Earlier today, a story began making the rounds about how a hacker discovered how to steal in-app purchases on iOS devices. While I’d like to say I was shocked to see how many sites provided detailed instructions on how to steal from developers, the sad truth is that I’m actually not shocked at all! Unfortunately, this sort of thing happens all the time.
The story (no, we’re not linking to it. Sorry!) has gotten a number of responses. Unfortunately, most of those responses are little more than thoughtless knee-jerk mentions of how Apple’s clearly lagging behind in security, and how they need to fix this immediately. Because it’s clearly Apple’s issue, right? Wrong.
First of all, the problem doesn’t lie with Apple’s in-app purchasing system. It has more to do with how developers implement in-app purchasing. An app that has properly implement in-app purchasing cannot be hacked using the method that circulated this morning. As Matthew Panzarino points out, Apple has provided detailed and publicly available instructions for how to properly implement in-app purchases.
This isn’t about who’s fault this is: the people who are really responsible are the ones who would shamelessly steal from developers just because they can. The bigger issue to address is the fact that hacks like these pose risks for both developers and users alike.
As developer Steve Troughton-Smith points out on Twitter, methods like the one circulating this morning pose a serious potential threat to the account security of anyone who uses them. The hack intercepts the purchase before it gets to Apple, which could let the hacker responsible steal your iTunes account information.
Aside from the security risk, the biggest issue of all deals with the harm that stealing content causes to the development community. Most developers aren’t rich. They make a living off of their apps and content. When you steal their content, you might as well be stealing from their wallet.
Even worse, when users steal from developers, it reduces their incentive to continue working on improving their apps, or make new ones. Why would they put hard work into something that isn’t profitable for them? Stealing from developers puts the entire app ecosystem at risk, and robs every user of potential new apps and innovations.
Plenty of sites have just told you how to steal from developers – just so they could sit back and collect some page views! Your responsibility is to do the right thing. Don’t steal from developers. For that matter, don’t steal at all! Just because you can steal something doesn’t mean you should.