Some of you might have noticed or used an exploit that allows users to purchase digital goods inside of iOS apps without having to pay for any of them. Well, the creator of that exploit recently said that Apple’s fix puts the hack out of business. This was something that caused great distress for Apple, but they are happy that it is over, all thanks to their fix.
“Currently we have no way to bypass updated APIs,” creator Alexei Borodin wrote in a post on his development blog. “It is a good news for everyone, we have updated security in iOS, developers have their air-money.”
According to Borodin, the exploit requires the use of a third party servers and it also requires some specially installed security certificates that will continue to be up and running until Apple releases its iOS 6 update. Apple said in a statement last week that the new software update, which is currently due in a few months, would help in patching up the exploit. However, in the mean time, the company has provided APIs that ensure the validation of each and every digital purchase made on the Apple store.
“By examining last Apple’s statement about in-app purchases in iOS 6, I can say, that currently (the) game is over,” Borodin added. During an interview with Borodin in the last week, Borodin said that the exploit allowed more than 8.4 million purchases of in-app content. With a minimum price of 99 cents on the apps purchased, this represents a total of $5.82 million which developers might have received and with another $2.49 million that Apple earned because of its 70/30 revenue split on all purchases from the Apple Store. However, the number might be much higher than that because 99 cent is the minimum amount a person has to pay on the purchase of something from the Apple store and there are plenty of things in the app store that cost a lot more than that.
Borodin also added that despite Apple’s temporary win on the iOS front, a modified version of the Hack that is targeted at the Apple’s Mac app Store is still up and running. So, we can assume that Apple has yet to face more challenges in this regard and they will have to come up with more patches and quickly, in order to make sure their app stores are safe. Borodin also said in the same post that, “we are still waiting for Apple’s reaction”, “We have some cards in the hand,” as far as we know, this battle is still on. Although, Apple might be the winner of this battle, but at what cost will this victory come? Will Apple be able to tackle this new threat before it causes some serious damage, not only financial, but to its reliability or will there be some serious damage, which will mostly benefit developers?
These are all the questions that are yet to be answered, but we have not seen the last of Borodin – at least, not yet. So stay tuned and keeps your fingers crossed for this.