(Credit: Apple)
Apple has outlined a way for iOS developers to protect themselves against an exploit that lets users gain free access to paid add-on content sold within their apps.
In a new support document posted today, the company provided detailed guidelines, urging developers to use its receipt validation system that cross-checks purchases made inside applications with the company's own records. It also said that it will be taking extra precautions to keep this from happening in the next version of iOS, due out later this year.
"We recommend developers follow best practices at developer.apple.com to help ensure they are not vulnerable to fraudulent In-App purchases," Apple spokesperson Tom Neumayr told CNET. "This will also be addressed with iOS 6."
The exploit was created by Russian programmer Alexey Borodin, and appeared late last week. It uses a proxy system to send purchase requests to third-party servers where they are validated and sent back to the application as if the transaction had gone through. In order to use the trick, users needed to install special security certificates on their devices,... [Read more]
No comments:
Post a Comment