Hacker News new | past | comments | ask | show | jobs | submit login

Most iOS apps use a standard set of system calls to check if the item has been purchased. I assume the hack works by patching the systems calls to return YES to all queries about in-app purchase items. That's how I would do it if I was building something like that. There are no tokens or keys to validate... it's just "hey system, is this paid for? okay!"



There's an option to do server-side receipt validation. That should prevent a hack like that.


Also, checking for the purchase status of an item that can't be bought would be a cheap and easy place to start.

Easy to get around with a custom crack, but it should actually be pretty effective against a blanket 'just return yes' crack.




Consider applying for YC's Spring batch! Applications are open till Feb 11.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: