Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Hacker Releases Tools for Bypassing Apple's In App Purchase Mechanism [Updated]

Hey F**KTARDS: (people who develop hacks like this)

STOP MAKING US JAILBREAKERS LOOK BAD BY CREATING WAYS TO STEAL CONTENT.

Those of us who want to jailbreak to simply have full control of our hardware are made to look bad because of people like you.

Find more productive ways to use your time and talent, please.

Sincerely,
Jailbreaker who doesn't want Apple to try harder to stop us.
 
ArtOfWarfare said:
As a developer, I have to say I'm glad MacRumors has reported this. It's just a final nail in the coffin for IAP, I say.

1 - It generates almost no money (in my experience, anyways.)
2 - It's painfully difficult to implement and test and verify.
And now,
3 - It's hackable.

I had actually been considering making a game guide available as an IAP, but now that I see it's hackable, I'm reconsidering. Maybe I'll make it an iBook instead and advertise it in my game, the same as I'd planned on advertising the IAP?
Click to expand...

I'm pretty sure this hack will not work if the app employs Apple's server-side receipt verification. If in your case the game guide was downloaded from a server only after an in-app purchase - rather than being included in the app and then being 'activated' - and the server verified the in-app purchase with Apple, they would be able to carry out the hacked "purchase" but you could simply not allow the download of the guide.

One of my clients has a popular (UK top 50 grossing) app that derives all its income from IAP and we have, in the past, had issues with the jailbreak iap hack, however that hack is defeated by the verification method.
 
zorinlynx said:
Hey F**KTARDS: (people who develop hacks like this)

STOP MAKING US JAILBREAKERS LOOK BAD BY CREATING WAYS TO STEAL CONTENT.

Those of us who want to jailbreak to simply have full control of our hardware are made to look bad because of people like you.

Find more productive ways to use your time and talent, please.

Sincerely,
Jailbreaker who doesn't want Apple to try harder to stop us.
Click to expand...

Calm down, it doesn't require jailbreak! :D
 
T. Durden said:
This is no different from someone walking into a Best Buy and stealing an expansion pack for The Sims and justifying it because they already bought the original Sims software. You're stealing from Best Buy and the developer.
Click to expand...

Actually, in that example, the developer already got their money for that copy since it's on the shelf. Best Buy already paid for the game, so you'd only be stealing from them. :p
 
hakuna-matata said:
10$ or more to play a game on fricking 3-4" screen in this economy..people are out of their mind!! never.
Click to expand...

As opposed to $40+ to play a game on a Gameboy?

The App Store has made games so accessible; it's a complete joke to complain about the prices - especially when the majority of the games are $0-1.99 :rolleyes:
 
T. Durden said:
The App Store is a virtual storefront. Apple takes a 30% cut from all apps or in-store app purchases sold.

This is no different from someone walking into a Best Buy and stealing an expansion pack for The Sims and justifying it because they already bought the original Sims software. You're stealing from Best Buy and the developer.

Unfortunately, because you can easily steal from the comfort of your own home and there isn't anyone policing it, people think it's okay :rolleyes:
Click to expand...

well i was joking about the free apps .... I was more worried about why people think that using this new app and stuff to steal stuff would not hurt them? If i was this hacker, why would I not install something in my app that sent me all your info ... CC #s, passwords, things like that?
 
Mad-B-One said:
But really, how can foreign language look scary? Scared of the unknown?
Click to expand...

Nah, just outdated thinking, from back when Russia was "the enemy.". Wanna bet the poster is an older person who lived during the cold war?

However, it IS outdated thinking; the cold war is over, Russia is our friend now.
 
zorinlynx said:
Hey F**KTARDS: (people who develop hacks like this)

STOP MAKING US JAILBREAKERS LOOK BAD BY CREATING WAYS TO STEAL CONTENT.

Those of us who want to jailbreak to simply have full control of our hardware are made to look bad because of people like you.

Find more productive ways to use your time and talent, please.

Sincerely,
Jailbreaker who doesn't want Apple to try harder to stop us.
Click to expand...
Not sure how this is relevant, this exploit simply makes use of a proxy. No jailbreak required....
 
Kaibelf said:
Frankly, that's not your decision to make is it? It's the dev's, and if you don't like something's price, you don't just act like a jerk and take things.
Click to expand...

I didn't say I did "act like a jerk and take things". I was just voicing my opinion on the in-app purchase system. I don't take anything and neither do I was my money on ridiculously priced in app purchases.
 
ChazUK said:
Calm down, it doesn't require jailbreak! :D
Click to expand...

Okay, I must have read "does not" as "does".

Oops, my bad!

20110718131822!Derpy_id.png
 
al0513 said:
Actually you are stealing ~70 cents from the dev and ~30 cents from Apple on a 99 cent app.

As someone mentioned above, I wouldn't trust any "app" that steals from Apple. A few dollars isn't worth losing all of my information. I'm sure most of you have emails, banking apps, shoot - credit card info on your Apple account.

Not worth it at all. Plus stealing is baaaadd. :apple:
Click to expand...

And consider the risks: The obvious risk that you are trusting a hacker, which is by definition a bad idea. Like someone offering to put stolen goods into your home for really cheap if you give them the keys. Not clever.

Second the legal risk. I would be quite sure that by using this hack to make in app purchases you are entering a legal and enforceable contract with the seller. Just because you avoid payment doesn't mean you don't owe the money. So if you "buy" 1000 real dollars worth of game gold coins without paying, don't be surprised if you get a bill eventually.


natej2010 said:
the real question is what company is going to pick him up to help with their security.
Click to expand...

None. First, because cracking and securing are very different things. Second, because someone who has demonstrated they cannot be trusted cannot be trusted to work in security. Third, because companies have people looking for possible ways to break in; you just don't hear about them because when they find a hole, they don't exploit it, they close it, and they tell nobody.
 
Last edited:
AdrianK said:
Not sure how this is relevant, this exploit simply makes use of a proxy. No jailbreak required....
Click to expand...

I think, he means (can't say for sure) that the layman might associate this with jailbreaking. Not that the layman knows what jailbreak is other than a TV show...
 
Zerotolerance said:
Apple should hurry up and release an update permanently bricking any iDevice that has this installed.
Click to expand...

I have a better idea: Check their installed purchaises and charge them for what they didn't pay! They probably have a lot of games with rediculous in-app prices and looted that coin. I know there are certain apps where I don't understand who in the right mind would pay $99 for perks. But it is offered and you can be sure that these people used exactly that button on these apps. That would be hay day for Apple: $30 per caught user - not even talking about the devs seeing their bank accounts soar. Imangine a fictive phone call from the dev's bank: "Hello Mr. Miller. Yes, this is your bank. Your business account just has ten-fold the amount of the credit you have with us. We would like to talk to you about investment options."

...and then the cry of a parent who's teen got caught with the hand in the cookie jar: "Kaleb! How in the world did you spend $1200 on iTunes? We wanted to give you a new iMac for your birthday - I guess this will do it instead. You are grounded!" And then you see the first youtube clips parents shooting the iPhones of their kids in the backyard... :eek: :D
 
zorinlynx said:
Nah, just outdated thinking, from back when Russia was "the enemy.". Wanna bet the poster is an older person who lived during the cold war?

However, it IS outdated thinking; the cold war is over, Russia is our friend now.
Click to expand...

See your point - to a point: They still veto on Syria, they still are practically a police state: Putin cannot run more than 2 terms (in a row) - so he finds a dummy for 1 term and then comes back. Putin's background: KGB in East Germany. He speaks several languages fluently, is very active etc. Typical G-man. Granted: Russia is a friend with benefits for Europe: Oil, gas, other natural resources come from there and products go there. I believe Germany is the biggest importer in Russia.

Let's say, Russia is a Frenemy! :)
 
This is a problem with any "DLC" that is pre-installed.

You're paying for content that is already on your phone.

There will always be a way to hack it. This hack is actually pretty straightforward.

That's why I'm against in-app purchases. Although thanks to them we have some nice free-to-plays.
 
I wonder why so many people are thinking off this tool to get free apps? The title says IN App, as in purchases within the software.
For example the various pens and brushes in Paper are in app purchases.
 
Apple has never been 100% perfect on security. They have always left glaring doorways open that allowed potential for abuse.

None of the following works now by the way and it was patched up because of what the following person did.

This person discovered that using gift cards such as the prepaid $25-50 MC/Visa that you could buy at 7-11 and use most of the money and leave a few dollars on would work in creating new iTunes accounts. Remember, these cards only had about $2 left on them. He had about 10 of them and five iPhoned to use a different one daily so the same phone creating multiple accounts daily would not trigger Apples fraud detection. Each day he would use a different iPhone and a different prepaid card and create new accounts. Apples system would allow two per day before giving a warning to contact support.

Immediately after creating the account, he would buy two HD movies or in app purchases totaling a$37. Anymore than this would decline the charge. Because Apple uses s delayed billing and the charge was no more than $37, the purchase would get approved before Apples servers realized the bank declined the purchases with only $2 on the account. This also worked on in app purchases and he used to get thousands of "free" farmcash in Farmville doing this.

This person racked up over $4700 in charged and Apple never caught on until the person tried to do report an unauthorized charge on the wrong account. Apple did some checking and discovered all of these hundreds of accounts with negative balances and suspended his one real open account. Apple has never gone after the person to try and collect that $4700 and they never will.

Apple no longer accepts prepaid gift cards and in some cases, charges go through immediately now to verify the funds exist before allowing a download. Smaller charges are still delayed as they were before.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back