iTunes App Store hit by developer and account fraud
Apple's iTunes Store users are increasingly being targeted in a number of fraud cases, some of which appear to be orchestrated by iOS app developers seeking to boost their sales rankings, and others which appear to be a widespread hack of user accounts.
While the billions of songs and apps being sold in the iTunes Store to millions of account holders are certain to bring with it a certain amount of fraudulent purchase reports, a new wave of very suspicious app purchases appear to have boosted the sales of a single App Store developer to an overwhelming 40 spots of the top fifty apps in the books category.
The books in question are a low-quality series of mostly Japanese manga titles all published by "developer" Thuat Nguyen, whose publishing company is listed by Apple as "mycompany" with a website of "Home.com." It's impossibly unlikely that 80% of the American App Store's book sales were legitimately dominated by sales of shoddy anime book apps that are not localized, appear to violate intellectual property rights, and were all dumped into the App Store at once over a period of a couple days.
Even more worrying is that sales of the junk apps are being reported by multiple users in iTunes as fraud activity. User ratings on the titles frequently complain about having discovered the purchase as part of fraud activity on their accounts. A flurry of positive reviews say simple things like, "it's great" and "good, this story is very interesting," creating the appearance that they have been added by the same group behind the fraud sales.
The fraudulent book sales are not just overwhelming the App Store charts with junk; they're also pushing legitimate titles by real developers out of the view of shoppers, devaluing the iTunes Store in the minds of users, and eroding Apple's position that the App Store is a carefully curated marketplace that doesn't suffer from the junkware bloat and intellectual property fraud of Google's Android Market.
iTunes accounts being hacked
In addition to listings fraud aimed at promoting the sales of specific junkware developers, it also appears that Apple's iTunes accounts are widely being compromised by organized attacks based in China, where crackers obtain the account information of legitimate users and resell access to the accounts to buyers who pay a few dollars in exchange for information that allows them to make fraud purchases of several hundred dollars before the account's card is turned off.
Last month, a user posted a forum comment stating, "I am going to tell you the truth about what has been going on with your account." The anonymous user then explained, "let?s say you are a Chinese guy or girl with an iPhone or iPad and you want to get some music, movie or app. How you do you do it? You go to http://www.taobao.com: The (by far) largest online market in the world and type iTunes in the search bar. Immediately you will be presented with a list of more than 7,000 items.
"You want to save money, so you filter the list to show only items under RMB25.00- (US $3.60) and still you have more than 3,600 offers. So you pick some one at random like, as an example, this one: http://item.taobao.com/item.htm?id=5516054242. You open the online chat and you transfer him RMB22.00 (US $3.20). He ask you in the online chat to provide a new iTunes account name and password, and you comply: User: qiuwge3foe3333@yahoo.com Password: qwer34567
"He asks you to wait 10 minutes online. He has already a number of user accounts under surveillance, so he enters in the iTunes account of his victim, change his/her username and password to the one you provided, and come back to ask you try it and approve the transaction so Taobao.com releases his money. Even if you cant read Chinese you can see very clearly in his item description that this account will not last more than 24 hours (the time for his victim to see the charges mounting and then cancel the credit card).
"He claims that he selects 'his' accounts so you can drain at least US $250.00 from them before they get cancelled. He urges you to be fast and buy and download as fast as you can. Start immediately! Keep the download going on for the full 24 hours! There is no warranties on how long it will last! Because he already changed the username and password, the victim can?t stop you.
"There are cheaper ways, of course! You can join a 'frenzy feeding,' where the same hijacked account is sold to several customers. It is much slower and, because it was 'opened' maybe hours ago, it will be much shorter lived. It can be had for RMB1.00 to RMB5.00 (US $0.14 to US $0.74). The most important thing, however, is to BUY fast not to download fast. You can download at leisure during the next weeks. iTunes will not stop you: It will only remind you that your (victim?s) credit card is not working and invite you to update your payment details.
"Then, if you want more applications later on, you just enter in Taobao.com and get again a new account in a few minutes. This is the sad reality. There are a lot of of things Apple could do to stop this, like canceling the hijacked accounts and de-authorizing its computers, making the whole process useless. But for what? This is not a problem for Apple: It is a problem for the credit card industry. The account is right, the payment is right, end of the story. If you claim that someone used your credit card to buy things it is a problem between you and your bank, not between you and Apple!
"Please note that when you are buying like crazy with 'your' new account Apple doesn?t bill directly to the credit card every time you add an item: It bills in batches of around (below) US $50. This is another detail that shows how cunning they are! You buy, buy, and buy. And every time your reach 40-something dollars Apple invoices the card. If it pass, you can keep buying. If not, it stops you from buying more.
"This achieves two things: One, it limits the damage to Apple as they only can get hooked for, at most, US $50. Two, makes the whole system safer for them, as purchases under US $50 are not protected in the States law. And it is funny that if that last transaction doesn?t go through, then is when the rage of Apple comes over you for any item you may have already download before the invoicing point was reached.
"Apple will put a flag on your account and will not allow you to download updates for any of the apps on 'your' account (whatever order they came from) or download the pending episodes of 'your' season passes). In this case, you have no option but to go to Taobao.com and use another procedure.
"There are people (the same people) who saves you time by doing in advance the whole process of providing the user, etc. They?ve already 'opened' an account and used it to purchase one or two US $50.00 gift certificates. You get one (US $1.40) and use it to cover the debt with Apple so they can let you enjoy peacefully the items you 'own.'"
Apple monitoring fraud
Out of the billions of transactions handled by iTunes, it's not surprising that there is considerable fraudulent activity occuring. However, the apparently unchecked fraud being orchestrated on such a wide scale, combined with Apple's very slow response in handling extremely suspicious sales that dramatically distort sales rank as noted in the initial example, shed a very questionable light on Apple's assertion that iTunes is a carefully curated marketplace.
It also calls into question why the company works so hard to carefully review developer titles in some areas while at the same time allowing large amounts of very low quality junkware to be listed by obviously illegitimate "companies" with fake contact information.
(Update: A report by App Store developer Alex Brie on the situation indicates App Store developers have been contacted by Apple's Worldwide Product Marketing senior vice president Phil Schiller, and an investigation is now underway.)
While the billions of songs and apps being sold in the iTunes Store to millions of account holders are certain to bring with it a certain amount of fraudulent purchase reports, a new wave of very suspicious app purchases appear to have boosted the sales of a single App Store developer to an overwhelming 40 spots of the top fifty apps in the books category.
The books in question are a low-quality series of mostly Japanese manga titles all published by "developer" Thuat Nguyen, whose publishing company is listed by Apple as "mycompany" with a website of "Home.com." It's impossibly unlikely that 80% of the American App Store's book sales were legitimately dominated by sales of shoddy anime book apps that are not localized, appear to violate intellectual property rights, and were all dumped into the App Store at once over a period of a couple days.
Even more worrying is that sales of the junk apps are being reported by multiple users in iTunes as fraud activity. User ratings on the titles frequently complain about having discovered the purchase as part of fraud activity on their accounts. A flurry of positive reviews say simple things like, "it's great" and "good, this story is very interesting," creating the appearance that they have been added by the same group behind the fraud sales.
The fraudulent book sales are not just overwhelming the App Store charts with junk; they're also pushing legitimate titles by real developers out of the view of shoppers, devaluing the iTunes Store in the minds of users, and eroding Apple's position that the App Store is a carefully curated marketplace that doesn't suffer from the junkware bloat and intellectual property fraud of Google's Android Market.
iTunes accounts being hacked
In addition to listings fraud aimed at promoting the sales of specific junkware developers, it also appears that Apple's iTunes accounts are widely being compromised by organized attacks based in China, where crackers obtain the account information of legitimate users and resell access to the accounts to buyers who pay a few dollars in exchange for information that allows them to make fraud purchases of several hundred dollars before the account's card is turned off.
Last month, a user posted a forum comment stating, "I am going to tell you the truth about what has been going on with your account." The anonymous user then explained, "let?s say you are a Chinese guy or girl with an iPhone or iPad and you want to get some music, movie or app. How you do you do it? You go to http://www.taobao.com: The (by far) largest online market in the world and type iTunes in the search bar. Immediately you will be presented with a list of more than 7,000 items.
"You want to save money, so you filter the list to show only items under RMB25.00- (US $3.60) and still you have more than 3,600 offers. So you pick some one at random like, as an example, this one: http://item.taobao.com/item.htm?id=5516054242. You open the online chat and you transfer him RMB22.00 (US $3.20). He ask you in the online chat to provide a new iTunes account name and password, and you comply: User: qiuwge3foe3333@yahoo.com Password: qwer34567
"He asks you to wait 10 minutes online. He has already a number of user accounts under surveillance, so he enters in the iTunes account of his victim, change his/her username and password to the one you provided, and come back to ask you try it and approve the transaction so Taobao.com releases his money. Even if you cant read Chinese you can see very clearly in his item description that this account will not last more than 24 hours (the time for his victim to see the charges mounting and then cancel the credit card).
"He claims that he selects 'his' accounts so you can drain at least US $250.00 from them before they get cancelled. He urges you to be fast and buy and download as fast as you can. Start immediately! Keep the download going on for the full 24 hours! There is no warranties on how long it will last! Because he already changed the username and password, the victim can?t stop you.
"There are cheaper ways, of course! You can join a 'frenzy feeding,' where the same hijacked account is sold to several customers. It is much slower and, because it was 'opened' maybe hours ago, it will be much shorter lived. It can be had for RMB1.00 to RMB5.00 (US $0.14 to US $0.74). The most important thing, however, is to BUY fast not to download fast. You can download at leisure during the next weeks. iTunes will not stop you: It will only remind you that your (victim?s) credit card is not working and invite you to update your payment details.
"Then, if you want more applications later on, you just enter in Taobao.com and get again a new account in a few minutes. This is the sad reality. There are a lot of of things Apple could do to stop this, like canceling the hijacked accounts and de-authorizing its computers, making the whole process useless. But for what? This is not a problem for Apple: It is a problem for the credit card industry. The account is right, the payment is right, end of the story. If you claim that someone used your credit card to buy things it is a problem between you and your bank, not between you and Apple!
"Please note that when you are buying like crazy with 'your' new account Apple doesn?t bill directly to the credit card every time you add an item: It bills in batches of around (below) US $50. This is another detail that shows how cunning they are! You buy, buy, and buy. And every time your reach 40-something dollars Apple invoices the card. If it pass, you can keep buying. If not, it stops you from buying more.
"This achieves two things: One, it limits the damage to Apple as they only can get hooked for, at most, US $50. Two, makes the whole system safer for them, as purchases under US $50 are not protected in the States law. And it is funny that if that last transaction doesn?t go through, then is when the rage of Apple comes over you for any item you may have already download before the invoicing point was reached.
"Apple will put a flag on your account and will not allow you to download updates for any of the apps on 'your' account (whatever order they came from) or download the pending episodes of 'your' season passes). In this case, you have no option but to go to Taobao.com and use another procedure.
"There are people (the same people) who saves you time by doing in advance the whole process of providing the user, etc. They?ve already 'opened' an account and used it to purchase one or two US $50.00 gift certificates. You get one (US $1.40) and use it to cover the debt with Apple so they can let you enjoy peacefully the items you 'own.'"
Apple monitoring fraud
Out of the billions of transactions handled by iTunes, it's not surprising that there is considerable fraudulent activity occuring. However, the apparently unchecked fraud being orchestrated on such a wide scale, combined with Apple's very slow response in handling extremely suspicious sales that dramatically distort sales rank as noted in the initial example, shed a very questionable light on Apple's assertion that iTunes is a carefully curated marketplace.
It also calls into question why the company works so hard to carefully review developer titles in some areas while at the same time allowing large amounts of very low quality junkware to be listed by obviously illegitimate "companies" with fake contact information.
(Update: A report by App Store developer Alex Brie on the situation indicates App Store developers have been contacted by Apple's Worldwide Product Marketing senior vice president Phil Schiller, and an investigation is now underway.)
Comments
... The books in question are a low-quality series of mostly Japanese manga titles all published by "developer" Thuat Nguyen, ...
I wish Apple would just stop the entire practice of selling "apps" the are actually books. There already exist multiple online bookstores for those that have the legal rights to publish a book and the "books" apps just junk up the store.
I'm an artist, and could easily steal some old out of copyright work and jazz up a few illustrations and a cover for it and sell it on the app store. I don't do that though, because it's wrong, (legal though it might be). These kind of apps add nothing and are a blight on the app store for the most part.
In terms of people who've used fake or stolen accounts to purchase apps, can Apple's app kill switch be used to deactivate those applications on those user's next iTunes sync? Or is the app kill switch a more blunt instrument that can only to be used to kill an app for all users across the whole App Store rather than just those users who have participated in fraud? Although, Apple needs to be very careful in using this of course, since the media attention on false positives would be even worse than the fraudulent activity going on right now.
I wish Apple would just stop the entire practice of selling "apps" the are actually books. There already exist multiple online bookstores for those that have the legal rights to publish a book and the "books" apps just junk up the store.
I'm an artist, and could easily steal some old out of copyright work and jazz up a few illustrations and a cover for it and sell it on the app store. I don't do that though, because it's wrong, (legal though it might be). These kind of apps add nothing and are a blight on the app store for the most part.
I agree for the most part, however, I would caution that some book apps are really good, I dont have nor want kids, but I have seen some apps in use that do things that Kindle, ibooks and the like do not, things like animated illustrations, or read along features where kids who are just learning to read can have each word highlighted as it is played via a recording of a friendly sounding professional reader, not a robo voice like the Kindle offers for some books.
What needs to happen is there needs to be media apis available to i Books, have three book cases, traditional books, PDFs, and interactive material. This would be great for digital textbook supplemental materials as well. With DVD Studio Pro and Motion laying around, Apple has all the tools to build an awesome content creation experience for interactive books, just mix and match the best of those video features with what Apple has learned from Pages and Keynote and make an application for Mac that does content design for iBooks, and allow other third party reputable resellers like amazon, or barns and noble to do book apps...problem solved.
Also i don't think he will ever be in ANY app store. his credibility and reputation is now in the shitter.
Anyway, those "buyers" could have just as easily jail broken their devices and stolen apps without having to rip paying itunes account holders off. Will be interesting to see what apple does about this.
Hope Apple files charges against this idiot developer.
Also i don't think he will ever be in ANY app store. his credibility and reputation is now in the shitter.
Lol, the guy in question must not even exists... Must be a group of counterfeiters and freelance hackers helping them to sell illegal copyrighted works... As always the shop company -whatever it is Ebay selling "genuine" Chanel bags or there Apple- taking their percentage on the fraud.
... devaluing the iTunes Store in the minds of users, and eroding Apple's position that the App Store is a carefully curated marketplace that doesn't suffer from the junkware bloat and intellectual property fraud of Google's Android Market.
Ummm, I already think that the App Store is full of junkware. Maybe they could introduce finer subdivisions? Like:
Entertainment:Utilities:
'Apps to generate revenue, but have no real purpose beyond a 60 second novelty'
Lol, the guy in question must not even exists... Must be a group of counterfeiters and freelance hackers helping them to sell illegal copyrighted works... As always the shop company -whatever it is Ebay selling "genuine" Chanel bags or there Apple- taking their percentage on the fraud.
Selling paid apps in the app store is not as easy as you think. Developers are required to supply real bank account numbers. Apple take the time to verify the information, sometimes weeks, before a developer can sell paid apps in the app store.
Beside the money from apps will take 30 days from the close of the billing period to be released to the developer. For example, money from this month sales will reach developers on or after August 1st. This gives Apple advantage in case something like this happens.
Ummm, I already think that the App Store is full of junkware. Maybe they could introduce finer subdivisions? Like:
Entertainment:Utilities:
When Apple first rejected fart apps all hell broke and Apple was called control freak.
unless apple does something to make iTunes more secure i am not buying another single thing off that app.
i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.
this is a huge security issue which they won't admit or anyone has really made public. great article.
all i can say i was a victim of fraud through apple iTunes. someone stole my acct info and downloaded nearly $500 worth of apps/music. i contacted apple and surprisingly they NO CUSTOMER SERVICE for itunes related fraud activities. i spoke to some guy who was handling laptop issues. he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities. I'm like WTF?!?!?! my bank did their own investigation and credited my account. no thanks to apple.
unless apple does something to make iTunes more secure i am not buying another single thing off that app.
i highly recommend anyone who has their CC info stored on that app to delete it or use gift certificates. iTunes is NOT a secure downloading app by any means.
No one will because it is your bank job to do so. I left my Visa debit card at a restuerant once and came back the next morning and picked it up. Few months later my card was used to buy software online for more than $300. I called the bank and they put the money back into my account and issued me new card. I didn't even bother calling the software seller.
he was very polite and helpful but unfortunately i was told apple does not credit or give your money back due to fraudulent activities.
Sure they do (give your money back), but the type of activity can limit what they can do. Their Support area is through your iTunes account. You can check your history and report a problem. I've used it several times over the years with great success.
Once I was gifting a TV Show and it kept timing out on the purchase. I kept trying until it went through. My card was later charge for multiple attempts even though the recipient only received once email for the gift. Apple refunded all my money, not just all but one sale, they also credited my account with several free TV shows (these could not be used with other types of iTS media, not eve HD TV Shows). That was better than I expected.
The great thing about CCs today is there is an inherent protection. Personally, I do all internet purchases from a low value CC just in case it does get stolen. I know I'll get it back but I also won't be inconvenienced by it. I simply pay it off the day I buy something, but that does mean my CC company has my bank info, so it's not a full proof plan, because they could get hacked.
Problems like this are not limited to Apple. Apple can do it better, so can Amazon, eBay and other major e-businesses. eBay users (including me) go through so many such fraudulent activities that it feels like a quagmire to buy and sell stuff there.
here's the response i got back from apple. and it clearly does not state any compensation, crediting, etc.. so its up to you and your bank in the end. my point is iTunes has serious security issues if someone is hacking your acct and actually getting your CC etc..
Hello Huy,
Curtis here, from the iTunes Store. I understand you are concerned about purchases that were made with your iTunes Store account without your permission or knowledge. I can certainly understand how eager you must be to have this looked into and I would be happy to do all I can to help.
Huy, to prevent further purchasing, I have disabled your account and banned the credit card on file from making purchases on the iTunes Store. Please note that your iTunes account can be enabled in the future by providing specific information to iTunes Store support.
I urge you to contact your credit, debit, or payment card issuer as soon as possible to inquire about canceling the card or account and removing the unauthorized transactions. You should also ask them to launch an investigation into the security of your account. The iTunes Store cannot reverse the charges.
In the meantime, I strongly recommend you change your account password immediately. Changing the password will help to prevent anyone else from using your iTunes Store account to place orders without your knowledge. To increase the security of your account, choose a password that has at least eight digits and includes both letters and numbers. You can change your password using this website:
http://iforgot.apple.com
If you wish, you can also delete your payment information from the iTunes Store as follows:
1) Make sure you're using the latest version of iTunes. It can be downloaded free of charge from the iTunes website:
http://www.itunes.com/download
Note: Installing the latest version of iTunes will not affect your library or any items in your account that you haven't downloaded.
2) To open iTunes and go to your Apple Account Information page, click this link:
http://phobos.apple.com/accountSummary
3) Enter your iTunes Store account name and password, then click Account Info.
4) On the Apple Account Information page, click the Edit Payment Information button.
5) Select None from the list of credit card types. This will delete your billing information.
6) Be sure to click the Done button at the bottom of the page to save your changes.
If you suspect you are the victim of identity theft, consider following these recommendations:
- Contact the fraud departments of any consumer reporting company to place a fraud alert on your credit report.
- Close the accounts that you believe have been used without your knowledge.
- File a complaint with the Federal Trade Commission (FTC). For more information, please visit:
http://www.ftc.gov/idtheft
I sincerely hope that you are able to resolve this matter with the help of your credit card company, as soon as possible, Huy. If your financial institution advises you that there's something more we can do from the iTunes Store Support side of things, I'll be happy to assist you further. Thank you for your patience and understanding.
Best Wishes
Curtis
iTunes Store Customer Support
My Hours are: Monday-Tuesday. OFF Wednesday 8:00AM-4:30PM, Thursday-Saturday 8:00AM-4:30PM
i really don't know how u got your money back.. when i was told the charges cannot be reversed..
here's the response i got back from apple. and it clearly does not state any compensation, crediting, etc.. so its up to you and your bank in the end. my point is iTunes has serious security issues if someone is hacking your acct and actually getting your CC etc..
Of course they can credit your card back. If they can take money from your card they negate those charges too. It's part of the system.
It sounds like your credit card data itself was highjacked, not just your iTunes Store account. That means it's not Apple's responsibility, it's for your CC company to delete and to remove all funds. Whether that is what happened or not, it does seem like that is what Curtis thought. Note, my anecdote was about Apple refunding my charges, not needing to cancel a CC.