Gamasutra: The Art & Business of Making Gamesspacer
View All     RSS
October 1, 2014
arrowPress Releases
October 1, 2014
PR Newswire
View All





If you enjoy reading this site, you might also want to check out these UBM Tech sites:


iOS hacker circumvents in-app purchases, Apple working to shut him down
iOS hacker circumvents in-app purchases, Apple working to shut him down
July 16, 2012 | By Tom Curtis

July 16, 2012 | By Tom Curtis
Comments
    16 comments
More: Smartphone/Tablet, Business/Marketing



Apple has found itself in a bit of a bind these past few days, as a Russian hacker has found a way to work around the iOS in-app purchase system, allowing users to download premium content for free.

On Friday, hacker Alexey V. Borodin launched a service that enables consumers to avoid in-app purchases with any device running iOS 3.0 or higher. The hack is an obvious violation of Apple's policies, and could negatively affect developer revenues on the iOS app store. So far, the service has attracted more than 30,000 illicit payment requests, reports The Next Web.

Of course, Apple has now set its sights on Borodin, and has blocked the IP of the server he used to authenticate purchases. The company has also issued a request to take down the original server in hopes of preventing further violations.

For a time, Borodin was also accepting donations via his site, though PayPal recently put a block on his account for breaching its terms of service.

Meanwhile, the hacker has been working to stay one step ahead of Apple, and has since moved his service to a brand new offshore server, allowing him to continue operations. He told The Next Web that he's improved the service to the point where it no longer needs to interact with Apple's servers at all, making it even harder to shut him down.

Borodin seems unwilling to relent with his hack, and has said that if Apple wants to stop it, it'll need to update the API used for in-app purchases, or find some other means of blocking his service. As of this writing, the hack still works, leaving in-app revenues at risk for the time being.


Related Jobs

Telltale Games
Telltale Games — San Rafael, California, United States
[10.01.14]

Tools Engineer (Qt)
Telltale Games
Telltale Games — San Rafael, California, United States
[10.01.14]

User Interface Artist
Telltale Games
Telltale Games — San Rafael, California, United States
[10.01.14]

Narrative Technology Engineer
Shiver Entertainment
Shiver Entertainment — Miami, Florida, United States
[10.01.14]

Senior UI/UX Designer










Comments


Cordero W
profile image
I cannot stop imagining the troll face pasted in place of his real face while I was reading this article.

Lucas Daltro
profile image
Ok we need o contract an ex-kgb to kill this guy!

Toby Grierson
profile image
Thanks, Wreschnig. It's clear that Daltro was being completely serious in suggesting we hire a former Russian spy to assassinate an internet vandal. Nobody would ever joke about such a thing.

Kenneth Blaney
profile image
So is this supposed to be push back against the free-to-play model's alleged "piracy proof" nature? I can't think of any other rationalization (that hackers usually have) for something like this.

Victor Gont
profile image
Hackers rarely seem to have valid rationalizations behind their actions. They mostly do it because they can, to prove they can. Everything you hear after the fact is 'PR' crap or causes assigned to them by internet groups they might or might not be affiliated to.

Ian Uniacke
profile image
Yeah this is just because they don't want to spend money pure and simple.

"It also points out several major security flaws in Apple's IAP architecture"

I was thinking about this argument the other day, and it's completely bogus. If I throw a rock through your window and steal your TV I could say that "I'm just pointing out the security flaw in your house." Of course no security system is perfect, the only reason the standards seem to be held higher online is because you don't have to break in from a public place (eg the street in which the victims house is). This never makes it a justified action.

Ferruccio Cinquemani
profile image
Interesting concept. It's not taking something that costed work and effort without paying. It's "sidestepping a transaction".

Seriously, this idea that vandalizing something has a value because it points to security flaw is disgusting. It's really like saying that the when mafia "offers" you "protection", they're giving a valuable service.

And pointing at questionable issues from the developers' side doesn't justify anything. Doing something wrong because someone else did something wrong doesn't make you right. It's just one of those rethorical tricks that you see politicians use: "We didn't keep our promises, but you raised taxes!". The hacker mindset sound, to me, like a huge collection of excuses and rationalization.

Mathieu Rouleau
profile image
Sounds like someone got lazy at Apple.

Megan Fox
profile image
30,000 people shipped him their AppStore credentials in the process. He'll be fine without PayPal - 30,000 people are probably about to find themselves buying all sorts of games tied to people working with him.

Ian Brown
profile image
Yes, yes, that's very clever of you, Alexey. Now please consider that you just eliminated enough revenue to keep a developer employed for a year or two.

In four days.

Keep ahead of Apple for a year and you'll mess with the livelihood of around 100 developers and artists in an industry that is already suffering. Heck, keep at it and you could slow or stop the feed of quality mobile games altogether.

E Zachary Knight
profile image
Or Apple could fix their API, then apologize to all those affected developers for their crappy insecure code.

While what this guy is doing is stupid, and harmful to the POTENTIAL revenue of a developer, his actual impact is probably fairly small.

Cordero W
profile image
To be honest, the mobile market is one of the worst places for monetary dependence. You don't make games to get rich. It's a benefit if you're lucky, but most of the time, it's not a road to paradise.

Ian Uniacke
profile image
"Or Apple could fix their API, then apologize to all those affected developers for their crappy insecure code."

What garbage. Please read my above comment for details. This is theft pure and simple.

Nick Meh
profile image
Not sure why anyone needs a hack to circumvent DLC for CSR Racing as they have in the picture.

Like most apps for iOS that sell game currency, they usually offer free coins daily, weekly, or monthly. In CSR's case, it's monthly. Simply change the date on your phone and enjoy free stuff.

Maybe the game chosen for the picture is bad, but hack app or not, most iOS games that rely on ingame currencies have plenty of work arounds without completely devious malicous coding.

Ian Uniacke
profile image
How dare developers expect to get paid for their work. They might even use that money to buy food and shelter for their families, the capitalist pigs.

Nick Meh
profile image
Yeah, I mean, yeah, Ian.

That wasn't the point. The point was you don't need to hack many systems because they are poorly implimented. In CSR Racing's case. They made a Free App for the iOS and their sole source of income is users buying a special ingame currency. This isn't foriegn, many apps rely on this type of system. 'The Burger is free. The Coke is $10.'

The currency can be used in place of the other earnable currency in game and can hurry the wait time on many things. Basically, they don't sell an advantage, they sell a resource to the impatient.

Unfortunately, to keep users coming back to their app, these type of apps offer free Currency give aways usually timed. That's why they want you to turn on Push Notifications so bad.

The problem with this system is, unless you are a mindly retarded 13 year girl, it probably didn't take you long beyond simple thought to just simply adjust your phone's date over and over to earn game currency.

Such is the problem with free apps relying on in game currency sales. They rely on their users not thinking in anyway shape or form.

So .... back to my original point that you missed.... this app hack sounds bad. I hope Apple finds a solution. However, the picture for the article is still stupid. If you need this hack for the app CSR Racing, you are retarded. No hack app needed. The game is poorly designed.

Understand?


none
 
Comment: