Top Posters

Apple in-app payment hack

A Russian hacker's YouTube guide to bypassing in-app purchases has been removed, and a lot of buzz generated around what happens to developers who may have missed out. But there's a bigger story here - the breaching of Apple's usually high-walled garden.

In case you haven't seen the reports, Alexey Borodin claimed to have breached the in-app payment mechanism on applications from Apple's App Store, then posted details of how to do it on YouTube. Apple acted quickly to suppress that video - on copyright grounds, apparently - but not before an estimated 30,000 people took advantage, according to Next Web.

While much of the following reports are focussed on developer compensation, the more serious issue here is breaking the security that makes in-app purchases a trusted source. The entire ecosystem of in-app payments relies on convenience and security, and this would be the second reported breach of Apple security in almost as many months - coming on the back of reports of the first true Mac virus.

Ok, lets not take this out of context. The event, assuming it's true, is unlikely to eradicate faith in Apple and its products. But it will have an impact. People who previously felt secure leaving their credit card details with Apple and other vendors must now begin to question that trust. Developers, once certain of a monetization strategy via app downloads, must surely wonder if they wouldn't be better off charging for their wares from the off, and leaving the in-app element aside (one of the biggest benefits is that you can give the app away and then make money by charging for upgrades, or linking to other services without having to close that application).

We've already read a raft of stories of toddlers and children racking up huge bills by using in-app payments. This latest episode is surely another hammer blow for the (still relatively) new area of mobile payments