The following blog post, unless otherwise noted, was written by a member of Gamasutra’s community.
The thoughts and opinions expressed are those of the writer and not Gamasutra or its parent company.
I was watching a friend play my iPhone game today. Naturally, it's always satisfying to watch someone play something you've made, so I was feeling pretty good about myself.
That is, until he found a trick to unlock all the in-app purchases in my game for free.
To make it clear, this is a game I recently released on the App Store after over a year of development time. After spending that much time working on a game, one might think the disastrous bugs would have been squashed by now. Nope, not a chance.
Here's the scoop: My game (Got Light?) is free to download, but usually costs $1.99 to get past a paywall after Level 28; this lets you play all 73 levels. Like all developers with in-app purchases, I included a "Restore Purchases" button in the game to let you re-unlock what you already paid for. When I was developing the game, I had this button activate the testRestorePurchases method in my code, which grants the tester the full version of the game for free, rather than the restorePurchases method, which asks Apple whether they've paid. You can see where this is going. As fate would have it, I forgot to switch out the test code before I submitted the game.
As a result, you can open my game, tap on Restore Purchases, and then BOOM, you just snatched a $1.99 game for free.
Why am I writing about this? To share a lesson learned: stress-test your game. Especially with something as important as monetization. The problem was literally one line of code. The Restore Purchases button is fairly out-of-the-way in my app, so I didn't catch it when I was just playing the game out of habit.
It's also great if you have a lot of playtesters, especially the type of people who love to break things. Friends typically aren't great playtesters because they give you sugar-coated feedback, but if you have "that one friend who always tries to find loopholes in everything" you should definitely have him or her take a look at your game. They'll enjoy breaking it, and you'll enjoy not releasing a broken version of your game.
I've submitted an update to Apple that will fix the bug and prevent these downloads, but until the update is approved the loophole still exists.
This one's on me.