Apple’s App Store is vulnerable and can be bypassed easily, even without jailbreaking. ZonD80, a Russian hacker found a way to bypass the payment and get paid apps for free. The amazing thing is that it is very easy and almost everyone can do it. The idea is to communicate and send the purchasing requests to a server operated by the hacker instead of the official one. ZonD80 posted a video on YouTube showing his hack but the video was deleted by Google and now he is requesting donations to setup a website to promote his hack.
Those are the steps of his hack:
- Install two certificates: CA and in-appstore.com.
- Connect via Wi-Fi network and change the DNS to 220.127.116.11.
- Press the Like button and enter your Apple ID & password.
- Using the above hack, you are actually stealing in-app purchase content from developers, which is kind of disturbing and is of course against developer’s terms of service.