Following the recent App Store in-app purchase hack that worked as a man-in-the-middle attack to spoof iTunes, rip off vendors, and potentially harvest user data, developer Marco Tabini has launched a new, free Beeblex service to better the secure the process for everyone. Except for the hackers, of course. And that's the point.
Beeblex works by providing developers with a small library that can be easily integrated within their apps and, in a matter of minutes, be used to validate IAP receipts to determine their validity. The algorithm used to perform the validation uses asymmetric encryption to protect all data, and is designed to deter man-in-the-middle attacks and certificate spoofing. In addition, Beeblex keeps track of receipt identification tokens and reports duplicates to the app, helping reduce the incidence of unauthorized receipt reuse.
The upside is more secure transactions, and -- free. The only potential downside is downtime on Beeblex's end, though they've built mechanisms into their SDK to defer transactions in case of any loss of service, be it on their end or simply because a user loses data connection.
It's not, and is not being advertised as, a bulletproof solution, but it can and will make the apps using it a harder and perhaps less attractive target for hackers.
More information: Beeblex