As one would expect, Apple is none too pleased about folks utilizing a method for skirting in-app purchases on iOS. When the issue came to light, the company immediately responded by saying it was investigating the matter, and that security was of the utmost importance.
A follow up has been posted by The Next Web that highlights the ways in which Apple is working to douse the unwelcome exploit. After issuing a takedown request on the original server, Apple has started to block the IP address of the server in which the hack originated.
However, Russian hacker Alexey V. Borodin, who created the exploit, claims he has sidestepped Apple’s advances by migrating the service to a new server in an offshore country, so it remains operational for now, TNW said.
Borodin tells us that the new service has been updated and cuts out Apple’s servers, “improving” the protocol to include its own authorization and transaction processes… Borodin remains unrepentant, calling on Apple to either adapt its APIs or place new blocks on its service.
Not only is Borodin’s exploit a privacy and security issue, it certainly crosses legal and moral lines. Users are stealing from developers who work hard to create the content inside Apple’s ecosystem, and keeping the exploit alive solely to make a point is ridiculous.