A Russian developer has apparently managed to discover a method of obtaining in-app purchases from iOS apps for free as noticed by Russian blog i-ekb.ru (via 9to5Mac). The process uses an “in-app proxy” and does not rely on any kind of jailbreak. In fact, the process can easily be replicated by any iOS user in three simple steps. The hack reportedly works on all devices running iOS 3.0 to iOS 6.0.
The source explains how it’s done:
The hack appears to have come from Russian developer ZonD80 who posted the video demonstration given below. ZonD80 also appears to run a website called In-AppStore.com where donations are being accepted to support the development of the project and help keep servers up and running. The developer explained the three steps of the hack, which include the installation of CA certificate, the installation of in-appstore.com certificate, and the changing of DNS record in wi-fi settings. After the quick process, users are presented with the message pictured above when installing in-app purchases, opposed to Apple’s usual purchase confirmation dialog.
The method is not allowing users to install content from 100 percent of apps, as some users of the method report it failing for certain in-app purchases in specific regions. This is of course not something we approve of, and despite warnings from the developer himself to please “not pirate AppStore apps”, he continues to assist users of the hack that report it not working with certain apps.
It seems that Apple does provide a method for developers to validate receipts for in-app purchases, which is likely why the hack described above does not work with some apps.
Update: The site ‘In-AppStore.com’ is currently down. It is unclear whether it is down simply due to high traffic or if other steps are being taken to hinder his activities.