Apple offers developers a workaround for in-app purchasing exploit

apple app store apps

In an unusual move, Apple is offering iOS application developers a workaround for the exploit that enables iOS users to make free in-app purchases. Apple says the exploit will be fixed in the forthcoming iOS 6.0, but in the meantime Apple is explicitly giving developers permission to tap into private Apple iOS APIs to verify certificates that purport to be from the App Store. Historically, Apple has summarily rejected iOS applications that rely on accessing any private API.

The exploit, which gained notoriety last week, was developed by Russian hacker Alexey Borodin, although there’s really nothing from stopping other motivated individuals from using the same approach. Borodin forged security certificates that claim to be from Apple, then set up his own DNS servers to respond as if they were Apple’s App Store. When applications tried to make in-app purchases, Borodin’s exploit essentially hijacked the process and provides spoofed receipts so the apps will unlock or access additional features or content.

Apple’s workaround is not exactly painless for developers — they will have to update their existing iOS applications to be able to validate store receipts — but at least it’s a solution that can be deployed now and support in-app purchasing prior to iOS 6. Similarly, if applications have not saved their store receipts, they will not be able to validate purchases.

Apple has steadily recommended that developers using in-app purchases follow “best practices” and validate receipts using their own servers or services independent from the App Store to avoid these kinds of man-in-the-middle attacks. Of course, developers should also take care their their own validation process cannot be attacked in a similar manner.

Mobile

Think iPhones can’t get viruses? Our expert explains why it could happen

If your iPhone has been acting strangely, then you may be concerned about the possibility it is infected with a virus or some malware. We take a look at just how likely that is and explain why iOS is considered relatively safe.
Deals

Need a new tablet? Here are the best iPad deals for March 2019

In the wide world of tablets, Apple is still the king. If you're on team Apple and just can't live without iOS, we've curated an up-to-date list of all of the best iPad deals currently available for March 2018.
Deals

It’s time to check out the best Apple Watch deals for March 2019

The Apple Watch has surged to prominence in recent years. If you're in the market for an iOS wearable, we've sniffed out the best Apple Watch deals available right now for all three models of this great smartwatch.
Computing

Apple’s officially sets date, location for 2019 Worldwide Developers Conference

Apple developers and fans alike look forward every year to the company's Worldwide Developers Conference, better known as WWDC. After rumors suggested as much, Apple has confirmed that the conference will take place on June 3-7.
Cars

Say goodbye to Uber for good: Here's how to cut ties with the ridesharing service

If you thought that deleting the Uber app would also delete your account, think again. You'll have to deactivate your account, then wait 30 days in order to do so. Here, we outlined how to delete your Uber account once and for all.
Mobile

Apple iPad Mini 5 vs. iPad Mini 4: What’s new in Apple’s long-awaited refresh?

The long-awaited refresh of the iPad Mini is finally here, but just how big an upgrade does the iPad Mini 5 represent? We compare it to the outgoing iPad Mini 4 in various categories to delve into the differences and pick a winner.
Product Review

Simple and reliable, Apple's AirPods are among the best fully wireless earbuds

Apple’s AirPods wireless headphones have dominated the market essentially since they hit stores in December 2016. Though not without some faults, they cracked the connectivity code to rank among the best fully wireless earbuds you can…
Computing

The iMac finally got updated, but how does it compare to the Mac mini?

Apple announced a long-awaited update to the Mac mini. Thanks to the updated specs and increase in price, it's begun to creep up to the base model iMac. In this guide, we now put up the specs on the newest refreshed Mac mini against the…
Computing

Should you buy the affordable MacBook Air, or is the MacBook Pro worth the price?

Though they both share Retina Displays and similar keyboards, there are still some specs differences and other changes that differentiate the new 2018 MacBook Air and MacBook Pro. In this guide, we stack the two up against each other.
Wearables

Spring is here, and Apple’s beautiful new Watch bands will help you celebrate

Apple knows that seasons matter in the fashion world, and has refreshed its most popular Apple Watch bands to celebrate the arrival of spring. See them all, including our new favorite teal versions, here.
Mobile

Google Fi: Phones, plans, pricing, perks, and more explained

Google's wireless service, formerly Project Fi, now goes by the name of Google Fi, and it's now compatible with a majority of Android phones, as well as iPhones. Here's everything you need to know about Google Fi.
Deals

Get your hands (and ears) on Apple’s new AirPods — here’s where to find them

Apple's new AirPods with wireless charging are the latest version of the much-loved wireless earbuds. Unfortunately, they aren't widely available yet. Here's where you can find them right now, and where they will show up soon.
Mobile

Apple’s AirPower wireless charging mat may be coming soon

At its September event in 2017, Apple unveiled the AirPower, a new wireless charging mat that will allow you to charge multiple devices at one time. It has not yet been released. Here's everything we know about the device so far.
Deals

The best Apple AirPods alternatives for Android, Windows, and iOS devices

Apple AirPods might be new and improved, but they aren't the only game in town. Other makers are offering their own truly wireless earbuds, with attractive features. These are the best AirPod alternatives on the market today.