苹果开发者必知:IAP破解官方解决方案

发布时间:    QQ/微信:1176113114

就在前面我们报道了苹果已在AppStore内购系统中加强身份验证,下面是苹果对开发者的一些建议。不过我相信这个并没有解决实际的问题,我们会继续关注IAP破解相关的问题解决方案。
In-App Purchase Receipt Validation on iOS

A vulnerability has been discovered in iOS 5.1 and earlier related to validating in-app purchase receipts by connecting to the App Store server directly from an iOS device. An attacker can alter the DNS table to redirect these requests to a server controlled by the attacker. Using a certificate authority controlled by the attacker and installed on the device by the user, the attacker can issue a SSL certificate that fraudulently identifies the attacker’s server as an App Store server. When this fraudulent server is asked to validate an invalid receipt, it responds as if the receipt were valid.

iOS 6 will address this vulnerability. If your app follows the best practices described below then it is not affected by this attack.

更多详情,前往Apple Developer Lib

打赏

推广:ChinaApp营销论坛——苹果AppStore搜索广告Search Ads交流区

感谢分享给更多身边的朋友

回顶部 ↑