Cupertino, we have a problem. In-app purchases (IAP) have become one of if not THE most lucrative revenue sources for iOS app developers, yet Friday saw the launch of a service called In-Appstore promising “free in-app purchases for every iDevice”. Russian hacker Alexey Borodin claims to have cracked Apple’s IAP security, claiming his motivation was anger at the way IAP is used in current iOS hit CSR Racing. More than 30,000 purchases have been made using his system, despite the fact that it requires people to share details of their iTunes usernames and passwords – something that should be a red flag to any iOS user. With IAP so lucrative, it’s no surprise to find people targeting it, but all eyes are on Apple now to see if it can patch this particular loophole.