A bug in the App Store purchasing system has been the cause of much worry to Apple and its thousands of app developers. Using a simple hack anyone can make free in-app purchases on iPhone, iPad or iPod touch as well as a Mac computer. Developers must be shuddering at the thought of losing potential revenue through this medium. It has been discussed previously in detail that to fix this bug, Apple has to release a software update. The company says that its upcoming major iOS platform update will bring the permanent fix for this bug.
A Russian coder called Alexey Borodin developed this hack and released it first only for iOS devices. Now the free in-app purchase hacks works on Mac App Store as well. The hack utilizes a simple procedure to spoof purchase validation. Users are required to install custom certificates on the device and then by altering DNS information the device can be pointed to Borodin’s servers which act as the App Store. From there on out, a few fake validation receipts are needed to execute a free in-app purchase on either a Mac computer or iOS device.
A permanent fix for this bug will come with iOS 6 and Mac OS Mountain Lion. Though there remains a considerable amount of time before these softwares are ready for public release. Apple has published some guidelines for developers which they can apply in order to temporary shield their apps against this free in-app purchasing bug. The company has published a new document online which contains all of these guidelines for developers. Apple has responded to this threat, so to speak, and has allowed developers to use private APIs in their apps. Normally Apple is quite vocal against allowing developers to use private APIs, but this bug has forced Apple to take such measures until a permanent fix can be rolled out in a software update.
Nevertheless it has still not been determined how much loss developers have had to bear because of this bug. Some developers offer their apps for a relatively low price or even free and earn revenue through in-app purchases. With such a big flaw depriving developers of their revenue, it remains to be seen whether or not Apple will consider rolling out a monetary compensation for affected developers. On the other hand, Apple will certainly not be happy about the discovery of such a big flaw in its in-app purchase system.