Apple is investigating a newly found hack that allows iPhone, iPad and iPod touch users to get paid content inside of applications for free.
The company has issued a statement to the New York Times saying that it is aware of the hack and that it is currently investigating the issue.
The fact that Apple is on the case should mean that the exploit that has allowed iPhone and iPad owners to snag paid in-app content for free will likely be closed up at some point in the near future.
Apple spokesperson Natalie Harrison had this to say about the hack:
“The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously, and we are investigating.”
The exploit, discovered earlier today, allows iDevice users to easily bypass Apple’s in-app purchasing process without any sort of jailbreak. With just a few easy steps, device owners are able to get content for free.
The hack apparently works on all iPhones, iPads and iPod touches that are running iOS 3.0 to iOS 6. The hack apparently does not work on all applications though as developers are able to monitor receipts for in-app purchases. Apps that use that apparently are unaffected by the hack.
It was created by a Russian hacker named Alexey Borodin who runs a website called In-AppStore.com where he is solicits donations to fund the project and details the hacking process.
According to Macworld, Borodin created the hack because it’s a hobby of his. He also expects to be hired by Apple at some point, possibly because of the flaw that he has uncovered.
Besides the fact that its stealing, there is also another downside to the process.
The developer has said that the following information passes through the servers when it’s used:
-restriction level of app
-id of app
-id of version
-guid of your idevice
-quantity of in-app purchase
-offer name of in-app purchase
-language you are using
-identifier of application
-version of application
That’s not the type of information that most iDevice users will want to pass along to an unknown individual and it’s another good reason to stay away from the hack.
It’s unclear how much money developers have lost due to the exploit but it certainly wouldn’t be the first time that devs have seen money earned wiped out by fraud.