So he can either make another app, or keep developing this app by making add-ins. He decides add-ins are the route to go, people love his .99 cent add-ins, and it helps him make enough money to work on another app.

    ... until this hacker comes along and allows people who would have bought his add-ins to get them for free. He now doesn't have much money to develop. You've now got a lost developer in the iOS app world. Apple, of course, doesn't like it. The more app developers they have, the more money they get both from the apps and from the hardware that runs the apps.
  11. WardC, Jul 20, 2012
    Last edited: Jul 20, 2012

    macrumors 68030


    Apple needs to step in and make in-app purchases illegal altogether...all that stuff is just a ploy and gimmick to make developer's more money. If I am paying for an application, I don't want "half-ass" functionality which requires 10-100x what I paid for the app to get to use all the features. That is just ridiculous!

    The way I basically see it, is the in-app purchases (especially games) feed on a user's craving for "more" out of the game. When a user realizes they cannot advance in a game or achieve a goal in the game without the in-app purchase, they will tap a button and charge a fee to their Apple Store account. A few of these "taps" and the user feels comfortable using this feature....and before you know it, they have tacked on $200 in fees for a $2.99 or FREE game download originally. The whole thing feeds on an addictive-nature to get you "hooked" on using the in-app purchases with the game....and it's making developer's bookoos of money. Now that a hacker has circumvented this, devs are crying about it, but the truth of the matter is in-app purchases are an evil, luring, deceptive, scheming beast altogether to sucker the public into forking over their wallets!!!

    And that, my friends, is the reason I refuse to download and use apps and games with the in-app purchase feature. It's a gimmick made by *greedy greedy* developer types, and I am not buying into any of that junk, at all. Just not worth it.
  12. macrumors G5


    How will I pay for making new levels for my game (no, I don’t really have one—right now) if you think all additions should be made free?

    Never buy a game that isn’t worth the price you paid, “right out of the box"; reviews will help, and if you get ripped off I fee your pain.

    And if the game IS worth what you paid, then there’s no need to get any more value, for free, out of the programmer’s sweat and dreams.

    Therefore, buy the add-ons if they’re worth it, skip them if they’re not, but don’t steal them.

    Some companies charge absurd prices for their games. Some do that for their IAP. Skip those companies, rather than spreading hacks that hurt everyone.

    You’re making the mistake of assuming that ALL IAP works the same and is a rip-off. It’s not.

    And how do you know whether a developer is greedy or not? Maybe they should include all 500 levels in the original $1 game, say, and not just 200. But do we know what it cost him to develop that app and those levels? Do we know what his rent, food and health care cost? Are we asking him to give us more for free than we’d be willing to in his shoes?

    I think it’s fair for a developer to set any kind of business model they want, as long as they’re honest about what it is. You can then skip those games that aren’t worth it to you.
  13. MrClam, Jul 20, 2012
    Last edited by a moderator: Jul 20, 2012

    macrumors newbie

    What i find interesting is that when pirates normally try to justify their actions - they usually use the high price of software as an excuse, and that if prices were cheaper.. They'd stop doing it.

    If you're enjoying a developers hard work and not paying for it - then you are stealing that developers time. It'd be akin to going to a barbers - getting a haircut and not paying for it... You've not stolen anything physical from him, but you have stolen his time from him - he gave you a service, you didn't pay.

    You can try to justify that however you like, but that barber gave you a service you didnt pay for, and as such you have just stolen from him. Same goes for software development - people spend their time to make something for you to enjoy - if you benefit from it and havent paid for it, that is theft. Pure and simple.

    If you worked for your boss for a month, only for him to refuse to pay you at the end of that.. And just laughed it off as "piracy" - how would that make you feel? He's got the benefit of your work but refused to pay you for it.

    I put a LOT of time and effort into my software - if i cant put food on the table because people are ripping my work off... then i'll stop doing it.. If everyone did that - then you'd have nothing left to pirate.

    I guess that's just the way the self-entitled nature of todays kids are...
  14. macrumors 6502a

    Morals aside, using this "hack" is akin to handing over the keys to your car and house and your credit card because somebody said he'd get your free stuff.
  15. macrumors 6502a


    I suppose you think remodeling your home should be free also?
  16. macrumors 68040


    Wait, what? iOS 6?

    This is a serious security flaw in the OS. Apple is forcing users (and developers) to wait months for a fix and some devices won't even get that fix because they won't get iOS 6?

    Seems quality software is not the priority in Cupertino any more. Remember how long it took for Apple to fix Safari on iOS and Mac OS after the DigiNotar hack?
  17. macrumors 68000


    I see your point, but there are some developers who have incorporated in-app purchases to their app for upgrades that are ridiculous. For example, Temple Run and now Fruit Ninja offer 'coins' for sale -- you pay real money for fake game money to buy upgrades, etc within the game to improve your experience. Why should you have to pay MORE to get a better experience after you've already paid for the game itself?

    However, I think it's a complete different story if a developer has had an established game for a while and decides that they want to charge $x.xx for an entire new addition to their game. I think a new level or something similar is worth a lot more than upgrades that simply improve your gameplay.

    You're comparing apples to oranges.
  18. macrumors newbie

    I thought this iap free thing has been available in cydia for over a year.
  19. macrumors 601

    You don’t have to. You can always delete the app, complain to the dev, and take your business elsewhere. Just like any other business that does something you do not like but is perfectly legal.
  20. macrumors newbie

    I go to watch football on a regular basis.

    The price for a ticket is quite high.

    But yet, if i want a hotdog, or a beer - to make my experience better after i've already paid to watch the game itself... I have to *shock* pay for it.
  21. dra
    macrumors member

    good example some people are just too much into them self and not the real world
  22. macrumors 601

    Same thing with concerts. The price of tickets are ridiculous (and mostly probably do not go to the artist anyhow). But if you want any concessions (food and drinks) or band merchandise (which the musicians probably make more of their money on) you have to pay for that too - and the costs for some items are way over retail.
  23. macrumors 68000


    I'm not saying I'm partaking in the stealing of in-app purchases, nor do I condone it. I'm arguing that some developers are adding in-app purchases for things that should come with the app regardless, which is why this whole ordeal started in the first place.

    Again, comparing apples to oranges. When you download an app you're expecting to get all of the features advertised when you initially pay for it. When you go to a football game, it is expected that you pay for the ticket and then buy food/beverages.
  24. macrumors 601

    The only person who gets to decide what goes in an app is the developer. They make an offer. You are free to refuse it. And I speak as a person who has purchased maybe 3-4 things as an in app purchase. I buy things if they provide value to me. If I don’t see a value in it, I stop using it. That’s how the free market works. Nobody is forcing you to purchase anything within an app.

    ETA: I should also point out that you should know what you are getting into when you buy an app. It shouldn’t be hard to find and avoid the apps that try to engage in overuse of in-app purchase. Revues and the disclosure of the top selling in app purchases should give you a hint.
  25. macrumors 68030


    This is exactly, 100% the point I was making in my post above -- I will pay decent money for a "good" game for my iPad, I would say as much as $20.00 if it is a *great* game...but I am not going to download the game at all if I discover it's one laden with the IAP system -- not now, not ever. And like you said, it's really sad, because most of the nicer games are turning to In-App purchases so the selection of non-IAP "newer" games is getting very small.

    Look at the PC/Mac games side -- some of these games are as much as $50, but provide full functionality without requiring In-App purchasing. One of the reasons I don't play World of Warcraft is because of this pay-in-to-play pricing system...I believe when you buy a game, it's like buying a Nintendo get the code and you can play the whole damn thing, all the time, as much as you want, and every level, discovery, and ability is still there.

    Call me old school. I grew up on an NES.

Share This Page