Developers: Better secure your in-app purchase transactions with free Beeblex service

Developers, better secure your in-app purchase transactions with free Beeblex service

Following the recent App Store in-app purchase hack that worked as a man-in-the-middle attack to spoof iTunes, rip off vendors, and potentially harvest user data, developer Marco Tabini has launched a new, free Beeblex service to better the secure the process for everyone. Except for the hackers, of course. And that's the point.

Beeblex works by providing developers with a small library that can be easily integrated within their apps and, in a matter of minutes, be used to validate IAP receipts to determine their validity. The algorithm used to perform the validation uses asymmetric encryption to protect all data, and is designed to deter man-in-the-middle attacks and certificate spoofing. In addition, Beeblex keeps track of receipt identification tokens and reports duplicates to the app, helping reduce the incidence of unauthorized receipt reuse.

The upside is more secure transactions, and -- free. The only potential downside is downtime on Beeblex's end, though they've built mechanisms into their SDK to defer transactions in case of any loss of service, be it on their end or simply because a user loses data connection.

It's not, and is not being advertised as, a bulletproof solution, but it can and will make the apps using it a harder and perhaps less attractive target for hackers.

More information: Beeblex

Rene Ritchie

Editor-in-Chief of iMore, co-host of Iterate, Debug, Review, The TV Show, Vector, ZEN & TECH, and MacBreak Weekly podcasts. Cook, grappler, photon wrangler. Follow him on Twitter and Google+.

More Posts

 

3
loading...
0
loading...
57
loading...
0
loading...

← Previously

Early iPad memories and prototype revealed, thanks to lawsuits

Next up →

Deal of the Day: 49% off Seidio SURFACE Reveal Case w/ kickstand for iPhone 4S and iPhone 4

There is 1 comment. Add yours.

iDonev says:

Great news! I sure hope Apple steps up their game and either integrates this method or gives some kind of support to its developer.