Apple Now Including Unique Identifiers for In App Purchase Receipts to Combat Hack

in app purchase iconFollowing last week's launch of a hack that allowed users to obtain In App Purchase content free of charge by routing their purchase requests through a server run by a Russian hacker, Apple began taking steps to thwart the method. The hacker has, however, continued to develop his method to skirt around Apple's roadblocks.

One of the suggestions for a method by which Apple could improve the security of In App Purchasing was to include a unique identifier in validation receipts, and we've received word that developers are now seeing something along those lines coming from receipts issued by Apple since late yesterday. The receipts carry a new field called "unique_identifer" that appears to include the Unique Device Identifier (UDID) for the device making the In App Purchase.

As one developer noted to us, apps are no longer supposed to be collecting the UDID and thus it is unclear whether Apple's use of the identifier for this purpose is simply a first step toward a broader implementation of unique receipt identifiers for increased security or if Apple is attempting to identify those users and devices who are sharing their receipts with the Russian hacker to allow the method to function.

Popular Stories

iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
maxresdefault

Apple's AirPods Pro 2 vs. Samsung's Galaxy Buds3 Pro

Saturday July 13, 2024 8:00 am PDT by
Samsung this week introduced its latest earbuds, the Galaxy Buds3 Pro, which look quite a bit like Apple's AirPods Pro 2. Given the similarities, we thought we'd compare Samsung's new earbuds to the AirPods Pro. Subscribe to the MacRumors YouTube channel for more videos. Design wise, you could potentially mistake Samsung's Galaxy Buds3 Pro for the AirPods Pro. The Buds3 Pro have the same...
Beyond iPhone 13 Better Blue Face ID Single Camera Hole

10 Reasons to Wait for Next Year's iPhone 17

Monday July 8, 2024 5:00 am PDT by
Apple's iPhone development roadmap runs several years into the future and the company is continually working with suppliers on several successive iPhone models simultaneously, which is why we sometimes get rumored feature leaks so far ahead of launch. The iPhone 17 series is no different – already we have some idea of what to expect from Apple's 2025 smartphone lineup. If you plan to skip...
macbook pro january

Best Buy's Black Friday in July Sale Takes Up to $700 Off M3 MacBook Pro for Members

Monday July 15, 2024 11:05 am PDT by
Best Buy's "Black Friday in July" sale is in full swing today, and in addition to a few iPad Air discounts we shared earlier, there are also some steep markdowns on the M3 MacBook Pro. You will need a My Best Buy Plus or Total membership in order to get some of these deals. Note: MacRumors is an affiliate partner with Best Buy. When you click a link and make a purchase, we may receive a small...
Generic iOS 18 Feature Real Mock

Apple Seeds Revised Third Betas of iOS 18 and iPadOS 18 to Developers

Monday July 15, 2024 10:09 am PDT by
Apple today seeded updated third betas iOS 18 and iPadOS 18 to developers for testing purposes, with the software coming a week after Apple initially released the third betas. Registered developers are able to opt into the betas by opening up the Settings app, going to the Software Update section, tapping on the "Beta Updates" option, and toggling on the ‌iOS 18/iPadOS 18‌ Developer Beta ...
ipaos 18 image playground

Apple Releases First iOS 18 and iPadOS 18 Public Betas

Monday July 15, 2024 1:16 pm PDT by
Apple today provided the first betas of iOS 18 and iPadOS 18 to public beta testers, bringing the new software to the general public for the first time since the Worldwide Developers Conference in June. Apple has seeded three developer betas so far, and the first public beta includes the same content that's in the third developer beta. Subscribe to the MacRumors YouTube channel for more videos. ...

Top Rated Comments

Nabby Avatar
157 months ago
Mulitple devices/replacement devices

How will this impact those of us that have an iPad and an iPhone? Will we be required to pay for the app 1 time, but the in-app stuff twice?? :confused::confused::confused:
Score: 12 Votes (Like | Disagree)
roland.g Avatar
157 months ago
Maybe a UK judge can require the hacker to include the text "this receipt is a copy of a legitimate and cool receipt" for the next 6 months on all receipts and on his website.
Score: 11 Votes (Like | Disagree)
daxomni Avatar
157 months ago
It's a shame that Apple even needs to do this. The world we live in today...
Yes. The world we live in today is almost unbearable. All these wars of opportunity complete with extrajudicial killings funded by casino capitalism. While a naive self-absorbed population frets endlessly about... pirated software? What a shame indeed.
Score: 8 Votes (Like | Disagree)
iSee Avatar
157 months ago
I thought we won the cold war! But now Russia is crushing our corrupt capitalist country, just like they said they would!!! ;)
Score: 5 Votes (Like | Disagree)
Mjmar Avatar
157 months ago
It's a shame that Apple even needs to do this. The world we live in today...
Score: 5 Votes (Like | Disagree)
Rudy69 Avatar
157 months ago
As one developer noted to us, apps are no longer supposed to be collecting the UDID and thus it is unclear whether Apple's use of the identifier for this purpose is simply a first step toward a broader implementation of unique receipt identifiers for increased security or if Apple is attempting to identify those users and devices who are sharing their receipts with the Russian hacker to allow the method to function.
They might allow developers to use it to check if the purchase is valid. There's a huge difference between that and developers using it to track users and possibly logging these IDs on their own servers
Score: 5 Votes (Like | Disagree)