Hacker Releases Tools for Bypassing Apple's In App Purchase Mechanism [Updated]

[WestonHarvey1]

Many games have ridiculous in app purchases. Its ludicrous to charge tens of pounds/dollars for a few extra coins.

You don't have to play those games or buy those in app purchases.

 

[charlituna]

As a developer, I have to say I'm glad MacRumors has reported this. It's just a final nail in the coffin for IAP, I say.

1 - It generates almost no money (in my experience, anyways.)
2 - It's painfully difficult to implement and test and verify.

not the experience of the developers I know.

 

[Xultar]

It's dumb to ask MacRumors not to report the story.

It isn't as if this is the only site reporting the story.

If people are going to steal they were going to do it whether MacRumors reported the story or not. MacRumors is not here to protect people from their own sins or to stop people from sinning.

You are on your own conscience folks.

 

[mjtomlin]

To inform people that there's a vulnerability in the App Store, it was in fact exploited, and warn people about the possible dangers of trying to use the hack. Millions of people use iOS and the App Store daily. Seems to me like more than valid reasons to report on it.

"Warn" people that taking steps towards stealing might result in unfavorable consequences... Really?

 

[charlituna]

.

Those of us who want to jailbreak to simply have full control of our hardware are made to look bad because of people like you.

'Those of us' isn't everyone unfortunately

And Apple isn't going to stop hampering jailbreaking if only because they don't want the retail staff having to deal with the aftermath including folks pissed off cause Apple stores turn them away or any kind of service because they tampered with their devices.

 

[xStatiCa]

I bet most of the users accounts will be hacked within the year that actually use this service. I don't know what data is sent to the russian site but I would be willing to bet it is private data that should not be sent elsewhere(potentially login details).

 

[unlinked]

Nah, just outdated thinking, from back when Russia was "the enemy.". Wanna bet the poster is an older person who lived during the cold war?

However, it IS outdated thinking; the cold war is over, Russia is our friend now.

I thought Facebook devalued the meaning of the word friend and now I see people claiming Russia is their friend. Kids today!

 

[Mad-B-One]

You don't have to play those games or buy those in app purchases.

And most of us don't. Doesn't change the fact. If you have kids, you will soon realize that you might not be the one who wants to have Farmville cash - or what ever that is called. (I don't have Farmville.) Just for software updates, teenage kids might have the iTunes password of their parents - and of course, it is the same account because you don't want to pay for content several times.

 

[charlituna]

It's dumb to ask MacRumors not to report the story.

I suspect that the ire is less about reporting the story and the risks, and more linking to the site for this service. Which facilitates using it

----------

Just for software updates, teenage kids might have the iTunes password of their parents - and of course, it is the same account because you don't want to pay for content several times.

if your child, regardless of how responsible you think he is, has the password to your account you deserve him buying out your bank account.

 

[MH01]

Thank goodness! Paying a whole $0.99 for a quality app and supporting developers and not being a dirtbag crook was just killing me!

Quality $0.99 apps.... we must use different appstores, I use the Apple one. There is alot of @*#@*& in the $0.99 bracket.

 

[Hyperwezo]

He has put his Apple ID email address at the end of the video, doesn't that mean that Apple are able to find out who this person is.

 

[Rafagon]

Many games have ridiculous in app purchases. Its ludicrous to charge tens of pounds/dollars for a few extra coins.

Entirely agree with you.

And if any developer deserves their in-app purchases to be stolen, it's ZYNGA, they are the BIGGEST OFFENDER! Even after you fully buy their game ZOMBIE SWIPEOUT, you can only play a few minutes, then you have to BUY COINS JUST SIMPLY TO KEEP ON PLAYING! Go Russian Hacker!!

 

[pubwvj]

Theft

Theft of property and services. Anyone using this is a thief and should be handled as such. Creating and distributing this tool is a crime as well as it makes them an accessory. The creator is the one who's going to really end up in the deep doo-doo since most users will just get a mistermeaner due to the low value but the creator gets the aggregated total so it's a major felony.

 

[Hastings101]

iOS should add a "try" option to the App Store like Windows Phone so that developers can allow users to easily download a "lite" version of their app to try it out. People would be more willing to buy an app after they've tried it and found out they like it instead of the current just reading the description and hoping for the best.

After someone experiences a couple of disappointments I'd imagine piracy begins to seem like a much better alternative. Making it easier to try apps before buying them could potentially cut down on piracy and make users happier.

 

[Xultar]

I suspect that the ire is less about reporting the story and the risks, and more linking to the site for this service. Which facilitates using it

----------



if your child, regardless of how responsible you think he is, has the password to your account you deserve him buying out your bank account.

If people can't tell that there are risks to this then they are idiots. MacRumors can't protect people from being idiots.

Nothing is free.

You get common sense from home training. If your parent's, family, friends, juvenile watch monitor whomever didn't teach you not to be an idiot then no one can do it for you.

It is more than obvious this stuff opens your device up to being hacked and whatever else.

 

[Daalseth]

Runnian Hacker

Sorry to be paranoid but:
How many of these stories include the phrase "Russian Hacker"
Russia has a very active and well documented history of cyber warfare. Estonia and Georgia come to mind as victims when they were confronting Putin's Russia. Also the Putin government has their hands in every profitable enterprise in Russia.

Now consider that one of the largest AntiVirus/Anti-Malware companies in the world is Kaspersky, from Putin's Russia. Not only do they sell their own AntiVirus product but :

From Wikipedia:
The Kaspersky Anti-Virus engine also powers products or solutions by other security vendors, such as Check Point, Bluecoat, Juniper Networks, Sybari (acquired by Microsoft in 2005), Netintelligence, GFI Software, F-Secure, Clearswift, FrontBridge, G-Data, Netasq, Wedge Networks, and others.

Anyone else scared?

So no I won't use any software legitimate or not, from a Russian source, certainly not from "a Russian hacker".

 

[zorinlynx]

Entirely agree with you.

And if any developer deserves their in-app purchases to be stolen, it's ZYNGA, they are the BIGGEST OFFENDER! Even after you fully buy their game ZOMBIE SWIPEOUT, you can only play a few minutes, then you have to BUY COINS JUST SIMPLY TO KEEP ON PLAYING! Go Russian Hacker!!

That's when you hit the home button, hold down the game's icon, and delete it, and move on with your life.

Why would I want to keep playing a game from a developer whose business practices offend me? There's so many better developers and games out there.

 

[theteeth]

Disappointed that you ran this

 

[Mad-B-One]

if your child, regardless of how responsible you think he is, has the password to your account you deserve him buying out your bank account.

My child will turn 3 in a coulpe of days. He can distinguish certain letters and reads all numbers. He has my old iPad 1st Gen and an iPod touch. He can navigate these things pretty well. If you live under the illusion that kids won't find out what the password is (remember, there are almost always 2 parents and they just have to crack the weaker link), you have a different opinion of what these kids will be capable of when it comes to technology. I'd rather tell him the password when he is old enough and explain and monitor what he is doing rather than raising the virtual firewall and hope he doesn't outsmart me. I studied some computer science for a couple of years until I got bored and changed disciplines. I mostly know what I do (working in the IT field for years helped as well), but I don't fool myself into believing that my son will not have a better understanding one day, rather sooner than later. He has his train game Apps on the old iPad and iPod and knows how to find them, start them, switch them, turn off the screen, unlock, even in-game navigation, he caught on to it pretty quick and if he accidentally hits an in-game add, he knows how to get back. I work full-time. My jaw dropped when I saw that first time on a weekend. As I said - he is TWO years old. (Well, almost 3 but he does that since a while, unlocked the device with 1yo.)

 

[tomtom2234]

I WANT!

I'd feel safer just using the hand full of repos that do the same.

 

[dejo]

I suspect that the ire is less about reporting the story and the risks, and more linking to the site for this service.

Except the article doesn't link to the site.

 

[Rafagon]

Lazy Developers deserve getting shafted

The articles states that "Developers can prevent the hack from working with their apps by implementing validation of In App Purchase receipts, something many developers have not included in their apps."

So it is the fault of developers not doing things correctly in the first place. I do not feel sorry for them at all.

 

[mono1980]

What could possibly go wrong?

 

[Mad-B-One]

Except the article doesn't link to the site.

Thought about posting this and then I thought: "Let's see when someone will realize."

 

[Nungster]

Many games have ridiculous in app purchases. Its ludicrous to charge tens of pounds/dollars for a few extra coins.

No one is making you buy the items, or play the game.