A couple of days ago, we reported of a hacker by the name of Alexey Borodin, who had found a way to exploit the in-app purchasing system of iOS. Apple always responds properly whenever there’s a whiff of a security flaw, and as well as promising developers the issue will be completely resolved when iOS 6 arrives around October, the Cupertino outfit has delivered an interim fix.
In-app purchases are essential in helping developers increase revenue, and mean big fans of a game or app can continue supporting even after initially purchasing it. As such, many apps and games throughout the App Store are free or at very low prices, reliant heavily on users buying additional content in order to make a decent return.
Borodin’s system allowed (and still does allow) users to bypass the in-app purchase verification – meaning one can obtain the extra levels, coins, points or what have you, without paying a dime. The shady operation is built on a fairly simple process, which also sees a user’s private data (including location information) being sent to his servers, and Apple has been characteristically swift in shutting things down, so to speak.
In light of Apple issuing a fix, Borodin has admitted the gig is up, and concedes there’s no way to bypass the new security measure. The move will come as great news to developers, many of whom will have lost vital revenue, and Apple will bring in a system-wide update with iOS 6 – preventing such a security flaw from occurring again.
Since it’s still on developers to update their apps with the fix, one can still use Borodin’s “service” to essentially steal in-app purchases, and he has promised his freeloading following that he’ll keep the servers running for the foreseeable future.
Borodin also created a similar workaround for Mac App Store applications, but with the iOS issue done and dusted, expect Apple to be equally swift and forthright in amending the situation. Although iOS security doesn’t have as many problems as Android (perks of being a walled garden ecosystem), that can change fairly quickly, so Apple will need to maintain iOS’ clean bill of health in the run-up to iOS 6, expected to arrive in October.