New In-app Purchase Receipt Code May Block Theft

Following reports of a hack that lets users bypass payments when making in-app purchases on their iPhone or iPad, developers found a new addition to purchase receipt files referencing unique identifier codes. While Apple isn’t saying exactly what the codes will be used for, developers are speculating that they will be used to help block systems that let users make in-app purchases without paying.

Identifier codes for in-app purchases may help stop theftIdentifier codes for in-app purchases may help stop theft

The “unique_identifer” field in the receipt file seems to contain a unique string of numbers, although at least one developer told The Next Web that they found device UDID codes stored there. Since Apple has told developers to stop relying on that device identifying code, it’s possible the field is collecting the identifier in apps that haven’t been updated yet to comply with the new guidelines.

Word surfaced several days ago that a Russian developer found a way to work around paying for in-app purchases, and then set up his own server system for others to use. The process doesn’t require jailbreaking devices, but does potentially expose at least some personally identifying information to the servers.

Apple has been working to shut down the hack with only a limited level of success. After shutting down the payment bypassing servers, the developer moved his operation off shore

So far Apple hasn’t said how the new receipt field will be used. Until Apple details the feature, developers won’t be able to update their apps to take advantage of it, nor will it be clear whether or not it’s intended to help prevent in-app purchase theft.

Image made with help and help from Shutterstock.