A developer in Russia has figured out how to circumvent Apple’s in-app purchase process for iPhone, iPad and iPod touch apps, and make those purchases without paying. The process is apparently easy to use, which also means it’s easy for users to steal content from app developers.
The in-app purchase hack comes from the Russian developer ZonD8o and doesn’t require jailbreaking. Instead, users install two certificates and change their DNS settings to access in-app purchases without paying.
Aside from the fact that using the hack to get in-app content without paying is stealing, it also exposes some of your personal information to the hacker’s servers, such as your iOS device’s GUID code and your location. Considering the fact that they seem fine with offering up a way to steal iOS app content, trusting them with any of your data seems like a less than prudent idea.
Apple is likely already looking into the issue and figuring out how to block the hack, and apps that use the company’s system to validate receipts for in-app purchases aren’t affected.
[Thanks to 9to5Mac for the heads up.]