Many iOS applications come with in-app purchase system which forces users to pay to enjoy further content in the games and apps. However, if a Russian programmer has now found a loophole in the iOS in app purchase system using which you can download additional content for free!
The programmer, known as ZonD8o, has managed to exploit the in-app purchase mechanism and circumvented to pull all the in-app purchases for free. The 9To5Mac noticed the video posted by ZonD8o that showed installing a CA Cerificate file in the iOS device, make changes in WiFi settings and then download the in-app purchasable content for free. Apple is reportedly looking in to the issue.
Apple App Store has several free as well as paid apps out of which very few are costly. For the affordable or free apps, the developer pushes new content through in-app purchase mechanism where in the user can purchase the content directly without going back to the App Store.
The Russian programmer, Alexey V Borodin, who goes by the name ZonD8o is running proxy servers by accepting donations for the users who wish to grab the in-app purchases for free. Apparently even a website in-appstore.com is live and running for the users to get the free content after making the donation.
The man behind the scene Borodin informed TheNextWeb about the exploit and also alarmed the developers that the default tools are not secured enough. The developers can put additional level of security acting as second check before the in-app content is actually released to the user.
Till now, over 30,000 requests of installing the certificate to circumvent the in-app purchases have been made and the count continues to rise. Apple spokesperson informed The Loop: “We take reports of fraudulent activity very seriously and we are investigating.”
Apple takes the 30 per cent of the revenue generation from developers of the applications or revenues generated in-app purchase. After this report, Apple might release an update or patch to the iOS 6 update which is expected anytime in coming few weeks.