In-App Purchases Hack Fix in iOS 6
The Apple company promises to perform in-app purchases hack fix in iOS 6, not earlier. App Store engineers recently discovered security hole in purchases made within applications and games created by the Russian hacker. They’ve published a short list of questions and answers for developers on their official website. If you are one and your application has the opportunity to commit in-app purchase, we strongly recommend that you familiarize yourself with this list.
Here are the few lines that explain the problems. In iOS 5.1 and earlier versions was discovered the vulnerability that caused by spoofing DNS-server an attacker to illegally validate purchases made within the application directly from iOS-devices. Spoofing DNS-server allowed to redirect requests to a malicious server. The use of the certificate authorization, controlled by an attacker and installed on the user’s device, making it possible to use an SSL-certificate, which in turn defines an illegal server as an official App Store server. This bug will be fixed in iOS 6.
Those developers who do not want to wait for the release of new versions of mobile operating system this fall, probably will start thinking about how to protect their applications against such fraudulent activity and perform an in-app purchases hack fix as soon as possible. That’s why Apple has published a list of questions and answers regarding this issue specially for the users and the developers concerned by the problem. You can access it at this link on the Apple’s official site. There are some of the basic questions that can appear in the dev’s head and the answers for them as well as instructions on how to check if your app or device is harmed by the “malicious” server that intercepts the unsecured data running between iOS devices and Apple’s servers.
Please check out Apple’s developers library by clicking above to ensure that your phone isn’t involved in any schemes. Vice versa, if you are a risky guy and would like to get the free in-app purchases – follow this tutorials for iOS devices or Mac. Remember that the hacking server gets such info as:
- user ID
- name and version of the program
- the level of application access rights
- device ID
- the number and the name of the purchased content
- the user language