First iOS, Now Mac OS X In-App Purchases Hacked 110
An anonymous reader writes "Last week Russian developer Alexey Borodin hacked Apple's In-App Purchase program for all devices running iOS 3.0 or later, allowing iPhone, iPad, and iPod touch users to circumvent the payment process and essentially steal in-app content. Apple [Friday] announced a temporary fix and that it would patch the holes with the release of iOS 6. While Cupertino was distracted, Borodin came in and pulled off the same scheme on the Mac."
Overreacting (Score:5, Funny)
allowing iPhone, iPad, and iPod touch users to circumvent the payment process and essentially steal in-app content
You mean the users (well... only one user) can actually copy and delete it from the application vendors' hardware? Wow, that is bad!
Re: (Score:2)
Incorrect. Developers who check with Apple for receipts can't be affected by this (because there are shared secrets) and Apple provides a mechanism for verification.
Developers who don't check, though, are vulnerable to this. And always have - jailbroken users know about IAPCracker which does the exact same thing - faking in-app purchases. (IAPCracker also doesn't pop up a dialog, so you can chec
Re: (Score:1)
not news,
I have a student from Vietnam who has jailbroken his iPhone and added an app that lets him download any app for free and run them without any charge. Half the class has iPhones and he is hooking them all up, it'll be all over campus in days when the fall kids arrive.
Re:Overreacting (Score:4, Insightful)
Unfortunately, the law doesn't evolve. Larceny has different moral implications than tresspass, and the law should reflect that.
Re:Overreacting (Score:5, Funny)
my dear sir, i do believe that qualifies as a cliche. Congratulations, you've take the fisrt step into a smaller world. I find your ideas interesting, and I would like to subscribe to your newsletter. Most cordially, 2054
Re: (Score:3)
This is not theft. Theft means you take something from the victim, something he will no longer possess. In all such cases, the victim will remain in possession of the 'stolen' object, therefore one can argue that no actual theft has taken place.
As the often-repeated analogue goes, it's like someone stole your cat overnight, but in the morning, you'd still have it.
Re: (Score:1)
Okay, and you have time travel iOS/Mac OS developers where you're from who can code their app and then travel back to when they started?
Re: (Score:3)
Re: (Score:2)
And when everyone says that, how does the coder make money?
Re:Overreacting (Score:4, Insightful)
That's a different problem, and by no means an excuse to use the word steal in such a way. Two wrongs don't make a right.
It's wholly incorrect, inappropriate, illogical, an unethical to use the word steal with respect to copyright infringement. It will never be useful, nor constructive in any meaningful conversation regarding the Public Domain and how Intellectual Property can encourage further contributions towards it.
If you want to have a serious conversation regarding these matters, then we can have it when you are ready to sit down rationally and stop using manipulative tactics to steer the conversation.
Re: (Score:2)
On the other hand, as long as you keep using the wrong words to try and express your ideas you will be at most the target of jokes and contempt. The choice is yours, but keep in mind that being stubborn makes very little to help your cause.
Re: (Score:3, Insightful)
Who said I was happy? I am decidedly unhappy about all of this.
You're doing it again too. Nobody stole anybody's else's work. Did not happen.
In fact, the only times that it may have happened is when the 1%'s (aka Rich Whitey) use their lawyers and fancy book learning to swindle poor artists out of their copyrights entirely. Or it could be Suge Knight hanging Vanilla Ice out of a hotel balcony if you believe the story.
What I am not okay with is the fact we are using intellectual property as an excuse to
Re: (Score:2, Informative)
This isn't a modern thing, as much as we like to make it out to be one. People have been selling intangibles for a long time and "theft" has applied to non-physical
Re:Overreacting (Score:5, Insightful)
The term 'Theft' does not apply to IP by any law code of any country in the world. So no, you are just wrong. Using the wrong word to define something serves only the purpose of propagating lies. You may do it from ignorance or malice but either way you are to be shunned for it.
Re: (Score:2)
He can't sell it if everyone just steals it.
No stealing occurred. His opportunity to sell it remains intact as his possession of the code and legal entitlements (copyright) were never impacted.
The problem with this "but they still have it" line of reasoning is that while it may work on an individual basis, it doesn't work in the aggregate
Yes, yes it does. Regardless whether it is an act committed towards an individual, or a group, the only thing occurring is copyright infringement.
What you are trying to say is that mass copyright infringement is detrimental so we should apply the same consequences of theft to copyright infringement, even though the definitions are radically different.
If everyone steals the app, then the developer's time is indeed being stolen, since they are getting paid nothing for their work.
That's im
Re: (Score:2)
Are you a fucking moron? While you're screwing your mom, she won't be making any money off the other clients
Not technically true.... I've seen these instructional videos on the Internets that show some mothers servicing several clients at the same time....
Re: (Score:3)
This is not theft. Theft means you take something from the victim, something he will no longer possess. In all such cases, the victim will remain in possession of the 'stolen' object, therefore one can argue that no actual theft has taken place.
Depending on interpretation, it is either fraud or copyright infringement. I'd tend more to call it fraud. Like getting a CD from a physical store by convincing the cashier that you paid for it, when you actually didn't; that wouldn't be theft but fraud.
What would be dangerous would be an interpretation as computer hacking. Don't know what exactly the laws would be called, but that could be worse than fraud.
Re: (Score:2)
Exactly.
Copyright infringment? Sure thing.
Fraud? Certainly.
But not theft, neither of those is theft, legally speaking. ... well, hacking. Or computer fraud, or misuse of (unauthorized) access. Usually along these lines, emphasizing access, not gains or similar.
And they usually call hacking
Re: (Score:2, Interesting)
Pretend you are a software developer (I can already tell you are not). By your logic, it's totally fine if everyone downloads your software without paying for it. After all, you've lost nothing, right? None of the software you have is gone, so everything is great. Right?
Yes indeed. Red Hat makes billions of dollars doing this, and Linus Torvalds (together with everyone who works on the GNU project) has done it for years as well.
Re: (Score:2)
1) Create software that expert support in order to support or customize for just about any commercial purpose
2) Give software away for free
3) Profit
I don't see how this model would work for games, or really any kind of software the "indie" developer would write. You could still make money if you were a platform vendor, but really, in the end, you're talking about the end of third-party application business as a commercial enterprise (unless you can convince every mom and pop user to sign support contracts f
Re: (Score:2)
But even single player games sell well without DRM. Good Old Games is doing well afaik, for example, and their games can be pirated and are indeed pirated with easy.
Re: (Score:2)
as for game devs team fortress 2 while not Stalman free is free to play and download. yet the game devs make millions off of it by selling silly hats and slightly better guns that you can still get not paying you just have to play long enough. also there is ad supported software. lots of ways to have free apps and make money. you can also charge for compiled binaries of free/open source apps you have posted on app stores, for copyleft ones all you need to do is link to the original source code.
Re:Overreacting (Score:5, Interesting)
I am not a developer, true, I'm more of a legal expert.
But let's imagine I'm a dev, and my product was "stolen", to put it this way. I check my hard drive, yep, source still there, binaries present, everything's accounted for. The problem isn't that something is gone, the problem is that there's now two of it, one not under my control. Nothing was taken per se, and hurting my commercial interests is quite another thing, not covered by theft.
So yes, the way you put it, "everything is great. Right.". What's not "totally fine" is what you don't emphasize: not paying for it (assuming I wanted payment in the first place), but that is not covered by the meaning of 'theft'.
Re: (Score:2)
Because something took the value of your product that does not mean you were entitled to have its full value from the beginning.
Copyright infringement is theft of permission. (Score:1)
Re: (Score:2)
I am a software developer, working on an open-source database. That everyone will download the software I work on without paying for it is my business model.
Re: (Score:2)
Look at the coward, pulling out the living with your parents joke. Man, you are a witty character. The "utopia" I live in is one where people are still willing to pay for support and consulting on their open-source databases, because it's still a cost savings over options like Oracle or SQL Server. Maybe they don't have real companies wherever you and the other trolls live at?
Re: (Score:1)
The "utopia" I live in is one where people are still willing to pay for support and consulting on their open-source databases, because it's still a cost savings over options like Oracle or SQL Server.
Unfortunately, that model will not work at all for the types of applications you can get on any App store, so your anecdote is completely pointless for this discussion.
--Jeremy
Re: (Score:1)
Pretend you are a software developer (I can already tell you are not). By your logic, it's totally fine if everyone downloads your software without paying for it. After all, you've lost nothing, right? None of the software you have is gone, so everything is great. Right?
Wrong..
Why do you child molesters keep droning on with this shit.
Copyright infringement IS WRONG. It is not a good thing to do. It is not an honest thing to do. It is not the right thing to do. Clear?
But it is also NOT THEFT. And those who insist on accuracy, are not condoning the unlawful acquisition of copyright material. Just exposing the weakness of your argument.
If I steal a book from a book shop, there is one less copy of that book in the shop. The victim being short the item I have stolen is a condit
Re: (Score:2)
OMG, do you even realize that most of the fine art was done by poor people that didnt make anything for living and most of the time were living pretty much frm charity ?
It is perfectly possible to create something and not charge any money, with computer software it is even easier, come on please delete every piece of free/open source software you have on all your devices and come back to keep this discussion.... Actually you will not be able, go figure
[/rant]
Re: (Score:2)
I'm not rationalizing, I'm just calling attention to the fact that "copyright infringement" is not "theft".
Let me quote something from the Hungarian Penal code (Section XVIII - Crimes against property):
316 (1) He who takes a foreign object from another to illegally misappropriate it, commits the crime of Theft [Aki idegen dolgot mástól azért vesz el, hogy azt jogtalanul eltulajdonítsa, lopást követ el.]
Let's parse this sentence grammatically, or rather, focus on one word: "take [vesz el]"! In both Hungarian and in English, the word in question has one significant connotation: that what you take from another becomes yours, and ceases to be theirs. This is all dandy and fine, as long as we assume that there c
Re: (Score:2)
Which is a synonym for "I'm right.". Since we're talking about law, and law is, you know, 'pedantic'...
Re: (Score:2)
Before you (and everyone else reading this) gets me wrong: I am NOT a legal EXPERT. I am more of a legal expert than a developer. Not a lawyer as such, but I have studied international law extensively and have touched upon other legal areas during my studies. Therefore I dare say I am more qualified than most people here to comment upon legal issues.
And before everyone takes offense, I'll admit that most people here are infinitely more qualified to comment upon programming and most other technical matters!
Re: (Score:2)
Re: (Score:2)
Of course, both sections were written way before the internet became a reality (the Hungarian one was drafter circa 1970). However, like I said, the word "taking" implies that the rightful owner no longer possesses the "stolen" object, just like the Hungarian version [elvenni] does. That is why I make the point that copyright infringement is not theft as such, not matter what the content industry spokespeople say, and this is why people are tried under a different heading.
Re: (Score:2)
This is not theft. Theft means you take something from the victim, something he will no longer possess. In all such cases, the victim will remain in possession of the 'stolen' object, therefore one can argue that no actual theft has taken place.
An interesting difference between US and German law: US law includes "deprive the rightful owner", while German law includes "enrich the unlawful taker". So with the German interpretation theft would have taken place (except there "theft" is only for physical items).
Re: (Score:1)
Re: (Score:2)
Do explain...
If you're referring to copyright infringers, that's because that in itself is a crime, but under a different heading.
Re: (Score:3, Informative)
Conflation of stealing and copying is deliberate propaganda by those who believe in imaginary property.
Corporate doublespeak and nothing more.
Re:Overreacting (Score:4, Informative)
Language evolves.
Deal with it.
NO
This is not the evolution of language. It is the misappropriation of a word to give meaning to an action that is wholly inappropriate.
Evolution of language is just fine. For example, we could all agree that the word rape is an acceptable word to describe unflattering comments that a man may make to a woman regarding her pictures on Facebook. What is not fine, is applying the consequences of the "archaic" definition of the word at the same time.
If you insist on the stupidity of using the word steal to mean, "any acts of copyright infringement", then you must at the same time alter the perceived consequences and negativity of that word.
That does not make any sense does it? Why pervert and devalue the word steal when it is quite useful to mean the deprivation of real property without authorization? Why confuse the word with wholly contradictory definition?
Doing something that ridiculous is not the evolution of language at all. In fact, it is most often used as a manipulative tactic in the overall discussion of intellectual property, the Public Domain, and the evolution of our society with respect to both.
Re: (Score:2)
Evolves, in what way? If I refuse to acknowledge copyright violations as stealing, why am I bound by what others say?
Re: (Score:2)
If language evolves to undermine the meaning of law, than the correct way of dealing with this reinterpretation of the word "steal" is to change the law accordingly.
As this has not been done, we should assume the law still implies the original meaning of the word "steal" is it applied when the law was created.
Actually laws tend to explicitely define what they mean by words, so the whole point is moot.
You are holding it wrong ... (Score:1)
Ive read some comments on the pages in the links and they seem to say this is not Apples fault but the dev's fault for not using the "3 lines of code" to verify in app purchases. What I want to ask is why this is not the default behavior in iOS.
Re: (Score:1)
Ive read some comments on the pages in the links and they seem to say this is not Apples fault but the dev's fault for not using the "3 lines of code" to verify in app purchases. What I want to ask is why this is not the default behavior in iOS.
You mean it's the developers' fault for making the assumption that their customers are honest.
Distracted? (Score:1)
Yeah, they've been distracted...by the upcoming release of Mountain Lion in the next few weeks. Anyone willing to bet that this issue is fixed in Mountain Lion just as it's been promised to be fixed in iOS 6?
Meh (Score:4, Informative)
Apple has recommended all along that you verify receipts to make sure they're not fake. Some apps don't, and can be hacked. How surprising.
Re: (Score:2)
ha (Score:1)
Patched (Score:4, Informative)
Apple already explained to developers [macnn.com] how to close the hole, with in-App receipts. Also, it's closed in iOS 6
Fuck 'em if they can't take being screwed back (Score:4, Insightful)
With a few rare exceptions, most games with in-app purchases are designed so that your progress in the game is directly proportional to how much you're willing to spend. In several games, no amount of patience or skill will allow you to progress. And in some games, progress itself is an illusion, with no obvious indication that your "missions" are being randomly generated and there is no way to ever "beat" the game.
It's extremely shady on Apple's part to allow developers to label apps that require in-app purchases as "free". The way I see it, this is karma.
I'm all for developers getting paid for their work. If they really want to nickel and dime you for every bell and whistle in the app or make you insert a coin each time you lose a life, that's their prerogative - but Apple needs to make it a lot clearer what you're downloading, since in-app-purchases mean "free" no longer means what it used to.
Re: (Score:1)
It's extremely shady on Apple's part to allow developers to label apps that require in-app purchases as "free". The way I see it, this is karma.
I see it as extremely shady by you not to mention that for every free app with IAP they are mentioned with the price. If you don't want to pay for them, don't download apps that have them. It's that easy. Unless you hate Apple.
Re: (Score:1)
No Quarter? (Score:4, Insightful)
Quit your whining, kid! Back in my day we kept pumping more quarters into the machine no matter how many times the game cheated us and we liked it!
Re: (Score:3)
It's extremely shady on Apple's part to allow developers to label apps that require in-app purchases as "free". The way I see it, this is karma.
This. It is high time the App Store is split into 3'categories, with one for really free stuff. If you ask me, I'd even want 4, with one for really, really free stuff as in: No ads, either.
At least let me, the customer, truthfully know what your business model is. I don't mind paying for software and regularly do. But I dislike the dishonesty in the pseudo-free sector.
Re: (Score:2)
The ones that really piss me off are the gambling games. They have (for now) found a way to bypass gambling regulations, charging for chips and whatnot, while failing to actually reward the winners.
Can somebody tell me what makes these legal?
Proof (Score:1)
Re: (Score:2)
True dat, but it's the measure of the man whether he chooses to destroy or not.
The real news (Score:1)
Client-side "security" (Score:2)
A lot of these in-app purchases have an entirely client-side effect, such as changing how much in-game money you have. As usual, if you control the hardware, you can do whatever you want.
If you have a jailbroken iDevice, you can make a program to change any client-side variable of a game by just calling task_for_pid and vm_write. No need to mess with the purchase receipt system at all.
Re: (Score:1)
Re: (Score:2)
With all the outspoken Apple fanboys touting how great IOS and OSX are, being Apple apologists for Apple's patent trolling, and mocking Android and linux, how should I react to this situation? How about this: HAHA IN YOUR FACE!
Yeah, IN YOUR FACE Apple because developers were lazy and didn't verify receipts! It's totally Apple's fault that developers didn't use the provided security tools!
Given that we're being so charitable, it's totally Linux's fault if you turn on SSH and set your root password as "password", right? Just checking.
iOS6 (Score:1)
The "World's most advanced mobile operating system"