A Russian hacker has found a way to bypass Apple’s in-app purchasing process without any sort of jailbreak.
9to5Mac is reporting that the hacker has come up with an “in-app proxy” method that allows users on an iPhone, iPad or iPod touch to get in-app purchases for free just by following a few steps.
The hack apparently works on all iPhones, iPads and iPod touches that are running iOS 3.0 to iOS 6. The hack apparently does not work on all applications though as developers are able to monitor receipts for in-app purchases. Apps that use that apparently are unaffected by the hack.
Clearly this is not good for developers or Apple. The hack is still functional for some applications but Apple and developers will likely be moving fast, as they should, to squash this vulnerability.
It’s also dangerous for those using the hack. The developer has said that the following information passes through the servers when it’s used:
-restriction level of app
-id of app
-id of version
-guid of your idevice
-quantity of in-app purchase
-offer name of in-app purchase
-language you are using
-identifier of application
-version of application
The hacker also implores iDevice users not to pirate applications from the iOS App Store saying that his service is only for legally bought applications.
We do not recommend using the hack or condone the hack and it should only be a matter of time before Apple and developers are able to patch up the exploit and return in-app purchases to normal.