Rub shoulders with leading experts and industry disruptors at TNW Conference →

The heart of tech

This article was published on July 23, 2012


Russian hacker defeated by Apple’s iOS 6 in-app purchase protections, increases focus on the Mac

Russian hacker defeated by Apple’s iOS 6 in-app purchase protections, increases focus on the Mac
Matt Brian
Story by

Matt Brian

Matt is the former News Editor for The Next Web. You can follow him on Twitter, subscribe to his updates on Facebook and catch up with him Matt is the former News Editor for The Next Web. You can follow him on Twitter, subscribe to his updates on Facebook and catch up with him on Google+.

Moving swiftly to shut down hosting servers, banning IP addresses and adding new protections to its iOS 6 firmware, Apple appears to have succeeded in putting an end to the in-app purchasing flaw by Russian hacker Alexey Borodin.

Posting to his In-Appstore blog, Borodin says that after examination of Apple’s new in-app purchase protections — which includes the sharing of private APIs — there is “no way to bypass updated APIs,” admitting that “the game is over.”

Despite giving Apple the run-around over the past two weeks, Borodin shifts focus on the iOS device maker, stating that as a result of his actions, there is “updated security in iOS [and] developers have their air-money.”

Last week, Apple shared a procedure that is not included in its current framework for developers, suggesting it is giving developers the chance to utilise parts of APIs that they would not normally have access to in order to implement a fix immediately, before rolling it out iOS 6.

This means that until iOS device owners begin to update iOS 6 or developers implement the new in-app purchasing checks and validate receipts, users may be able to use the In-Appstore service to download in-app content for free.

Borodin notes that his mobile service will remain operational until iOS 6 is release, but also says that he has more in store with his OS X-focused platform:

The another thing is for In-Appstore for OS X. We still waiting for apple’s reaction and we have some cards in the hand. It’s good that OS X is open.

As we noted, Borodin’s OS X technique is similar to the iOS in-app purchasing flaw and works by bypassing the simple receipt system that Apple has in place for developers. Last week, it had reached 8,460,017 free purchase transactions, according to stats provided by the hacker.

With Mountain Lion rumoured to be days away from release, Apple may have already included similar checks in its operating system to mitigate the issue. Borodin appears to be waiting to see if the company has included protections in its OS X software before making an announcement.