Developer Bypasses Mac OS X in-app Purchase System

We had already gone in detail about the process of bypassing the in-app purchase mechanism in iOS and so wouldn’t go in depth here. The Mac OS X mechanism is a little different from that of iOS but, overall the core remains the same.

Following the installation of root certificate and server certificate and changes to the DNS settings such that they point to Borodin’s server user would need to run an app. The app, dubbed Grim Receiper, would act as a companion to the whole process and facilitate the in-app purchase process notes The Next Web.

The developer has been successfully able to go ahead with nearly 8 million+ transactions using this method. Apple might address this issue in the iteration of Mac OS X Mountain Lion which is due for general release near the end of July.

Apple has started sharing its API, which developers can use to protect themselves from the earlier iOS in-app purchase bypass published by Borodin. Apple has published a support document that has detailed guidelines whereby it urges developers to make sure that they use its receipt validation system and that they cross-check the in-app purchases with its own records.