Microsoft pins Windows Store app purchase exploits on insecure code
12 Dec 2012 - {{hitsCtrl.values.hits}}
Attention has swirled around what, at least initially, looks to be a surefire way to pirate Windows Store apps: as a warning to developers, Nokia engineer Justin Angel has detailed how at least some Windows 8 apps can be hacked to avoid paying for full versions or in-app purchases, and even strip out ads in free titles. Several apps he tested are stored in such a way that that it's easy to modify apps' data files and Internet Explorer 10 requests. According to a Microsoft spokesperson we contacted, however, many of the vulnerabilities are common to any app store, and supposedly thwarted with the right code.
The company points to a recent Dev Center document emphasizing Windows 8's optional app receipt system, which can require any transaction be validated on the developer's server. Programmers can also mask content or move the more valuable material to the internet, Microsoft says in the note. While we're wondering why safeguards like receipts aren't mandatory, we wouldn't immediately fret if our livelihood depended on the Windows Store -- at least, not if we were careful. Read Microsoft's full statement after the break.