Apparently we weren’t the only ones aggravated by the in-app purchase system in CSR Racing. 9to5Mac reports that a Russian hacker has found a simple way for anyone to make in-app purchases in most apps without spending a dime. The remarkably easy process, described in a YouTube video, doesn’t require jailbreaking your phone, but it does come with some risks beyond the simple fact that you’re stealing.
The hack reportedly works on any iOS device using iOS versions 3.0 to 6.0, and only requires that you install two security certificates that you can download from the hacker’s website, and that you change the Domain Name Server (DNS) record in your Wi-Fi settings. Once you do that, you can go into just about any app and download in-app purchases, regardless of price, for free. When you do, you’ll be presented with the confirmation window shown below instead of Apple’s usual dialog.
9to5Mac points out in an update to their article that this trick doesn’t work with all apps, probably because Apple provides a way for developers to validate receipts for in-app purchases. Apparently not all developers take advantage of this feature, however.
If you’re a morally compromised individual and are thinking of taking part in this scam, you should know that it’s not without risks. First and most obviously, this is stealing. Secondly, some key information about your location and your device is sent to the hacker’s server.
We’ve reached out to Apple for their comments on the situation, and will update the article when they respond. No doubt they’re aware of it and working on a fix as we speak.