Apple is investigating a bug uncovered by a Russian hacker that allowed customers to get free in-app purchases. The hacker, who identifies himself as ZonD80, posted a YouTube video showing how to get around paying for features in the apps featured in Apple’s store last week. He has since started a Web site asking for donations to support his work.
Apple said that it is looking into the situation. “The security of the app store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating,” said Apple spokeswoman Natalie Harrison.
According to a report from Information Week, the hacker said that he has received a takedown notice from Apple asking him to take down his Web site.
The report said that the hack works on iOS versions 3.0 to the as-yet-unreleased 6.0, though it doesn't work on all mobile applications. Developers do have the option to verify purchases, the report said.
The hack could seriously hurt app developers, MacWorld noted, who have largely depended on Apple for security and to process payments — which can help to justify the 30 percent cut Apple takes from developers.
MacWorld’s Marco Tabini, also a developer, said that Apple has done a good job of patching up rocky situations with developers over this sort of thing in the past, and that he expects this won’t damage that relationship too much. He did note that more developers should take the time to set up their own validation systems for in-app payments, but also said that Apple has to give smaller developers the confidence that they don’t have to be cryptology experts to feel safe on the App Store.