There's a story going around today about a new hack that appears to allow users to bypass iTunes and steal in-app purchases "for free". I put "for free" in quotation marks because, as Ally pointed out in her editorial on app theft, there's no such thing as free. This time, however, the cost could be something more than money. The way I understand it, the hack in question uses a proxy, requires you to install a bogus certificate, and change DNS settings. That allows the transaction to be intercepted before it reaches iTunes, and that's what lets it cheat developers out of payment. It's also what could let the hacker collect all your information instead.
And that's dangerous.
There's a reason good guy hackers like the iPhone and Chronic dev team urge people not to steal apps -- it hurts everyone. A hack designed expressly to steal in-app purchases, by definition, isn't run by a good guy. The hacker in question is also asking for donations -- for money in exchange for helping you cheat developers out of the money they worked hard for and earned.
As proofs of concept, as a way to discover vulnerabilities that get passed on to Apple so they can be fixed, hacking and hackers can be extremely beneficial to hardening security and making all of our iPhones and iPads safer to use.
This isn't that.
This is stealing, and while it will certainly cost developers money, it could cost you a lot more. Worse than that, it's the perfect way to trick people into giving you access to their devices and credentials. Maybe this particular hacker isn't interested in abusing that, but how do we know? How do we know no one else will use the same hack to steal device and transaction information?
The easiest way to steak anything from anyone is to ask them for it.
No way in hell am I trusting anyone to essentially man-in-the-middle my iTunes connections, and no way in someplace even darker and hotter am I helping them do it.
Cry FUD if you want, but for me, saving $0.99 on Smurfberries isn't worth exposing my data or account.
UPDATE: Matthew Panzarino and Matt Brian of The Next Web have done some digging into how the hack works and how both developers and Apple could better secure the process.
UPDATE 2: Lex Friedman of Macworld has given the hack a similar look.
UPDATE 3: Jim Dalrymple of The Loop got a response from Apple PR, who say they're investigating.
We may earn a commission for purchases using our links. Learn more.
FAQ: TikTok & WeChat ban — why it’s happening and what it means for you
Are TikTok and WeChat really being banned? When does all of this take effect? Will I still be able to use these apps? All this and more answered in our FAQ regarding the latest U.S. orders.
Plan your day with Hour Blocks and its amazing iOS 14 Home screen widgets
Planning your day is no fun but sometimes you find an app that goes some way to making it less boring. Hour Blocks does a decent job and it looks lovely, too.
Scribble Together gets the coolest iOS 14 App Clip we've seen so far
Scribble Together has released its new App Clip for Scribble Together, which will allow users to collaborate on a Scribble Together whiteboard even if they don't have the app.
Pick the best Eufy RoboVac for you with our handy guide
Eufy makes some pretty compelling robotic vacuums and there are a lot to choose from. With a vast difference between the lower end, more affordable models and the smarter, connected, high end options, there are many factors to consider when deciding which model would be best for your household. We have compared the best of Eufy's RoboVac range here so you can find the right one for you.