or Connect
AppleInsider › Forums › General › General Discussion › Hack allows free access to in-app iOS purchases [u]
New Posts  All Forums:Forum Nav:

Hack allows free access to in-app iOS purchases [u] - Page 2

post #41 of 68
Quote:
Originally Posted by SolipsismX View Post


It shows a hole in in-app purchases, an issue with the process, but to say that in-app purchases are flawed in it's essential nature and being is just hyperbole. Do you say that Java or JavaScript or any other piece of software must be fundamentally flawed everytime a bug fix is issued thus proving there were bugs? Of course not.
.

 

I agree, that's why I said the Apple implementation is fundamentally flawed, not the concept of in-app purchases. I've written a lot of 'transaction-based' software with remote servers, and if you're only mean of verification is based on certificates, you should always use a white-list of certificates. I have not analysed this issue in detail, but it seems the process accepts certificates based an common names instead of thumbprints etc.

post #42 of 68
Quote:
Originally Posted by genovelle View Post

Theft is a crime. Period.   I'm sure you were saying pedophilia, but as moral values continue to degrade, our society will return to the days of pedophilia being legal like it was is Greece.  It was not until Christianity became the official religion there that the practice was stopped.  

Couple of years ago in the news there was other information about some 'god-people'. 

Don't put that religion did something good. Religion blinds. Are you blind?

post #43 of 68

Old news....

PC means personal computer.  

i have processing issues, mostly trying to get my ideas into speech and text.

if i say something confusing please tell me!

Reply

PC means personal computer.  

i have processing issues, mostly trying to get my ideas into speech and text.

if i say something confusing please tell me!

Reply
post #44 of 68

It's better that one Russian guy tells the world about this exploit than thousands of people in China use it secretly.

 

He's done the right thing and now Apple will fix it. It's a win for developers.

post #45 of 68
Quote:
Originally Posted by Tallest Skil View Post


Could get all ISPs to block all P2P.

A waste of time. 

1) ISP's block p2p

2) p2p changes protocol, to a possibly 100% encrypted format

3) p2p functions as normal

4) now ISP's can not do traffic shaping on p2p traffic

post #46 of 68
Quote:
Originally Posted by Doorman. View Post

Couple of years ago in the news there was other information about some 'god-people'. 
Don't put that religion did something good. Religion blinds. Are you blind?

This is not a discussion about religion. Boy do you seem to have some knee jerk 'run scared' attitude about religion. The quote said the change happened around the time of christianity -- this does not directly imply that christians or any religion stopped pedophillia. Possibly just a backlash against a society that had gone off the deep end in more than one way. Conservatism is not necessarily ushered in by the religious but by those who find these and other actions morally reprehensible.

I think maybe you are the one that is blind -- don't be a hater, just rely on a higher moral standard and you get to the same place.
post #47 of 68
Quote:
Originally Posted by CGJ View Post

. Not downloading a movie that's already grossing hundreds of millions of dollars (or software from a multibillion company, like Apple, Microsoft or Adobe).

That is exactly the scummy attitude that keeps p2p alive. Not everything is Michael Bays latest explosion porn. In fact most of what is up isn't.

Maybe stopping P2P won't cure cancer or stop global warming but it isn't something to brush under the rug as 'not hurting anyone' etc. perhaps your morals would be different if it was your work out there.

Just as Apple has different departments that do different things, so does the world. And perhaps instead of just brushing this off so you don't have to feel guilty about how you are doing it, you could apply that mind of yours to coming up with solutions.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #48 of 68
Quote:
Originally Posted by Hellacool View Post

Really?  Put someone in jail for life for stealing a song?  Wow.  Michael Jackson's killer only got 5 years but the person who down loads his music should get life???

Let's put away the indignation and go review the context. I never said those that 'steal' via p2p should be put in jail. I said that would be the only way to completely stop it. Big difference.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #49 of 68
Quote:
Originally Posted by Povilas View Post

I very much understand you, but come on man the example that lad used in the video are pretty fucked up ones. 19.99 for some kind of points? That’s extortion.

Then don't play the game.

It's not like your life depends on you playing it. I was playing Smurfs Village for a while until it got to a point of being unplayable unless I spent cash. I stopped, deleted it, etc. My life is fine without it.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #50 of 68
Quote:
Originally Posted by mausz View Post

Post count 36, and still no one is blaming Apple for allowing this loophole in their in-app purchase process.

What exactly is the loophole Apple needs to fix.

Allowing customers to change their DNS settings? Okay that's gone. No reason for folks needing to change them anyway right.

Allowing customers to side load security certificates? Gone, who needs that anyway right. From now on, you have to submit them to Apple who will thoroughly vet every one of them before putting them on an official server, etc.

Andso on. Since you are do smart tell us what is wrong and what they should do about it.

While we are at it, perhaps we should demand that Apple drops the whole IAP system, it's bunk anyway. And not just from games, from everything. Apple just does it to make more money and they are worth billions,the greedy bastards.

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply

A non tech's thoughts on Apple stuff 

(She's family so I'm a little biased)

Reply
post #51 of 68
Quote:
Originally Posted by Marvin View Post


Simple really:
http://www.youtube.com/watch?feature=player_detailpage&v=xMk4cW9Zpj4#t=4794s
Make it more worthwhile to pay for it than to steal it. Unfortunately, not so simple to implement such a system in a digital era.
With digital content, there is such a disconnect between cause and effect that the gains from honesty are as unrecognisable as the damage done by dishonesty.
The content providers don't help matters by blocking content by region and providing it after long periods of time through exclusive/expensive distribution channels, by implementing restrictive DRM and by using measures to extort money from users via hidden charges.
People wouldn't steal movies quite so much if new movies went straight to Blu-Ray but the movie industry has managed to persuade people that a movie going direct to video/DVD/Blu-Ray means it's a failed movie when in fact, the distribution format means nothing about the quality. It's just that the movie industry knows that controlling the distribution means they can control the profits. Once it goes to retail, their control is gone.
The music industry has embaced DRM-free audio but no such luck with DRM-free video yet. I think this is due to music files being so small that it is hard to have a service where people can find what they want and get consistent quality so iTunes ends up being more worthwhile as it's 99c per song and you can find as much music as you like with quality control. If a movie is $10-15 and only comes on a DRM disc or download and you can't put it on a mobile device easily, paying for it is worse than stealing it.
I think the app issue is a minor one because the App Store works in a similar way to music. Lots of inexpensive content where it's harder to steal than pay for it. If the App Store content is worth paying for, people will generally pay for it. There certainly won't be a significant volume of the 300 million+ users who go out of their way to steal the content.

 

 

 

You raise good points.

 

Physical media needs to be a premium product.  People should want to own the official release, due to it being better in many respects to any digital copy.

 

And access to pay-for digital media needs to be available, at a price most normal folks consider reasonable, if they want to make it the preferred choice for the folks who prefer digital.

 

Paid-for needs to be better than free.  Libraries did not put book stores out of business, despite being free.  I don't see why torrents should put the publishers of entertainment out of business either.  They need to provide a proper value proposition, and people will accept it.  My guess is that as of now, they could be doing better.

 

People will pay for convenience.  They will also pay for something that they like better.  Look at bottled water.  People love it, despite the fact that a free alternative is often available.

post #52 of 68
Quote:
Originally Posted by Suddenly Newton View Post

Basically, the equivalent of "I'm mad this game costs so much, so I broke into the store and took it, and I'm going to show you how to do the same so I can teach these greedy developers a lesson."
Yeah, or you could simply not buy it. But hey, some people think they are entitled to steal.

 

Quote:
Originally Posted by Tallest Skil View Post


That's exactly the mindset.
"I can't afford it, so I'm entitled to download it for free. This can't be illegal."

 

Quote:
Originally Posted by charlituna View Post


And use your greed to steal your Apple ID and password so I can buy a ton of stuff and sell it on eBay. I'll get my cousins in America to help me by buying it to pickup in store with their name as okay to pick up for you. In and out before you know what hit you, you lazy greedy turd.

Are we missing the point?

 

This guy may be scum and have the worst of intentions.

 

But, I think the more important point is that guys like this serve a valuable role in keeping Apple on it's toes and in the long run making things safer for us all. I appreciate AI and others reporting this and allowing discussion on it. That way the user who may stumble upon this hack has some info about it. Knowing that the passwords are sent in clear text is important to know. Some idiots will ignore that and try the hack. But at least they are given the opportunity to be educated and do the smart thing and avoid this scumbag's hack.

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply

TechnoMinds

We are a Montreal based technology company that offers a variety of tech services such as tech support for Apple products, Drupal based website development, computer training and iCloud...

Reply
post #53 of 68
Quote:
Originally Posted by charlituna View Post


What exactly is the loophole Apple needs to fix.
Allowing customers to change their DNS settings? Okay that's gone. No reason for folks needing to change them anyway right.
Allowing customers to side load security certificates? Gone, who needs that anyway right. From now on, you have to submit them to Apple who will thoroughly vet every one of them before putting them on an official server, etc.
Andso on. Since you are do smart tell us what is wrong and what they should do about it.
While we are at it, perhaps we should demand that Apple drops the whole IAP system, it's bunk anyway. And not just from games, from everything. Apple just does it to make more money and they are worth billions,the greedy bastards.

 

As I've already said in my previous response. When the api validates the in-app process with an apple server (which gets redirected using the custom dns) why does apple allow custom certificates instead of a whitelist of apple certificates...

 

It seems the only security is that it should be ssl (any certificate is valid) and that's not a good idea. You always have to take a man-in-the-middle attack using for instance dns spoofing into account.

post #54 of 68
Quote:
Originally Posted by Povilas View Post

I very much understand you, but come on man the example that lad used in the video are pretty fucked up ones. 19.99 for some kind of points? That’s extortion.

No, it's the free market economy. Sellers can set whatever prices they want. If you don't think it is worth paying, then don't buy it. If the seller prices it too high, they are missing out on potential revenues. If the seller prices it too low, they aren't earning what they could, and again, losing potential revenue. Sustainable economies work this way, and prices adjust themselves so both buyers and seller win.

Sometimes, sellers don't have enough data to make the right adjustments, so they don't know they are losing money. Pricing can be very tricky without the right data. But just because something is priced too high does not justify theft, period.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #55 of 68
Quote:
Originally Posted by Suddenly Newton View Post

If you don't think it is worth paying, then don't buy it.

This simple concept right here eludes so many people. I do not at all support the creation of a police state or the abuse of law enforcement powers and privileges, but every once in a while I really really wish officers would just take an evening and go around to every known den of piracy in a town, one by one, knock on the door, and have a ten minute conversation about the law in that regard with the morons responsible for this nonsense. Then leave them with a warning.

If you scare them enough, they legitimately won't do it again.

But again, that's just a fantasy of mine. I wouldn't condone doing that in reality.

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply

Originally posted by Marvin

Even if [the 5.5” iPhone] exists, it doesn’t deserve to.
Reply
post #56 of 68
Quote:
Originally Posted by genovelle View Post

Theft is a crime. Period.   I'm sure you were saying pedophilia, but as moral values continue to degrade, our society will return to the days of pedophilia being legal like it was is Greece.  It was not until Christianity became the official religion there that the practice was stopped.  

... was stopped and they began burning witches and condemning scientists.

Different cultures are hard to grasp, especially if you are ignorant.

J.
post #57 of 68
Quote:
Originally Posted by Tallest Skil View Post

So how do we change this? What needs done to get these morons back on track?

It's not a big deal. Distribute the movie digitally (on iTunes for example) for a low price, just before it is produced on a disk ( this includes pre production runs, press samples and so on). Success will be imminent.

J.
post #58 of 68
Quote:
Originally Posted by GregInPrague View Post



In the current climate I don't know how you can.  If the society can't agree whether truth is relative or not how can you say what is right or wrong?  When elected officials are consistently getting away with obvious corruption why should a teenager feel guilty about downloading a few movies?  In my opinion piracy won't diminish until either A) Laws are put into place with real teeth (they've tried and there's been huge backlash across Europe in the last year) or B) There's a significant spiritual change in the region.

 

Seriously, why should the teenager feel bad if corruption exist everywhere in society ? Not only with elected officials, but also with companies. Big companies like Microsoft, IBM, Google and even Apple are basically places where moral values don't exist. Of course it's not illegal, they have the power of money to change laws. Even if it's illegal, so what? The penalties are pennies for them. Google copies Oracle, Oracle copies someone else, Apple copies someone else.

 

Why put someone for jail for piracy, but not for bigger crimes? Also, it's not only Europe. In the US and Canada, most people pirate too. Honestly, I never knew anyone who didn't do it and not only from poor people. Rich people pirate as much if not more. It would not surprise me if 90 % of people here used torrents. Who the hell can buy 10 000 songs for their ipods?

 

Hence, since the vast majority of the population doesn't see any changes at the top, why should they change. You see politician fighting for less laws for the rich (the market will take care of it) but for more laws for the others. Doesn't make sense.

 

If that doesn't change, well morality is relative, right?

post #59 of 68
Pirates gonna pirate. Good that it is in the wild though, Apple will be quite quick to patch this.
post #60 of 68
Quote:
Originally Posted by charlituna View Post

Then don't play the game.
It's not like your life depends on you playing it. I was playing Smurfs Village for a while until it got to a point of being unplayable unless I spent cash. I stopped, deleted it, etc. My life is fine without it.

Exactly.

I would suggest reading the reviews to see how far you can go before spending cash becomes essential. There are some very good games that you can play for a long time without spending money. Dragonvale, Plants vs Zombies, Angry Birds, etc. Before trying a new game, I have started checking reviews to see how far you can go without spending cash before downloading a new game.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #61 of 68

What is this guy talking about???  I'm 2 races away from beating the entire CSR game and I haven't spent a dime...  This game isn't different than Dragonvale - you have to put time in it if you want to level up and such.  The biggest thing about CSR?  You have to wait until the agent shows up to sell you car for half price (which she does rather often).  If you do that it really shouldn't be a problem...

post #62 of 68
Quote:
Originally Posted by Marvin View Post
I think the app issue is a minor one because the App Store works in a similar way to music. Lots of inexpensive content where it's harder to steal than pay for it. If the App Store content is worth paying for, people will generally pay for it. There certainly won't be a significant volume of the 300 million+ users who go out of their way to steal the content.

 

If you make a game and put it on the app store for sale at the cheapest paid price (non-free) then you can expect 100x more users to play your game than buy it. i.e. for every 1 person that buys it you can expect 100 to pirate and play it (can be seen easily from server -side high scores etc).

post #63 of 68
Quote:
Originally Posted by GregInPrague View Post

"Who really wants to pass their user name and password to Russia? Please people, you're only asking for trouble if you use this hack."

 

Because they are Russians? You racist bastard, haha... Im quite sure you wouldn't want to pass a Swede like me your username and password either... The jailbreak solution seams to be far safer, although one would need to undergo the actual jailbreak, messy, makes it kinda not worth it...

post #64 of 68
Quote:
Originally Posted by Tallest Skil View Post


Could get all ISPs to block all P2P.

Hi2u Big Brother. Scary. :)

post #65 of 68
Quote:
Originally Posted by charlituna View Post


Let's put away the indignation and go review the context. I never said those that 'steal' via p2p should be put in jail. I said that would be the only way to completely stop it. Big difference.

 Sure, the threat of the death penalty in "civilized" countries such a Iran, China and the USA has made these enlightened states murder free...

post #66 of 68
Quote:
Originally Posted by genovelle View Post

Theft is a crime. Period.

Theft is rather a felony or a misdemeanor. Moreover piracy is a copyright infringement, no physical product is stolen here, this is more of a shortfall than a loss.


Edited by Sensi - 7/16/12 at 6:27am
post #67 of 68
Quote:
Originally Posted by GregInPrague View Post


Probably so, but too late because AI was actually late to this party.
Who really wants to pass their user name and password to Russia? Please people, you're only asking for trouble if you use this hack.

 To be fair to the fellow he has now changed things to force users to log out of their account, thus mitigating the risk of anyone accusing him of stealing personal details.

post #68 of 68
Quote:
Originally Posted by aderutter View Post

If you make a game and put it on the app store for sale at the cheapest paid price (non-free) then you can expect 100x more users to play your game than buy it. i.e. for every 1 person that buys it you can expect 100 to pirate and play it (can be seen easily from server -side high scores etc).

On Android you can expect high levels of piracy:

http://www.develop-online.net/news/38848/Android-app-pirated-2300-more-than-iOS-edition
http://www.thesixthaxis.com/2012/04/20/piracy-rate-on-android-version-of-football-manager-is-91/
http://www.pcpro.co.uk/blogs/2012/04/27/android-fans-pay-for-your-apps-please/

"The problem is much worse on Android,” he said, when asked about the iPhone. ”You need to jailbreak iOS,” he said. “Most don’t.” It doesn’t look like it’s been a particularly good day for the developer. ”Piracy on Android is the worst I’ve seen in my career in games,”

Less than 10% of iPhones are jailbroken so while 30 million users is still significant and can lead to significant piracy rates for certain apps, it's nowhere near 100:1 in general:

http://www.tuaw.com/2010/08/24/ipad-app-dev-sees-50-piracy-rate/
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: General Discussion
AppleInsider › Forums › General › General Discussion › Hack allows free access to in-app iOS purchases [u]