Apple Fighting Back Against In App Purchase Hack, But Service Still Operational

[sweetbrat]

You mean like how people have been stealing from the app store for the past 4 years?

It's like posting "The combination to the vault at your local bank is 32-16-50, but we recommend that you don't use this information. You could get caught"

Sure it's possible to rob a bank without the combination and its possible that you could get caught, but it's only encouraging a large audience of people to go rob that bank now.

They're not saying "don't do this or you might get caught." They're saying that if you do this, you're sending your private information to someone who is already stealing from others. So if you do it, there's a good chance that you'll get stolen from, too. To me, that seems like a decent way to discourage people from doing it.

The whole issue of whether or not something should be reported on isn't unique to this story. There's always things to take into consideration. It's deciding if the good outweighs the bad, or if the bad overcomes the public's right to know. That's a decision that all news outlets have to make, and at least with MacRumors it sounds like they didn't take the decision lightly.

 

[Schizoid]

...Apple could unleash the ultimate deterrent... give him a job!

 

[sweetbrat]

This kind of reasoning totally escapes, at least for me, any form of logic one subscribes to. "Let's show people, specifically and in detail, how to X, it will certainly discourage people from doing X. ?????????????

No...posting what the consequences are likely to be is the deterrent. You're sending your personal information to a hacker. That should be a deterrent to any logical person out there. If it's not, they're going to find a way to steal it, whether through this method or something else.

 

[charlituna]

Ripping off the devs....putz!

That's not even what its really about. He's using folks distaste for 'greedy developers' to get access to Apple IDs that might have usable credit cards on them. Use them to get hardware he can sell on ebay etc. Even those that have iTunes credits on them can be of use to him cause he can get free movies and such, rip the DRM off them and post them online (on a site with ads of course) and so on

That he can stick to the developers is just icing on the cake

 

[charlituna]

am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

I agree somewhat. I think that its good that sites are mentioning it, particularly also pointing out the security risk. It's that they are telling in detail how it is done that I disagree with. Same with giving links to his guy's youtube, website etc.

----------

You realise this isn't 'someone's fun' - it's theft, that affects developers income.

the classic argument for the other side would be that they weren't going to pay for it anyway so the developer isn't getting the money he wasn't going to get in the first place so how was anything stolen.

They use the same thing to 'justify' torrents and such.

----------

I think the best way for Apple to stop this would be to start emailing all the thieves receipts and charging their credit cards, or just cancelling their iTunes accounts.

You missed an important detail. This isn't going through Apple's servers so how do they know who to screw over. They don't.

 

[Tmelon]

I went to the guys website about this hack to check it out and he had requested that Apple give him an iPhone 5 and then he would shut down his service and personally show them how he did it so they could improve their security. With all the money Apple has in the bank I don't see why they aren't bribing him off instead of trying to get law enforcement involved and letting this hack go on for a third day.

 

[Kaibelf]

Leave it to Apple to take away someone's fun....

I do hope you're being sarcastic.

 

[ArtOfWarfare]

am I the only one who feels like news/rumors sites shouldn't be posting about this... This is only drawing attention to it and tempting more people to steal from these hard working developers.

I'm a developer and I appreciate it that MacRumors is keeping me updated on the status of this hack.

 

[coalchamber1022]

Hasnt this been happening for a looong time?

Haven't cracked apps been around for a long time since jailbreaking was first found? I'm not sure why nothing was done to enforce that but once in-app purchases were cracked now everybody is up in arms about it.

Plus I feel some of these in-app purchases are way too expensive, If I pay for the app the most expensive in-app purchase should be 10 bucks. 99$ dollars for some in app money is ridiculous for that much one should get infinite money.

 

[JohnDoe98]

I went to the guys website about this hack to check it out and he had requested that Apple give him an iPhone 5 and then he would shut down his service and personally show them how he did it so they could improve their security. With all the money Apple has in the bank I don't see why they aren't bribing him off instead of trying to get law enforcement involved and letting this hack go on for a third day.

Because Apple doesn't negotiate with software terrorists!

 

[ChazUK]

I hope the thieving sh**s have their bank accounts wiped out via their iTunes credentials that are exposed.

 

[sweetbrat]

Plus I feel some of these in-app purchases are way too expensive, If I pay for the app the most expensive in-app purchase should be 10 bucks. 99$ dollars for some in app money is ridiculous for that much one should get infinite money.

This is irrelevant. Just because you think something is too expensive, it doesn't give you the right to steal it. If you went to a store and the video game you wanted was too expensive, would you steal it? It's the same thing, only since apps are digital files people seem to think they can do whatever they want to get them. People try to justify it by saying that the developers are charging too much. That argument doesn't hold up.

 

[geoffm33]

Haven't cracked apps been around for a long time since jailbreaking was first found? I'm not sure why nothing was done to enforce that but once in-app purchases were cracked now everybody is up in arms about it.

Plus I feel some of these in-app purchases are way too expensive, If I pay for the app the most expensive in-app purchase should be 10 bucks. 99$ dollars for some in app money is ridiculous for that much one should get infinite money.

Cracked apps are available in jailbroken phones. This hack is for stock phones.

As has been mentioned in other threads, if you feel the in app purchases are too expensive, don't buy the app in the first place. The developer sets the price, you make the decision to buy it.

In the app store, for apps that have IAP there is a link to "Top In-App Purchases". Click it and you'll see whats available. And/or read a review.

 

[JHankwitz]

the classic argument for the other side would be that they weren't going to pay for it anyway so the developer isn't getting the money he wasn't going to get in the first place so how was anything stolen.

Let me get this straight... If I'm not planning to pay for your car you parked out on the street, and you weren't going to get any money from me in the first place, it's OK for me to steel it? Please tell me where you live.

 

[geoffm33]

Because Apple doesn't negotiate with software terrorists!

From what I understand of the hack, I don't think Apple needs to speak with him. I imagine they have a good idea what he's done.

 

[Reeebo]

Free Alexey!

 

[AR999]

From the article:
Of course Apple would not contact _him_. They would be contacting the police where he lives.

The police?

What makes you think this is a criminal matter. Wherever he lives it will likely be considered as a civil matter.

BTW, its not "theft" in any kind of legal sense.

 

[WeegieMac]

Surely Apple will also be able to trace those who used this service to obtain IAP content illegally?

You could find your Apple I.D suddenly become inactive, folks.

Enjoy!

 

[Tmelon]

I hope the thieving sh**s have their bank accounts wiped out via their iTunes credentials that are exposed.

Unfortunately, Apple can't just go to your bank accounts and take all your money. It would be a mess of Civil lawsuits that I doubt Apple is going to pursue.

 

[justperry]

I went to the guys website about this hack to check it out and he had requested that Apple give him an iPhone 5 and then he would shut down his service and personally show them how he did it so they could improve their security. With all the money Apple has in the bank I don't see why they aren't bribing him off instead of trying to get law enforcement involved and letting this hack go on for a third day.

Yeah, and one thing leads to another, you want to end up in a country where I currently reside, Indonesia where corruption, collusion, bribing and the lot is a daily problem.

 

[Marcus-k]

Let me get this straight... If I'm not planning to pay for your car you parked out on the street, and you weren't going to get any money from me in the first place, it's OK for me to steel it? Please tell me where you live.

Not if you stole it, but if you copied it so we both got a perfect copy of the car i would gladly give that to you for free.

 

[ChazUK]

Unfortunately, Apple can't just go to your bank accounts and take all your money. It would be a mess of Civil lawsuits that I doubt Apple is going to pursue.

I'm not even suggesting it'll be Apple doing this.

When used the hack sends your iTunes login and password in plain text to the hosts meaning you're potentially letting yourself into a bag of hurt if they are harvesting these logins for malicious purposes.

If people are stupid enough to put something that may be directly linked to their bank accounts at risk over a "free" in app purchase, they deserve some kind of recourse.

 

[Shearwater]

Because Apple doesn't negotiate with software terrorists!

...well..unless they are speaking to Microsoft or Adobe..lol

 

[C.G.B. Spender]

It’s just plain wrong and must end, but on the other hand when you think there are some games where these so called developers are just extorting money from people that play those games plain and simple.

There is one good example in that video where this russian chap shows how it’s working. 19.99 for some crazy ass points in app purchase? Seriuosly?

 

[ghostface147]

Yeah, and one thing leads to another, you want to end up in a country where I currently reside, Indonesia where corruption, collusion, bribing and the lot is a daily problem.

Isn't that every country? Some are just more open about it than others.