Your favorite Apple, iPhone, iPad, iOS, Jailbreak, and Cydia site.
07-13-2012, 09:12 AM #1
Russian Hacker Figures Out Way to Obtain In-App Purchases for Free
A Russian hacker has successfully figured out a method to obtain in-app purchases from iOS apps for free.
The “in-app proxy” method is simple, doesn’t require a jailbreak, and allows users to install in-app content for free. The hack works on all iOS devices 3.0-6.0. We do not condone the stealing of content in any form, and this story, like the 9to5Mac piece, is being written to alert the developer community. The hack is already gaining massive amounts of traction, and hopefully a fix is released soon.
The three-step process involves installing a CA certificate, installing an in-appstore.com certificate, and changing the DNS record.hacker. Once the user completes the process they are met with the message pictured above instead of Apple’s purchase confirmation.
A great deal of information is also processed through the developers servers as part of the process including:
- Restriction level of app
- ID of app
- ID of version
- GUID of your idevice
- Quantity of in-app purchase
- Offer name of in-app purchase
- Language you are using
- Identifier of application
- Version of application
- Your locale
We do not recommend anyone use this process, and we will not provide information on the specifics of the hack. Developers, Apple, fix this. Now.
07-13-2012, 09:17 AM #2
Wow Apple, wow...... -_-
Apple fails at securing stuff like this.I will no longer be very active here anymore due to a variety of reasons.
07-13-2012, 09:36 AM #3
this is old news... and i know for a fact he is not the first. i know this site doesn't promote pirated software, but there is a known repo that has had this download for months..
07-13-2012, 09:41 AM #4
If you don't condone it then don't write about it...
It's akin to writing a barebones article how to make a IDE and then saying "but don't do it!"
I wouldn't have known about this if not for this post.
07-13-2012, 10:28 AM #5
I think I saw something like this the other day.
It didn't look very complicated either
07-13-2012, 10:34 AM #6
Are people really stupid enough to install stuff from Russian hackers on their phones?He who asks a question looks foolish for 5 minutes. He who doesn't ask a question remains foolish forever.
07-13-2012, 10:54 AM #7
Appstore hackable? No way!!! <<<<< that what the apple fanboi brigade will gonna say!!
07-13-2012, 11:03 AM #8
This is a hack site..you promote everything else yet pick and choose what hacks we SHOULD and SHOULD not implement. Heres some matches kid..oh by the way don't set a fire while I leave you alone to play with the matches. SILLY!!
07-13-2012, 11:04 AM #9
This is like saying "don't look down"...
07-13-2012, 11:07 AM #10
07-13-2012, 11:08 AM #11
07-13-2012, 11:11 AM #12
This should not be posted. No information here will lead to people chaning the way they deal with in app purchases because it is an apple/itunes problem.
Way to spread the piracy.
07-13-2012, 11:18 AM #13
MMI, BigBoss, etc. definitely restrict what kind of tweaks they'll release. I assume it's based off of Sauriks rules. In essence, they will only provide what can safely be installed on your devices instead of letting us choose what we want to do.
For some, that's good!!! For others, well...it's like they created their own Apple App Store w/ a filtering process...
Just thought you all should know!
07-13-2012, 11:22 AM #14
Those of you who have no self control are probably going to try this... And fail. Makes no difference whether it's posted or not... This is the Internet people! Google anything and you will find it.
07-13-2012, 11:25 AM #15
07-13-2012, 11:27 AM #16
Why tell people about it and give the basic terms of what is used if you don't condone it ?
Seems silly mmi
07-13-2012, 11:28 AM #17
07-13-2012, 11:29 AM #18
07-13-2012, 11:40 AM #19
07-13-2012, 11:45 AM #20
Likewise, jailbreaking a phone is nothing more than personalizing a device you own. Now if you use the jailbreak or any other hack to illegally download or install items that should be paid for then you are in the wrong.
Next time you get a speeding ticket you should sue the manufacturer of your car because they gave you the ability to drive so fast.
The Following User Says Thank You to AUZambo For This Useful Post: