A Russian hacker has invented a comparatively simple way to bypass in-app purchase mechanism on a number of iOS applications, allowing users to get the content they are supposed to pay for free of charge, 9to5Mac reports. To take advantage of the method, users have to install a couple of certificates on their device and use a custom DNS entry. After making in-app purchases, they are automatically redirected via the hacked system. No jailbreaking is needed.
Aside from the obvious legal infraction involving content theft from app makers, the method puts those using the hack at risk as well. During the purchasing process, some of their own personal information is transmitted to the servers controlled by the hackers along with the stolen in-app content.
The hack inventor has already been prohibited from using his original host. Although he had allegedly moved to a new one, the website he has been operating is currently down. However, it remains uncertain whether it simply can’t deal with overwhelming traffic or if the host has been shut down to take some measures against the hacker’s illegal activities.
It is also unknown what the tool creator is doing right now and if he continues to distribute his utility just as fast as he has been before leaving the site. The number of apps cheated by the hack hasn’t been reported.
To prevent the hack from plaguing their products, developers are recommended to implement validation of in-app purchase receipts, something a number of app makers have neglected to include in their software.
