or Connect
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Another fraudulent developer removed from Apple's App Store
New Posts  All Forums:Forum Nav:

Another fraudulent developer removed from Apple's App Store

post #1 of 30
Thread Starter 
A second case of alleged App Store fraud arose this week, with one developer's travel-related applications seeing strong sales as at least one user claimed their account was hijacked.

The offending applications from developer WiiSHii Network were quickly removed from the App Store after ArsTechnica reported on Friday that its applications were climbing the charts in the travel category. The applications "[EN]GYOYO Shanghai Travel Helper" and "[EN]GYOYO Beijing Travel Helper" cracked the top 10 before they were removed.

A reader sent a copy of their iTunes receipt to show that they were charged a total of $168.89 without their permission. A number of $3.99 purchases were all from seller "Shanghai WiiSHii."

The incident came just days after another developer took over 40 of the top 50 spots in the App Store's books category. Developer Thuat Nguyen, who listed his publishing company as "mycompany" with a website of "Home.com," was accused of boosting his sales with hacked iTunes accounts, tied to users' credit card numbers.

Apple responded quickly to say that it had removed the offending developer from the App Store, as well as his applications. The company also advised that users check their iTunes and credit card accounts to ensure they were not charged for anything they did not purchase. Apple noted that confidential customer data is not revealed to developers when users purchase an application.



Apple said that only 400 iTunes accounts were affected in the incident, out of a massive 150 million active users. THe company also said they plan to implement a new security feature to minimize fraud in the future, which would require users to enter their credit card's anti-fraud CCV number more often.
post #2 of 30
At least Apple's trying to weed out the trouble-makers... Futile as that endeavor may ultimately prove to be.
"Why iPhone"... Hmmm?
Reply
"Why iPhone"... Hmmm?
Reply
post #3 of 30
what about Nigerians?

can I get an app for being the long-lost heir to a fortune?
post #4 of 30
Perhaps Apple could implement a stronger password policy on the store. Maybe you don't get to type a password but just choose from a list of strong generated ones. This would solve the problem of people who use the same password on multiple sites. But would probably generate a hefty admin workload of people forgetting their passwords, maybe not worth it.
post #5 of 30
Anymore questions about why Apple has such strict App Store policies? No? Class dismissed.
Apple has no competition. Every commercial product which competes directly with an Apple product gives the distinct impression that, Where it is original, it is not good, and where it is good, it...
Reply
Apple has no competition. Every commercial product which competes directly with an Apple product gives the distinct impression that, Where it is original, it is not good, and where it is good, it...
Reply
post #6 of 30
Quote:
Originally Posted by ascii View Post

Perhaps Apple could implement a stronger password policy on the store. Maybe you don't get to type a password but just choose from a list of strong generated ones. This would solve the problem of people who use the same password on multiple sites. But would probably generate a hefty admin workload of people forgetting their passwords, maybe not worth it.

Well done dismissing your own point.

It would be funny if someone made a Nigerian APP as someone has noted above. I would laugh.
--SHEFFmachine out
Da Bears!
Reply
--SHEFFmachine out
Da Bears!
Reply
post #7 of 30
You'd think Apple could employ some kind of robot software that would alert them to these scams as they are developing and flag them for closer human scrutiny instead of relying on outsiders like Ars Technica to blow the whistle.
A.k.a. AppleHead on other forums.
Reply
A.k.a. AppleHead on other forums.
Reply
post #8 of 30
Quote:
Originally Posted by Robin Huber View Post

Holy cow, racist much?

Report the post. I did.
Please don't be insane.
Reply
Please don't be insane.
Reply
post #9 of 30
You know what I'm getting really sick of? Scrolling through non-American apps. What the hell is a U.K. weather program doing in the U.S. app store?
post #10 of 30
Quote:
Originally Posted by ascii View Post

Perhaps Apple could implement a stronger password policy on the store. Maybe you don't get to type a password but just choose from a list of strong generated ones. This would solve the problem of people who use the same password on multiple sites. But would probably generate a hefty admin workload of people forgetting their passwords, maybe not worth it.

A stronger password policy MIGHT help, but not if the passwords were stolen via keyloggers or other methods.

And don't start with demanding a new password for every site. I probably have over 100 password protected sites. If I didn't reuse passwords on at least some of them, I'd spend my whole life clicking on 'forget password?' links.

Until there's a strong security method like fingerprints which are harder to steal, this will happen. All you can do is work to minimize it.

Personally, I'd vote for life imprisonment without parole for cybercriminals, including spammers.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #11 of 30
I have to admit that I wouldn't mind some degree of regionality for apps -- seperate them by language, and for region-specific apps, allow searching by region! Let the developers designate where their apps go...
post #12 of 30
Quote:
Originally Posted by emulator View Post

Chinks and Ruskies should be banned from any iTunes store.

i'm here in europe and most spam tries to sell me cheap american viagra

only the money laundry fraud is coming from Africa or recently afghanistan
post #13 of 30
Quote:
Originally Posted by aucl View Post

i'm here in europe and most spam tries to sell me cheap american viagra

only the money laundry fraud is coming from Africa or recently afghanistan

we americans get our spam from canadians tying to sell us cheap viagra!
post #14 of 30
Quote:
Originally Posted by ezduzit View Post

we americans get our spam from canadians tying to sell us cheap viagra!

Highly doubtful. Considering the amount of viagra and cialis commercials we're seeing on the American channels that we get up here, I'd be more inclined to think that it's coming from your side of the border, not ours. Nice try though, passing on the blame to another country and all. Kind of fitting into the stereotype aren't you?
post #15 of 30
Why is everyone else's viagra cheaper than their own?
post #16 of 30
Quote:
Originally Posted by jragosta View Post

And don't start with demanding a new password for every site. I probably have over 100 password protected sites. If I didn't reuse passwords on at least some of them, I'd spend my whole life clicking on 'forget password?' links.

Try 1Password, or LastPass.
NOTICE: While every effort has been made to ensure the accuracy of the information supplied herein, fahlman cannot be held responsible for any errors or omissions. Unless otherwise indicated,...
Reply
NOTICE: While every effort has been made to ensure the accuracy of the information supplied herein, fahlman cannot be held responsible for any errors or omissions. Unless otherwise indicated,...
Reply
post #17 of 30
Quote:
Originally Posted by fahlman View Post

Try 1Password, or LastPass.

We have been testing the trial version of 1Password for a month now and like it. When the trial over warning came up today I bought a family pack for both of us. On the other hand, you'd think that something like it would have built in to common OS's by this time.
A.k.a. AppleHead on other forums.
Reply
A.k.a. AppleHead on other forums.
Reply
post #18 of 30
Has anyone thought about this problem this way.

Say I'm a developer. I have a few applications on the App Store.
However, my competition also has a number of apps and they sell better than mine.

I buy a few hijacked accounts from the website everyone is talking about and buy the shit out of my competitions apps.

Users complain to Apple that their accounts have been hijacked.
Apple responds and assumes that my competition is doing the deed and quickly remove all of his applications.

My apps are left getting all the purchases.

Would not be that hard to do..
post #19 of 30
So what's to stop shady developers from using accounts that they "gain access to" to boost the sales of a competitor and get them removed from the app store?
post #20 of 30
Quote:
Originally Posted by The Madcapper View Post

So what's to stop shady developers from using accounts that they "gain access to" to boost the sales of a competitor and get them removed from the app store?

Quote:
Originally Posted by kiwee View Post

Has anyone thought about this problem this way.

Say I'm a developer. I have a few applications on the App Store.
However, my competition also has a number of apps and they sell better than mine.

I buy a few hijacked accounts from the website everyone is talking about and buy the shit out of my competitions apps.

Users complain to Apple that their accounts have been hijacked.
Apple responds and assumes that my competition is doing the deed and quickly remove all of his applications.

My apps are left getting all the purchases.

Would not be that hard to do..

Great minds think alike. But seriously, that's why we have fraud investigators. Trust me, both law enforcement and crooks are aware of such turnabout shenanigans and have been sparring over them since crime began. Apple just needs to beef up that part of their security operations.
A.k.a. AppleHead on other forums.
Reply
A.k.a. AppleHead on other forums.
Reply
post #21 of 30
Why not just spend all the effort making a good app in the first place? That's how to make a real killing.
post #22 of 30
Names names...
http://thenextweb.com/apple/2010/07/...e-hack-itunes/

Says more widespread
http://thenextweb.com/apple/2010/07/...e-hack-itunes/

Plus this backgrounder with more details

http://thenextweb.com/apple/2010/07/...-store-hacked/



And Apple apparently pulled the job posting for a fraud prevention specialist

http://9to5mac.com/itunes-fraud-prevention-specialist
post #23 of 30
Quote:
Originally Posted by fahlman View Post

Try 1Password, or LastPass.

Why not to use FireFox built in Password manager. Use Master password and you are safe.
Only feature is missing is to generate complex paasswords. However, I certain there is a plug in for this.
post #24 of 30
Quote:
Originally Posted by AppleInsider View Post

The incident came just days after another developer took over 40 of the top 50 spots in the App Store's books category. Developer Thuat Nguyen, who listed his publishing company as "mycompany" with a website of "Home.com," was accused of boosting his sales with hacked iTunes accounts, tied to users' credit card numbers.

Apple responded quickly to say that it had removed the offending developer from the App Store, as well as his applications.

Can we agree to stop calling the people behind these incidents "developers"? It sounds like racketeering to me. Nothing about "mycompany" sounds remotely legitimate...the whole thing was setup to steal money through iTunes.

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply

"Apple should pull the plug on the iPhone."

John C. Dvorak, 2007
Reply
post #25 of 30
Quote:
Originally Posted by SailorPaul View Post

...
And Apple apparently pulled the job posting for a fraud prevention specialist

http://9to5mac.com/itunes-fraud-prevention-specialist

Gee, maybe that means they hired one??? Or promoted/reassigned someone who in the past week showed a talent that hadn't been exercised before? Filling the position is what the posting was for in the first place...
.
Reply
.
Reply
post #26 of 30
Quote:
Originally Posted by Suddenly Newton View Post

Can we agree to stop calling the people behind these incidents "developers"? It sounds like racketeering to me. Nothing about "mycompany" sounds remotely legitimate...the whole thing was setup to steal money through iTunes.

Well they are paid developers and they have posted apps, showing they know how to code and package apps for distribution -- all things developers do. They are just doing them to get access to new victims. The terminology's not worth getting worked up over.
.
Reply
.
Reply
post #27 of 30
Quote:
Originally Posted by bdkennedy1 View Post

You know what I'm getting really sick of? Scrolling through non-American apps. What the hell is a U.K. weather program doing in the U.S. app store?

I know it's annoying at times, but I find it useful. My daughter goes to university in the UK, and I get to visit here and there, as does my wife. I've got two programs for the Tube, and another for restaurants and other useful sights.

It's much easier to look through them here, at leisure, and then buy them, then wait until you're there and have to do it in a hurry, and that's even assuming that you can buy off the UK store with a USA account, which I'm not sure you can do, as the USA store shows up on my phone when I'm there.
post #28 of 30
Quote:
Originally Posted by SailorPaul View Post


And Apple apparently pulled the job posting for a fraud prevention specialist

http://9to5mac.com/itunes-fraud-prevention-specialist

Usually, once you fill a position, you pull the Ad.
post #29 of 30
Quote:
Originally Posted by kiwee View Post

Has anyone thought about this problem this way.

Say I'm a developer. I have a few applications on the App Store.
However, my competition also has a number of apps and they sell better than mine.

I buy a few hijacked accounts from the website everyone is talking about and buy the shit out of my competitions apps.

Users complain to Apple that their accounts have been hijacked.
Apple responds and assumes that my competition is doing the deed and quickly remove all of his applications.

My apps are left getting all the purchases.

Would not be that hard to do..

It's actually easier to get your own app into the top 10 - legitimately.

The most interesting thing about this entire story is how few purchases it takes to move your app to the top of the list. 400 stolen accounts was enough. So, instead of spending $100 on stolen accounts, you could spend $400 by having a $0.99 special on your app and then give 400 people $1 to try your app.
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
"I'm way over my head when it comes to technical issues like this"
Gatorguy 5/31/13
Reply
post #30 of 30
Quote:
Originally Posted by jragosta View Post

And don't start with demanding a new password for every site. I probably have over 100 password protected sites. If I didn't reuse passwords on at least some of them, I'd spend my whole life clicking on 'forget password?' links.

It's been a little while, but why not?

People need to use different passwords for websites tied to financial capabilities. Having your AppleInsider account hacked is quite a different beast from having your Amazon, iTunes, or bank account hacked. That can result in material loss, or worse. There's no excuse for using duplicate passwords on such sites, and should the loss of a password somewhere else result in a compromise, there should be no expectation of sympathy.

As for managing so many passwords? There are handy tools like 1Password, which can tie in beautifully between computers and even your mobile phone. I'm sure there are similar solutions across other platforms. Just search for them.

*And I use the 'hacked' term loosely here. Most of these people losing their passwords (actually, it seems all of them in the iTunes cases) have lost their passwords due to the likes of phishing schemes. Ultimately, the customer must protect themselves from dangers such as this.
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
The true measure of a man is how he treats someone that can do him absolutely no good.
  Samuel Johnson
Reply
New Posts  All Forums:Forum Nav:
  Return Home
  Back to Forum: iPod + iTunes + AppleTV
AppleInsider › Forums › Mobile › iPod + iTunes + AppleTV › Another fraudulent developer removed from Apple's App Store