iOS App Development Profits Affected by Russian Hacker

3 min read
It’s the bane of iOS app development; a hack that prevents revenues from reaching the developer once a customer approves an in-app sale. That’s exactly what many iOS app development companies are battling this month, and Apple is lending a hand to help them combat the effects.

The in-app purchasing hack, believed to be created by Alexey Borodin, a Russian hacker, became widely publicized last week. The hack redirects users to a mock website, made to look like Apple’s iTunes purchasing gateway. The hack then forwards a mock receipt to the user, where they gain access to the in-app purchase for free. The users must install bogus security certificates on the iOS device, then access the mock store via a specific server in order for the hack to work. The hack is only effective for free apps that make money from premium (paid) in-app purchases. Many popular games for iOS devices follow this free to play with paid in-app purchases template.
Borodin, an iOS app developer himself, stressed that the hack is not made possible through any incompetence on the part of iOS developers, but rather through a loophole in Apple’s purchasing process that makes it easy to copy a purchase ID.
While this hack may seem like an easy way for consumers to get back at iOS development companies for overcharging for less-than-stellar quality apps, Borodin also mentions users may be putting themselves at risk in the process. Through the hack, Borodin is able to collect Apple ID usernames and passwords. However, he does state he allegedly cannot collect credit card information through the hack. Would you trust someone with your Apple billing info just to get a boost in your favorite game for free?
Apple’s Solution for iOS Development Companies Affected
Apple has expressed its apparent distress over the hack, and plans to address the problem in the next iOS update. However, until the iOS 6 update is released, Apple has given iOS development companies permission to access private Apple iOS APIs to verify certificates and void the hack. Apple’s acknowledgement of the problem means that iOS developers will have to integrate safeguards into future app updates to accommodate the iOS 6 update in order to prevent future attacks.
Future Hacks on iOS Development Company’s Profits
While Borodin’s hack has made the news, he has announced on his blog that he’s calling a cease fire on the iOS app store for the time being. However, it is rumored that he has hinted at a future attack on the Mac App Store sometime soon. And of course, the publicized attack is sure to garner the attention of other hackers and could mean a widespread attack on iOS development company profits through similar loopholes in Apple’s procedure.
iOS development continues to be a growing field, and developing apps for iOS devices remains a lucrative endeavor. This snare in the purchasing process for some iOS apps appears to be more of an attempt to force Apple into changing its defective in-app purchasing process. Currently, the Borodin hack is inoperable and he has not stated if he plans to reinstitute the hack in the future.

Related Post