First iOS, Now Mac OS X In-App Purchases Hacked

An anonymous reader writes "Last week Russian developer Alexey Borodin hacked Apple's In-App Purchase program for all devices running iOS 3.0 or later, allowing iPhone, iPad, and iPod touch users to circumvent the payment process and essentially steal in-app content. Apple [Friday] announced a temporary fix and that it would patch the holes with the release of iOS 6. While Cupertino was distracted, Borodin came in and pulled off the same scheme on the Mac."

Overreacting

[mwvdlee]

allowing iPhone, iPad, and iPod touch users to circumvent the payment process and essentially steal in-app content

You mean the users (well... only one user) can actually copy and delete it from the application vendors' hardware? Wow, that is bad!

Re:Overreacting

[Jeremy+Erwin]

Unfortunately, the law doesn't evolve. Larceny has different moral implications than tresspass, and the law should reflect that.

Re:Overreacting

[ThunderBird89]

This is not theft. Theft means you take something from the victim, something he will no longer possess. In all such cases, the victim will remain in possession of the 'stolen' object, therefore one can argue that no actual theft has taken place.
As the often-repeated analogue goes, it's like someone stole your cat overnight, but in the morning, you'd still have it.

Re:Overreacting

[gnasher719]

This is not theft. Theft means you take something from the victim, something he will no longer possess. In all such cases, the victim will remain in possession of the 'stolen' object, therefore one can argue that no actual theft has taken place.

Depending on interpretation, it is either fraud or copyright infringement. I'd tend more to call it fraud. Like getting a CD from a physical store by convincing the cashier that you paid for it, when you actually didn't; that wouldn't be theft but fraud.

What would be dangerous would be an interpretation as computer hacking. Don't know what exactly the laws would be called, but that could be worse than fraud.

Re:Overreacting

[mister_playboy]

Conflation of stealing and copying is deliberate propaganda by those who believe in imaginary property.

Corporate doublespeak and nothing more.

Re:Overreacting

[Jeremy+Erwin]

my dear sir, i do believe that qualifies as a cliche. Congratulations, you've take the fisrt step into a smaller world. I find your ideas interesting, and I would like to subscribe to your newsletter. Most cordially, 2054

Re:Overreacting

[ThunderBird89]

I am not a developer, true, I'm more of a legal expert.
But let's imagine I'm a dev, and my product was "stolen", to put it this way. I check my hard drive, yep, source still there, binaries present, everything's accounted for. The problem isn't that something is gone, the problem is that there's now two of it, one not under my control. Nothing was taken per se, and hurting my commercial interests is quite another thing, not covered by theft.
So yes, the way you put it, "everything is great. Right.". What's not "totally fine" is what you don't emphasize: not paying for it (assuming I wanted payment in the first place), but that is not covered by the meaning of 'theft'.

Re:Overreacting

[fredprado]

Sorry, but you are not taking the the time the coder spent. That resulted in a product that he can still sell even if you take for free. That is certainly not the case with the hooker. For her the time spent is gone.

Re:Overreacting

[EdIII]

Language evolves.

Deal with it.

NO

This is not the evolution of language. It is the misappropriation of a word to give meaning to an action that is wholly inappropriate.

Evolution of language is just fine. For example, we could all agree that the word rape is an acceptable word to describe unflattering comments that a man may make to a woman regarding her pictures on Facebook. What is not fine, is applying the consequences of the "archaic" definition of the word at the same time.

If you insist on the stupidity of using the word steal to mean, "any acts of copyright infringement", then you must at the same time alter the perceived consequences and negativity of that word.

That does not make any sense does it? Why pervert and devalue the word steal when it is quite useful to mean the deprivation of real property without authorization? Why confuse the word with wholly contradictory definition?

Doing something that ridiculous is not the evolution of language at all. In fact, it is most often used as a manipulative tactic in the overall discussion of intellectual property, the Public Domain, and the evolution of our society with respect to both.

Re:Overreacting

[EdIII]

That's a different problem, and by no means an excuse to use the word steal in such a way. Two wrongs don't make a right.

It's wholly incorrect, inappropriate, illogical, an unethical to use the word steal with respect to copyright infringement. It will never be useful, nor constructive in any meaningful conversation regarding the Public Domain and how Intellectual Property can encourage further contributions towards it.

If you want to have a serious conversation regarding these matters, then we can have it when you are ready to sit down rationally and stop using manipulative tactics to steer the conversation.

Re:Overreacting

[fredprado]

Reality says otherwise. GoG is selling games without DRM even if many people pirate them. The MAFIAA earns billions of dollars a year selling goods even with 'rampant piracy'. A lot of indies have been successful selling games that have been pirated a LOT.

The term 'Theft' does not apply to IP by any law code of any country in the world. So no, you are just wrong. Using the wrong word to define something serves only the purpose of propagating lies. You may do it from ignorance or malice but either way you are to be shunned for it.

Re:Overreacting

[EdIII]

Who said I was happy? I am decidedly unhappy about all of this.

You're doing it again too. Nobody stole anybody's else's work. Did not happen.

In fact, the only times that it may have happened is when the 1%'s (aka Rich Whitey) use their lawyers and fancy book learning to swindle poor artists out of their copyrights entirely. Or it could be Suge Knight hanging Vanilla Ice out of a hotel balcony if you believe the story.

What I am not okay with is the fact we are using intellectual property as an excuse to violate our fundamental freedoms and do more damage to society by trying to hammer an outmoded system of encouraging contributions towards the Public Domain.

That is the very idea in the first place I hope you realize. It is not to push forward the perverse, deeply offensive, and incredibly entitled idea that Man can own an idea or an expression.

We are supposed to using a system (and changing it if need be) that will encourage people to contribute towards the Public Domain. Simple as that.

I refuse to use the word theft, because intellectually, I know that it is wrong. Not only is it wrong, but it is mostly used out of ignorance, fear, often anger, and a manipulative push to destroy the Public Domain and allow effectively permanent ownership of ideas and expressions.

In the end I do want people to be rewarded for their contributions simply because it is the most effective way I know to encourage them to contribute.

So no, I'm not happy about it, I don't want to gloat and act immature about how easy it is to infringe upon copyrights, nor do I wish for people to be abused and not able to make a living.

I can however use my brain, and understand the difference between theft and copyright infringement, and why it is so important to never let the word theft go unchallenged because it poisons and manipulates the conversation that we really do need to be having.

Meh

Apple has recommended all along that you verify receipts to make sure they're not fake. Some apps don't, and can be hacked. How surprising.

Patched

[mr100percent]

Apple already explained to developers how to close the hole, with in-App receipts. Also, it's closed in iOS 6

Fuck 'em if they can't take being screwed back

[Powercntrl]

With a few rare exceptions, most games with in-app purchases are designed so that your progress in the game is directly proportional to how much you're willing to spend. In several games, no amount of patience or skill will allow you to progress. And in some games, progress itself is an illusion, with no obvious indication that your "missions" are being randomly generated and there is no way to ever "beat" the game.

It's extremely shady on Apple's part to allow developers to label apps that require in-app purchases as "free". The way I see it, this is karma.

I'm all for developers getting paid for their work. If they really want to nickel and dime you for every bell and whistle in the app or make you insert a coin each time you lose a life, that's their prerogative - but Apple needs to make it a lot clearer what you're downloading, since in-app-purchases mean "free" no longer means what it used to.

Re:Fuck 'em if they can't take being screwed back

[Tom]

It's extremely shady on Apple's part to allow developers to label apps that require in-app purchases as "free". The way I see it, this is karma.

This. It is high time the App Store is split into 3'categories, with one for really free stuff. If you ask me, I'd even want 4, with one for really, really free stuff as in: No ads, either.

At least let me, the customer, truthfully know what your business model is. I don't mind paying for software and regularly do. But I dislike the dishonesty in the pseudo-free sector.

No Quarter?

[theurge14]

Quit your whining, kid! Back in my day we kept pumping more quarters into the machine no matter how many times the game cheated us and we liked it!