So what's to stop shady developers from using accounts that they "gain access to" to boost the sales of a competitor and get them removed from the app store?
Quote:
Originally Posted by kiwee
Has anyone thought about this problem this way.
Say I'm a developer. I have a few applications on the App Store.
However, my competition also has a number of apps and they sell better than mine.
I buy a few hijacked accounts from the website everyone is talking about and buy the shit out of my competitions apps.
Users complain to Apple that their accounts have been hijacked.
Apple responds and assumes that my competition is doing the deed and quickly remove all of his applications.
My apps are left getting all the purchases.
Would not be that hard to do..
Great minds think alike. But seriously, that's why we have fraud investigators. Trust me, both law enforcement and crooks are aware of such turnabout shenanigans and have been sparring over them since crime began. Apple just needs to beef up that part of their security operations.
The incident came just days after another developer took over 40 of the top 50 spots in the App Store's books category. Developer Thuat Nguyen, who listed his publishing company as "mycompany" with a website of "Home.com," was accused of boosting his sales with hacked iTunes accounts, tied to users' credit card numbers.
Apple responded quickly to say that it had removed the offending developer from the App Store, as well as his applications.
Can we agree to stop calling the people behind these incidents "developers"? It sounds like racketeering to me. Nothing about "mycompany" sounds remotely legitimate...the whole thing was setup to steal money through iTunes.
Gee, maybe that means they hired one??? Or promoted/reassigned someone who in the past week showed a talent that hadn't been exercised before? Filling the position is what the posting was for in the first place...
Can we agree to stop calling the people behind these incidents "developers"? It sounds like racketeering to me. Nothing about "mycompany" sounds remotely legitimate...the whole thing was setup to steal money through iTunes.
Well they are paid developers and they have posted apps, showing they know how to code and package apps for distribution -- all things developers do. They are just doing them to get access to new victims. The terminology's not worth getting worked up over.
You know what I'm getting really sick of? Scrolling through non-American apps. What the hell is a U.K. weather program doing in the U.S. app store?
I know it's annoying at times, but I find it useful. My daughter goes to university in the UK, and I get to visit here and there, as does my wife. I've got two programs for the Tube, and another for restaurants and other useful sights.
It's much easier to look through them here, at leisure, and then buy them, then wait until you're there and have to do it in a hurry, and that's even assuming that you can buy off the UK store with a USA account, which I'm not sure you can do, as the USA store shows up on my phone when I'm there.
Say I'm a developer. I have a few applications on the App Store.
However, my competition also has a number of apps and they sell better than mine.
I buy a few hijacked accounts from the website everyone is talking about and buy the shit out of my competitions apps.
Users complain to Apple that their accounts have been hijacked.
Apple responds and assumes that my competition is doing the deed and quickly remove all of his applications.
My apps are left getting all the purchases.
Would not be that hard to do..
It's actually easier to get your own app into the top 10 - legitimately.
The most interesting thing about this entire story is how few purchases it takes to move your app to the top of the list. 400 stolen accounts was enough. So, instead of spending $100 on stolen accounts, you could spend $400 by having a $0.99 special on your app and then give 400 people $1 to try your app.
And don't start with demanding a new password for every site. I probably have over 100 password protected sites. If I didn't reuse passwords on at least some of them, I'd spend my whole life clicking on 'forget password?' links.
It's been a little while, but why not?
People need to use different passwords for websites tied to financial capabilities. Having your AppleInsider account hacked is quite a different beast from having your Amazon, iTunes, or bank account hacked. That can result in material loss, or worse. There's no excuse for using duplicate passwords on such sites, and should the loss of a password somewhere else result in a compromise, there should be no expectation of sympathy.
As for managing so many passwords? There are handy tools like 1Password, which can tie in beautifully between computers and even your mobile phone. I'm sure there are similar solutions across other platforms. Just search for them.
*And I use the 'hacked' term loosely here. Most of these people losing their passwords (actually, it seems all of them in the iTunes cases) have lost their passwords due to the likes of phishing schemes. Ultimately, the customer must protect themselves from dangers such as this.
Comments
So what's to stop shady developers from using accounts that they "gain access to" to boost the sales of a competitor and get them removed from the app store?
Has anyone thought about this problem this way.
Say I'm a developer. I have a few applications on the App Store.
However, my competition also has a number of apps and they sell better than mine.
I buy a few hijacked accounts from the website everyone is talking about and buy the shit out of my competitions apps.
Users complain to Apple that their accounts have been hijacked.
Apple responds and assumes that my competition is doing the deed and quickly remove all of his applications.
My apps are left getting all the purchases.
Would not be that hard to do..
Great minds think alike. But seriously, that's why we have fraud investigators. Trust me, both law enforcement and crooks are aware of such turnabout shenanigans and have been sparring over them since crime began. Apple just needs to beef up that part of their security operations.
http://thenextweb.com/apple/2010/07/...e-hack-itunes/
Says more widespread
http://thenextweb.com/apple/2010/07/...e-hack-itunes/
Plus this backgrounder with more details
http://thenextweb.com/apple/2010/07/...-store-hacked/
And Apple apparently pulled the job posting for a fraud prevention specialist
http://9to5mac.com/itunes-fraud-prevention-specialist
Try 1Password, or LastPass.
Why not to use FireFox built in Password manager. Use Master password and you are safe.
Only feature is missing is to generate complex paasswords. However, I certain there is a plug in for this.
The incident came just days after another developer took over 40 of the top 50 spots in the App Store's books category. Developer Thuat Nguyen, who listed his publishing company as "mycompany" with a website of "Home.com," was accused of boosting his sales with hacked iTunes accounts, tied to users' credit card numbers.
Apple responded quickly to say that it had removed the offending developer from the App Store, as well as his applications.
Can we agree to stop calling the people behind these incidents "developers"? It sounds like racketeering to me. Nothing about "mycompany" sounds remotely legitimate...the whole thing was setup to steal money through iTunes.
...
And Apple apparently pulled the job posting for a fraud prevention specialist
http://9to5mac.com/itunes-fraud-prevention-specialist
Gee, maybe that means they hired one??? Or promoted/reassigned someone who in the past week showed a talent that hadn't been exercised before? Filling the position is what the posting was for in the first place...
Can we agree to stop calling the people behind these incidents "developers"? It sounds like racketeering to me. Nothing about "mycompany" sounds remotely legitimate...the whole thing was setup to steal money through iTunes.
Well they are paid developers and they have posted apps, showing they know how to code and package apps for distribution -- all things developers do. They are just doing them to get access to new victims. The terminology's not worth getting worked up over.
You know what I'm getting really sick of? Scrolling through non-American apps. What the hell is a U.K. weather program doing in the U.S. app store?
I know it's annoying at times, but I find it useful. My daughter goes to university in the UK, and I get to visit here and there, as does my wife. I've got two programs for the Tube, and another for restaurants and other useful sights.
It's much easier to look through them here, at leisure, and then buy them, then wait until you're there and have to do it in a hurry, and that's even assuming that you can buy off the UK store with a USA account, which I'm not sure you can do, as the USA store shows up on my phone when I'm there.
And Apple apparently pulled the job posting for a fraud prevention specialist
http://9to5mac.com/itunes-fraud-prevention-specialist
Usually, once you fill a position, you pull the Ad.
Has anyone thought about this problem this way.
Say I'm a developer. I have a few applications on the App Store.
However, my competition also has a number of apps and they sell better than mine.
I buy a few hijacked accounts from the website everyone is talking about and buy the shit out of my competitions apps.
Users complain to Apple that their accounts have been hijacked.
Apple responds and assumes that my competition is doing the deed and quickly remove all of his applications.
My apps are left getting all the purchases.
Would not be that hard to do..
It's actually easier to get your own app into the top 10 - legitimately.
The most interesting thing about this entire story is how few purchases it takes to move your app to the top of the list. 400 stolen accounts was enough. So, instead of spending $100 on stolen accounts, you could spend $400 by having a $0.99 special on your app and then give 400 people $1 to try your app.
And don't start with demanding a new password for every site. I probably have over 100 password protected sites. If I didn't reuse passwords on at least some of them, I'd spend my whole life clicking on 'forget password?' links.
It's been a little while, but why not?
People need to use different passwords for websites tied to financial capabilities. Having your AppleInsider account hacked is quite a different beast from having your Amazon, iTunes, or bank account hacked. That can result in material loss, or worse. There's no excuse for using duplicate passwords on such sites, and should the loss of a password somewhere else result in a compromise, there should be no expectation of sympathy.
As for managing so many passwords? There are handy tools like 1Password, which can tie in beautifully between computers and even your mobile phone. I'm sure there are similar solutions across other platforms. Just search for them.
*And I use the 'hacked' term loosely here. Most of these people losing their passwords (actually, it seems all of them in the iTunes cases) have lost their passwords due to the likes of phishing schemes. Ultimately, the customer must protect themselves from dangers such as this.