Apple has responded to the discovery of a way of circumventing the in-app purchase validation process for iOS by unveiling a fix designed to curb the practice.
The firm has added a series of 'best practices' to its devloper library and released two of its private APIs, which when implemented ensure apps are not vulnerable to the attack.
Playing payments
The exploit, revealed by Russian hacker Alexey V. Borodin, allows users to download in-game content without charge by bypassing the App Store's server.
Receipt validation requests are instead redirected to a proxy server maintained by Borodin.
As a result, The Guardian reports that more than 8.4 million fake in-app purchases have been made to date.
Game over
Apple claims that developers that implement said APIs should know longer be vulnerable to the technique, though the security breach will not be permanently plugged until the launch of iOS 6.
"By examining Apple's statement about in-app purchases in iOS 6, I can say, that currently game is over," said Borodin of Apple's response.
"Currently we have no way to bypass updated APIs. It's a good news for everyone - we have updated security in iOS, developers have their air-money. But, service will still remain operational until iOS 6 comes out."
[source: Apple]
Top Stories
Feature
May 17th, 2024
New release roundup: The best new mobile games from a battle royale to a console classic remake
Feature
May 16th, 2024
Behind the scenes: How adding sandwich offers to an idle merge game boosted three metrics at once
Events
Digital Dragons | Europe | May 19th |
GamesBeat Summit 2024 | North America | May 20th |
Mobidictum Meetup Tallinn May 2024 | Europe | May 21st |
Nordic Game Spring 2024 | Nordic | May 21st |
Impact 2024 - Indie Games | May 23rd | |
Morocco Gaming Expo | Africa | May 24th |
MomoCon 2024 | North America | May 24th |
Unreal Fest Gold Coast 2024 | Australasia | May 29th |
Popular Stories
Feature
May 14th, 2024
53 top mobile games in soft launch: Squad Busters, Battle Guys: Royale, Plants vs. Zombies 3, LEGO Hill Climb Adventures, and more
Feature
May 13th, 2024
Hot Five: Dubai's new Gaming Visa, April's mobile game charts, and Xbox studio closures
Interview
May 13th, 2024