What the in-app purchase hack means for app makers

By Marco Tabini, Macworld |  Software, App Store, Apple

Given whats involved, its no surprise that many developers forego any secondary IAP validation, exposing themselves to hacks of the kind we have just seen. The question is, what can be done about it?

The first, and perhaps most obvious response, is that Apple could make the IAP process more secure. This would relatively easy for the company to implement, and would fit well within the App Store distribution model, leaving the developers free to worry about writing more great apps for the iOS platform.

Unfortunately, it would most likely require an iOS update to do so, which means that it would be a while before any Apple-provided solution could be made available to developers. More immediately, the folks from Cupertino could try to better educate developers, helping them understand the limitations of IAPs and guiding them in implementing validation procedures that are both simple and secure. iOSs developer documentation is severely lacking in this area, and could definitely use a bit more information.

And, finally, the public needs to be educated as well. While it may sound fun to stick it to The Man and make IAPs without paying the developers a dime, theres a fair chance that The Man may strike back.

Remember, this hack exposes the iTunes credentials of everyone who uses it, which means that the hacker now has access to the iTunes accounts of everyone who used his trick. And, since circumventing IAPs is essentially fraud, its not entirely unthinkable that law enforcement may one day get their hands on those credentials as well, leading to plenty of uncomfortable questions for all involved.

What it all means

Its hard to say whether this incident is going to have any long-lasting effects on the App Store. Judging from its success, the hack seems to affect a large number of apps, which should, at least, serve as a wake-up call to both developers and Apple.

On the one hand, developers can (and should) do a better job handling IAPs. Despite the software industry claims to the contrary, its difficult to properly correlate piracy to lost sales; still, its in each developers best interest to ensure that their software is well-written, and that includes making sure that they get paid when they deserve to.

On the other, Apple could have largely prevented this problem, which threatens not only to leave it with a large contingent of unhappy developers, but also could have wide-ranging repercussions for users who are compromising the security of their devices for a purpose that is trivial in relation to the amount of damage that they could be doing to their data. Even if Apple shuts down this specific hacker, the proverbial cat is definitely out of the bag, and there is relatively little that prevents someone else from trying something similar, with possibly more nefarious intentions.

Originally published on Macworld |  Click here to read the original story.
Join us:






Answers - Powered by ITworld

Ask a Question