First spotted by Russian blog i-ekb.ru [translated], the developer, known as ZonD80, has published a method dubbed “in-app proxy” that can be used to make in-app purchases without paying a single cent.
The mechanism makes use of proxy system that will send purchase requests to third-party servers, which are validated through those servers and a reply is sent back to the application as if the transaction had gone through.
The developer claims that the entire hack is just a 3-step process. Install a CA certificate; install a second certificate for the site in-appstore.com and finally change the device’s DNS record. Following the completion of this method, users will be presented with a message different from Apple’s usual confirmation dialog when they are making in-app purchases. The hack doesn’t require any jailbreak and it works on all devices running iOS 3.0 to 6.0.
The hack doesn’t just allow users to perform in-app purchase. It also works on other types of content, including Newsstand, Apple’s digital service that allows users to buy newspaper magazine subscriptions and individual issues claims the developer.
Apple has issued a statement to The Loop,
The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating.
We are advising readers not to try this, and if they do it would be at their own risk and we do not endorse piracy.