A Russian hacker has unveiled a service that allows users of Apple iOS devices to pirate digital books, premium game levels, and other content sold through the company's in-app purchase program.

The new service, which has already been subject to attempts at shutting it down, requires no jailbreaking and only minimal configuration changes. It works by funneling purchase requests through a server operated by the hacker, rather than the legitimate one offered by Apple. As a result, charges that normally would be applied to a user's account are bypassed. A video demonstration shows an iPhone running a prelease version of iOS 6 using the service to obtain free content, but the service says it works for all devices that use iOS 3 or later.

A note to readers: in addition to legal and ethical considerations involving the pirating of for-fee content, the service comes with other serious consequences. Namely, it allows the operators of the fake server to see a user's Apple ID, password, and possibly other data that is normally sent only to Apple. Hacker Alexey V. Borodin told Ars Technica that he doesn't use, log, or otherwise monitor that data, but there is no way to confirm those assurances.

Using the service requires users to install two digital certificates on their iOS device and change a domain name server entry in their WiFi settings. In the less than 24 hours since Borodin opened his In-AppStore.com store, two IP addresses it has used for the replacement DNS server have been blocked. It's presumed Apple officials are behind those moves, but Borodin said he can't be sure. His service has already facilitated the purchases of more than 400,000 apps, he told Ars.

As the description suggests, in-app purchases give users the ability to make purchases from within an iOS app itself. Someone playing a game, for example, can buy upgrades without having to pause and make a dedicated visit to Apple's official AppStore. A dedicated reading app might similarly allow a user to buy books or articles on the fly. Purchases are processed through Apple, but the money goes to the app developer.

In a statement published by loopinsight.com, Apple representative Natalie Harrison said: "The security of the App Store is incredibly important to us and the developer community. We take reports of fraudulent activity very seriously and we are investigating."

Borodin declined to discuss exactly how his site is able to bypass Apple servers, except to say it doesn't use Apple's private encryption keys.