Apple now including unique identifiers to combat In-App Purchase hack

“Following last week’s launch of a hack that allowed users to obtain In App Purchase content free of charge by routing their purchase requests through a server run by a Russian hacker, Apple began taking steps to thwart the method,” Eric Slivka reports for MacRumors.

“One of the suggestions for a method by which Apple could improve the security of In App Purchasing was to include a unique identifier in validation receipts, and we’ve received word that developers are now seeing something along those lines coming from receipts issued by Apple since late yesterday,” Slivka reports. “The receipts carry a new field called “unique_identifer” that appears to include the Unique Device Identifier (UDID) for the device making the In App Purchase. ”

Read more in the full article here.

Related articles:
Apple attempts to take down servers related to In-App Purchase hack – July 16, 2012
Apple iOS in-app purchases hacked; allows users to download anything for free – July 13, 2012


    1. Don’t jump the gun James, they link by account, and other API’s control the distribution along with allowing certain other identifiers checked reinstall access.

      Calm down.

      And anyway it’s for In-App purchases only, big difference.

  1. Pirating stuff that is available at reasonable prices just seems like a waste of time. Music on iTunes is cheap enough per song or per album, and available at a higher quality than what is usually easy to find on share sites. In the last couple years I’ve been just buying apps I want/need.. I can’t be bothered putting my files at risk of a trojan-infected pirated copy of any app that I am serious about wanting to run. I guess my “insurance” or cost-for-peace-of-mind is spending a little money on legally acquiring what I use. Stealing (or otherwise hacking app-purchases) could catch up to those doing it, and if I might get in sh1t for something, I sooner it be for something real good and worth trying for. =)

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.