So, I recently installed the 'upGrad' iOS App & navigated through searching for some good courses, etc. Honestly, there weren't too many courses but the existing ones had good quality & were from Universities over the world.
I wouldn't compare UpGrad with either Udemy or Coursera btw.
Okay back to the topic,
The course / certification named "Entrepreneurship Program Certification" caught the eye, not exactly the name but its price was what which caught my attention.
₹94.5K. (Yeah, I know… ₹94,500 is no joke!)
So I checked it out and on to the payment screen, I see that the payment was done through Apple Store's built in payment gateway (Yeah I know, its mandatory to use that, blah blah).
Bypassing that payment requires no Einstein's brain.
However, the majority of Apps these days do a cross verification over their servers, etc. But UpGrad haven't implemented that!
So?
- Well they lost their 95K.
- I got the course for Free.
- The hack done from the app navigated to the backend, so even the website showed payment successful.
But here's the thing,
they later contacted me stating that the program isn't available upfront but rather more like an additional course ( free) over a Marketing or a Product Management certification which goes around ₹150K+.
So the amount paid for the Entrepreneurship would be deducted from the above-mentioned courses.
Therefore:
I was getting a ₹150K course for ₹82.6K. The course I tried out was Product Management Certification Program with Duke CE. Below are the program stats -
While I have contacted them about this, and they confirmed that they will be fixing the bug.
You'll know that this same kind of issue happened with ProgrammingHub
if you read the blog post. If you haven't read it, here it is: Security Review (ProgrammingHub)