Moving swiftly to shut down hosting servers, banning IP addresses and adding new protections to its iOS 6 firmware, Apple appears to have succeeded in putting an end to the in-app purchasing flaw by Russian hacker Alexey Borodin.
Posting to his In-Appstore blog, Borodin says that after examination of Apple’s new in-app purchase protections — which includes the sharing of private APIs — there is “no way to bypass updated APIs,” admitting that “the game is over.”
F**k it, we'll do it live!
Our biggest ever edition of TNW Conference is fast approaching! Join 10,000 tech leaders this May in Amsterdam.
Despite giving Apple the run-around over the past two weeks, Borodin shifts focus on the iOS device maker, stating that as a result of his actions, there is “updated security in iOS [and] developers have their air-money.”
Last week, Apple shared a procedure that is not included in its current framework for developers, suggesting it is giving developers the chance to utilise parts of APIs that they would not normally have access to in order to implement a fix immediately, before rolling it out iOS 6.
This means that until iOS device owners begin to update iOS 6 or developers implement the new in-app purchasing checks and validate receipts, users may be able to use the In-Appstore service to download in-app content for free.
Borodin notes that his mobile service will remain operational until iOS 6 is release, but also says that he has more in store with his OS X-focused platform:
The another thing is for In-Appstore for OS X. We still waiting for apple’s reaction and we have some cards in the hand. It’s good that OS X is open.
As we noted, Borodin’s OS X technique is similar to the iOS in-app purchasing flaw and works by bypassing the simple receipt system that Apple has in place for developers. Last week, it had reached 8,460,017 free purchase transactions, according to stats provided by the hacker.
With Mountain Lion rumoured to be days away from release, Apple may have already included similar checks in its operating system to mitigate the issue. Borodin appears to be waiting to see if the company has included protections in its OS X software before making an announcement.