A couple of weeks ago we reported that it was possible to make free in-app purchases on iOS devices courtesy of a hack developed by a talented Russian coder named Alexey V. Borodin. This hack exposes serious loopholes in the in-app purchase system of the App Store. In theory, if the hack worked on iOS App Store, there remained a huge possibility that it would work on the Mac App Store as well. Sure enough, it has now been confirmed that free Mac in-app purchases are possible using the exact same hack developed by Alexey.
The legal status of this hack is yet to be determined. It should be kept in mind that the hack does not require software modifications of any kind. On iOS, no jailbreak or modification is required to use this free in-app purchase hack. Apple has already said in a statement that it intends to fix this hack soon. However this can only be done through a software update. Until Apple does that, here is your chance to make free Mac in-app purchases.
Apple has always been proud of how malware and intrusion free their systems have been. Android is often criticized for being far too open and that apps can go on in the Play Store which may contain malware or harmful code. The App Store has a strict scrutiny process. While the hack does not reveal a flaw in the app submission part of things, the fact that such a simple loophole could cause potential damages to developers who rely on in-app purchases for most of their revenue, is harmful for the overall ecosystem as well as the App Store reputation.
The method for utilizing this free in-app purchase hack is a bit different on Mac OS as compared to iOS. Users are first required to install two local certificates followed by changing DNS settings to point to Borodin’s servers. These servers then spoof the computer by pretending to be Mac App Store and verifying the in-app purchase. Furthermore users have to run a small app called Grim Receiper when making free in-app purchases on Mac.
According to Borodin, over 8,460,017 free in-app purchases have been made through his hack. Developers are helpless until Apple releases a new software update for both Mac and iOS. It should be kept in mind that Apple ID username and password will be visible to Alexey if you use his hack, but he assures us that he does not have access to credit card details of these IDs.