Vote 2020 graphic
Everything you need to know about and expect during
the most important election of our lifetimes

Hacker Discovers Surprisingly Easy Method to Get iPhone and iPad In-App Purchases for Free

The App Store's in-app purchases security has been breached. A Russian hacker has found a method to fool iPhone and iPad apps so that you can get in-app purchases for free. It's surprisingly easy to set up, requiring no jailbreaking or hacking magic at all. You just need to follow some steps in your stock iOS device and it will work:

1. Install two security certificates, which can be easily downloaded from the web site that provides this service.


2. Set a new Domain Name Server (DNS) in your iPhone or iPad internet preferences.

3. There's no step three.

After doing this you only need to open an app of your choosing—like CSR Racing, shown in the video above—go to their in-app store, and "buy" anything you want for free.


The web server that is acting as a fake Apple App Store—that's why you have to change your DNS—will give the app the ok and make it believe that you actually have purchased that content. Assuming that this is the case, the app will grant you access to the locked content.

Bad security breach

Most iOS games rely on in-app purchases to get money, so this is pretty bad for developers. It's also quite a big security breach for Apple, which likes to brag about how safe and perfect its App Store ecosystem is.

Fortunately for the company, the site that offers the service is overloaded with petitions at this moment and it's not available. But ZonD80—the guy who discovered the flaw and is running the service—is working on this right now:

Currently we have [server] with 512MB of memory, and there is no way to satisfy everyone with such hardware. Apple is a big company, I am not. If you want to help me to buy really dedicated quad-core server with at least 4GB of RAM.


He says that the new server will take two to three days to set up.

I'm sure Apple is scrambling to release an update that will fix this before he sets the server back up. As potentially good as the breach could be for you, it's that much worse for Cupertino's finances—and reputation. [Youtube via In-Appstore via 9to5mac]


Share This Story

Get our newsletter


It's the developers responsibility to build safeguards in place for their in-app purchases - don't rely on the Apple servers to handle your payment routes. If you can't afford your own payment server, why are you in the paid app business?