Apple Adding Additional Security Measures To In-App Purchase Receipts
by Brent Dirks
July 18, 2012
Apple looks to be moving quickly to stop the hack allowing users to gain access to free in-app purchases. According to MacRumors, Apple is now including a unique identifier in in-app purchase receipts.
Developers are beginning to see a "unique_identifer" field in those receipts that apparently harnesses the UDID number from each device.
Earlier this year, Apple began rejecting apps from developers that used the UDID. But Apple may be using the information as a first step to ramp-up in-app purchase security or in an attempt to identify the exact devices that are using the hack.
The hack came to light late last week. Russian Alexey Borodin was able to successfully exploit Apple’s certification process to make free in-app purchases, even without a jailbroken handset. And he set up a website with the instructions on how anyone could do the same thing.
But the method wasn’t exactly foolproof as it only worked for some apps.
We reported on Monday that Apple was in the process of taking down the servers that processed the requests and forcing YouTube to take down the step-by-step video. But the new information seems to suggest that Apple is looking to beef up its security internally as well so something like this won’t happen again.
While we sometimes decry in-app purchases, it's massively unfair for users to be taking money away from developers. And as we saw today, there are some developers that go the extra mile (and then some) repairing broken IAPs for legitimate customers.
Source: MacRumors