Important Message for all IncGamers Readers!

From 26 May this site is no longer being updated. Why? Because we have a new home for PC gaming goodness.

The IncGamers team has now moved to PC Invasion which is all shiny and new.

If you have an site account it will be active on the new site. Head there now for our welcome post.

Note: All IncGamers content will remain live on this site but the main page will change shortly.

Russian hacker lets you get Apple in-app purchases for free, thanks CSR Racing

16 Jul 2012 by John Robertson
Russian hacker lets you get Apple in-app purchases for free, thanks CSR Racing

A Russian hacker has figured out a way to get in-app purchases on and for free, and it doesn’t involve jailbreaking your device.

What’s more, the hacker, Alexey Borodin, has released the information over the internet. Meaning, if you were so inclined, you could try to get something for nothing yourself.

Borodin has created a server, which he hosts himself, tricking your device into thinking that payment for the in-app purchase (IAP) has been made legitimately. You’ll need to chance your DNS settings for it to work, but various users across the net are reporting success with Borodin server.

Borodin explains that CSR Racing was the catalyst for his desire to hack the system.

“I set this up due to hungry and lazy developers,” Borodin said. “I was very angry to see that CSR Racing developer taking money from me every single breath.”

I play CSR Racing and I see his point, the microtransaction policy implemented in that game does the straddle the boundary between acceptable and a piss-take.

There are currently two ways for app developers to integrate IAPs into their software, and Borodin’s system is only able to bypass one of them. Although, he does promise that a future project will unlock IAPs in all apps.

In a statement, said that it is “investigating” the breach and will likely need to change the methods developers use to validate IAPs.

Related to this story
Register an IncGamers account to post comments or use Disqus.
You can also post via a social network.