14 DAY TRIAL // After learning that Russian researcher Alexey V. Borodin found a way to make free in-app purchases, Apple started taking steps to address the issue. However, the measures taken so far by the Cupertino company haven’t been successful since the service is still operational.
“The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating,” Natalie Harrison of Apple said after the news broke.
Immediately after the statement was released, the company contacted YouTube and requested the removal of the video in which the hacker detailed the steps to bypass the in-app purchase process.
Then, Apple convinced the Russian hosting company – the one that hosted the server – to stop providing services to Borodin, The Next Web reports. Furthermore, PayPal blocked the account set up by the expert to ensure that he could no longer receive donations.
However, it appears that this isn’t enough to stop the researcher. He quickly set up a new server in an offshore country and cut out Apple’s servers from the scheme.
To show that iTunes credentials are not collected by him, Borodin modified the signing process. From now on, those who want to utilize the cheat must log out from their iTunes accounts before proceeding.
Furthermore, the project is still receiving payments via a private PayPal account.
“Service will be available at least for one month. If Apple can't fix it,” he said regarding donations.
Since a number of users are interested in using the method to buy the actual applications for free, the hacker published a blog post to explain the legal aspects of the technique (from his point of view).
“You CAN'T buy applications via this service. It's ILLEGAL. You can only get in-app purchases for free in apps that you downloaded legally from AppStore. These apps and locked content are already belongs to you [sic],” he said.
Although it may seem tempting to try out the hack, we strongly recommend against it. This may be done for research purposes, but there are plenty of risks involved, not to mention the legal and moral implications.