Apple iOS 9 Flaw Leaves Developers Vulnerable To In-App Purchase Hack

Apple / iOS / Mobile / Tech

Following the recent issues caused by XCodeGhost malware, developers have now noticed a flaw in iOS 9 that could affect potential revenue from in-app purchases. Apple has since addressed the issue and the issue has been fixed in iOS 9.0.1.

Gregorio Zanon, co-owner of software development company DigiDNA discovered the hack by testing the latest version of their app, the iMazing backup tool. Zanon and company found that through backup and restoration process that allows users to access hidden file systems on devices running iOS 9, weakness were uncovered in certain applications’ encryption, or lack thereof, in their in-app purchase handling code.

In order to demonstrate the hack, the developers manipulated Angry Birds 2 to start with 999,999,999 gems, equal to $10,000 in game credits. The apps could be exploited through editing the backup file before beginning restoration. Revenue from in-app purchases is what provides the main source of income for developers of free apps.

The developers at DigiDNA state that this issue isn’t Apple’s fault, as the flaw is caused by the developers of the app, not the iOS 9 system itself. In fact, the Apple In-App Purchase Program Guide advises against including purchases in backups at all.

The issue was brought to light due to the iMazing’s streamlining of the backup and restoration process, which was initially a time consuming process most users were likely to bypass. Now that the app simplifies the process, the issue was addressed.

This issue will not affect many iPhone and iPad users, as it only affects those running iOS 9, not anyone running iOS 9.0.1 or any other version. Last year, Apple reportedly generated over $10 billion for its developers, making the app industry one of the most lucrative around the world.

What do you think about Apple’s recent issues with security, including by the iOS 9 in-app purchase hack? Let us know in the comments below or on Google+, Facebook and Twitter.

  Source:Cult of Mac
To Top