
Apple’s App Store bypassed by Russian hacker for in app purchases - yk
http://nakedsecurity.sophos.com/2012/07/14/apple-app-store-bypassed-by-russian-hacker-leaving-developers-out-of-pocket/
======
tzs
I'm not really familiar with how in-app purchases work, but it sounds like
they result in some kind of receipt on the phone that the app can then check
to know that you've made the purchase and so can enable the appropriate
content or feature.

If that's the case, then once Apple fixes the protocol to block further
exploits, would they be able to push something to the phone via an update that
would check all the receipts on the phone against those that Apple records as
having been legitimately purchased, and either disable the illegitimate ones,
or even better charge for them?

