Apple investigating App Store bug that gave free in-app purchases

Apple is investigating a bug uncovered by a Russian hacker that allowed customers to get free in-app purchases. The hacker, who identifies himself as ZonD80, posted a YouTube video showing how to get around paying for features in the apps featured in Apple’s store last week. He has since started a Web site asking for donations to support his work.

Apple said that it is looking into the situation. “The security of the app store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating,” said Apple spokeswoman Natalie Harrison.

More tech stories

Because shark bites are the worst

A man explains the clever wet suits he designed to deter shark attacks.

Our absurd shortage of traffic lights

Our absurd shortage of traffic lights

Our world’s roads are far too chaotic, and more traffic lights could easily fix that.

Hands off the steering wheel

Hands off the steering wheel

Self-driving cars are navigating their way to the consumer mainstream.

According to a report from Information Week, the hacker said that he has received a takedown notice from Apple asking him to take down his Web site.

The report said that the hack works on iOS versions 3.0 to the as-yet-unreleased 6.0, though it doesn't work on all mobile applications. Developers do have the option to verify purchases, the report said.

The hack could seriously hurt app developers, MacWorld noted, who have largely depended on Apple for security and to process payments — which can help to justify the 30 percent cut Apple takes from developers.

MacWorld’s Marco Tabini, also a developer, said that Apple has done a good job of patching up rocky situations with developers over this sort of thing in the past, and that he expects this won’t damage that relationship too much. He did note that more developers should take the time to set up their own validation systems for in-app payments, but also said that Apple has to give smaller developers the confidence that they don’t have to be cryptology experts to feel safe on the App Store.

Related stories:

Apple’s Mountain Lion may be out July 25, report says

Apple developing smaller iPad, will cost ‘significantly less’ than $499, report says

Apple fixes App Store bug

 
Read what others are saying