Russian In-App Purchase Hack Pronounced Dead with the New iOS 6 Beta API Update… “For Now”
As of seven days ago, Alexey Borodin was sounding pretty confident that he could elude Apple’s security measures and continue to provide an in-app purchase hack that allowed iOS users to download digital goods for free. The whole thing was completely shady and low brow, despite Borodin’s matter-of-fact addresses about the measures he was taking to facilitate the mass stealing that was taking place… For those of who retain even a bit of respect for the way the App Store works and developers generate revenue, we’re glad to hear that Borodin has waved the white flag on his blog and admitted defeat—“for now.”
Following updates to the APIs in the most recent iOS 6 beta, Borodin has been unable to come up with a bypass that would allow for continued thievery. After saying that “currently game is over” on his blog, he goes on to state the following (it only makes sense if you apply some sarcasm which, if intended, was not very well portrayed):
“It’s good news for everyone, we have updated security in iOS, developers have their air-money.”
It appears that Apple thwarted Borodin by adding unique identifiers to the receipts that are issued upon making an in-app purchase. This method—along with their blocking of his IP addresses—spoiled Borodin’s tactics of routing purchases through his own DNS server that faked Apple’s receipts.
The fact that he says the game is over FOR NOW would indicate that Borodin doesn’t think it ends here—which begs the question, he’s going to get away with what he’s done so far? It would seem this kind of theft is somehow punishable, but we’ve heard nothing to that end. Expect to hear more about Borodin as soon as the Russina hacker makes another bold move.