July 16, 2012, 4:35 PM — The recent news that a simple hack makes it trivial to circumvent iOSs in-app purchasing mechanism raises the question of whether Apple is doing enough to help developers safely conduct transactions through the App Store.
In-app purchasesIAPs for shortare a mechanism that allows an app to charge a users iTunes account in exchange for digital goods and services: Its what makes it possible for so many games to let their customers purchase some sort of app-specific currency like coins, or subscriptions to a service. Given how many apps have adopted a business model that relies on a very low initial download priceoften freeto then charge customers as they use the app, IAPs have become a very important tool for app makers.
How IAPs work
Without going into needless technical details, IAPs are relatively easy to use from a developers perspective: Before submitting an app to Apple, the developer simply registers whatever products an app sells (e.g.: Buy 1,000 coins for $0.99). Later, upon the users requests, the app asks iOS to complete the purchase. The device, in turn, usually asks users for their iTunes login and proceeds to complete the transaction, at which point it notifies the app that the latter has taken place.
Behind the scenes, iOS connects to Apples servers to perform two tasks: First, it validates a username and password, and then it asks for the users iTunes accounts to be charged based on the details of the IAP that the developer has registered when they submitted the app. To help protect the users information from prying eyes, this process takes place over an encrypted channel using TLS/SSLthe same protocol that Web browsers use when connecting to Websites whose URLs begin with https://.
From the developers perspective, this entire process is completely opaque. The operating system simply responds to an IAP request by either notifying the app that the transaction failedfor example, because the user changed his mind or didnt have sufficient fundsor by returning a receipt that indicates that the purchase went through. Later on, 70 percent of the purchase price shows up in the developers bank account. (Apple keeps the remaining 30 percent as a commission.)
In keeping with Apples commitment to privacy, the receipts do not contain any information that can be used to identify the user who made the purchase. Critically, other than a unique identifier and some other minor information, therefore, two purchases for the same product result in essentially identical receipts.
IAPs are a boon to developers large and small. Compared with having to set up your own payment system, they are easy to implement. And, because they rely on iTunes, they present users with a familiar, safe, and frictionless way to pay.