Apple on iTunes fraud: Developer banned, users should check accounts
Apple on Tuesday publicly responded to recent reports of developer and account fraud, revealing it banned the developer in question from its App Store, and also suggested that customers review their iTunes account for unauthorized transactions.
Over the weekend, reports surfaced that some iTunes account holders were involved in an increasing number of fraud cases, some of which appeared to be orchestrated by developers who allegedly used the accounts to boost their sales ratings. In addition, some others were affected by a widespread hack of user accounts.
A wave of suspicious purchases appeared to boost a single developer named Thuat Nguyen, who took over 40 spots in the top 50 applications on the App Store's books category. Nguyen was the creator of a number of Japanese manga titles, and listed under the name "mycompany" with the website "Home.com."
On Tuesday, Apple told Engadget that Nguyen and his applications were removed from the App Store for violating the developer Program License Agreement. The official statement said that Nguyen was involved in "fraudulent purchase patterns."
"Developers do not receive any iTunes confidential customer data when an app is downloaded," the company said. "If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommendt hat you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.";
Over the weekend, reports surfaced that some iTunes account holders were involved in an increasing number of fraud cases, some of which appeared to be orchestrated by developers who allegedly used the accounts to boost their sales ratings. In addition, some others were affected by a widespread hack of user accounts.
A wave of suspicious purchases appeared to boost a single developer named Thuat Nguyen, who took over 40 spots in the top 50 applications on the App Store's books category. Nguyen was the creator of a number of Japanese manga titles, and listed under the name "mycompany" with the website "Home.com."
On Tuesday, Apple told Engadget that Nguyen and his applications were removed from the App Store for violating the developer Program License Agreement. The official statement said that Nguyen was involved in "fraudulent purchase patterns."
"Developers do not receive any iTunes confidential customer data when an app is downloaded," the company said. "If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommendt hat you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes.";
Comments
I assume this doesn?t mean someone actually hacking Apple and stealing people?s money. Does it simply mean ?they got your password? by other means (probably viruses/spyware if you?re on Windows, or automated guessing of overly-simple passwords) and then simply logged in as you, no hack needed?
I think there's still the remaining question on how the apps got published in the first place - surely "mycompany" with website "Home.com" would've looked suspicious.
And what’s the nature of “hacked” iTunes accounts?
I assume this doesn’t mean someone actually hacking Apple and stealing people’s money. Does it simply mean “they got your password” by other means (probably viruses/spyware if you’re on Windows, or automated guessing of overly-simple passwords) and then simply logged in as you, no hack needed?
I'm guessing the latter. Some folks have easy to remember passwords. I had a friend whose Apple ID was just her email address and her password was buymusic. no caps, no symbols, no numbers. That's probably the first thing I would try if I wanted to hack her account.
I only download music from the iTunes store. Am I vulnerable and shoudl I change my password?
It doesn't matter what you buy. If you are online you are vulnerable. You need to look at how you create passwords. Do you go for the minimum number of characters, do you mix in numbers, random caps, etc. Do you use dictionary words. Do you use things for your password or security question that someone could find out by looking up your twitter, facebook etc.
Apple should obviously know which iTunes accounts were used to fraudulently purchase these items. Surely Apple could and should be in contact with the account owners to notify them of the fraudulent activity charged to their account.
It's possible that some of the buys were legit, how will Apple know. So it's on the customer to tell them 'no I didn't buy this' and then go from there
I am SICK of buying crap apps with no way to get my money back or at least have the App removed from the store.
The terms and conditions that you agreed to and re agree to with every itunes update (and a few times in between) say very clearly that there's no money back cause you don't like something. And short of an app that violates the developer terms and conditions, 'crap' is subjective.
If Apple starts making subjective decisions about the merits of apps they will get into more censorship issues than they already are. I don't see them wanting that
Apple needs to do more to protect its customers from crap like this. When there are apps like this, then consumers should be able to report it. Put a "Report this App" button somewhere on the page. I am SICK of buying crap apps with no way to get my money back or at least have the App removed from the store.
So read the reviews. It isn't complicated.
You can also use the "Report a Problem" link.
Warn and ban spammers
I am surprised that only one developer so far has been banned. As noted in previous reports (outside of Apple Insider), this is not the first time that some developers have spammed the Apps Store. Here "spamming" is used to include Apps that piggy-back on legitimate Apps, either by direct copying or using "search terms" unique for a legitimate App.
It should be easy for Apple to develop an algorithm to spot spamming. This could be further supported by report of abuse and complaints from legitimate developers. Using an Apple developed algorithm to detect spamming and other malwares, as well as feedback from both users and developers, an Apple team dedicated to policing the
Developers must have a recourse for those copying their Apps. Here a precedence of submission (not just approval) could be use as the basis of originality. Developers could also complain of hijacking of terms specific for their Apps.
Developers with more than one App must have a legitimate website (not simply Facebook), contact information (including business address) and terms of use. All Apps from one developer must be reported in this official website. The official website must be included in the "Apps information". This will help both users and developers to detect and avoid spammers and make legitimate complaints.
Transparency is a good idea.
Apple must have a set of defined policies on what they consider spamming, as well as set procedure of warning suspected spammers and steps taken that would lead to banning guilty parties.
CGC
Apple needs to do more to protect its customers from crap like this. When there are apps like this, then consumers should be able to report it. Put a "Report this App" button somewhere on the page. I am SICK of buying crap apps with no way to get my money back or at least have the App removed from the store.
what crap apps have you paid for and want a refund? could you provide a list? forgive my suspicion, but you almost sound like a troll.
Good thing my password is in language that is almost extinct.
It won't help if you got keylogger.
It won't help if you got keylogger.
ditto, and I suspect that people who got hacked accounts were on PC's and it was phoning home all their personal information
It's possible that some of the buys were legit, how will Apple know. So it's on the customer to tell them 'no I didn't buy this' and then go from there
They can check IP logs, mac addresses, failed login attempts prior to a successful login, and a bunch of other stuff that is relevant to a customer. It's not exactly an anonymous transaction.
Good thing my password is in language that is almost extinct.
Come-on, English is still used by a lot of people outside of America.
Come-on, English is still used by a lot of people outside of America.
what crap apps have you paid for and want a refund? could you provide a list? forgive my suspicion, but you almost sound like a troll.
There are crumby apps on the App Store, many highly ranked, and if someone doesn't read reviews they're bound to buy a number of them (hence why I don't have much sympathy for people who won't put a moment of effort into reading before they buy). But it is also silly to pretend that those apps don't exist in the app store.
One thing to keep in perspective, though, is that the quality of apps is far above and beyond anything offered on any other phone platform. Android, especially, with its near free-for-all platform, is loaded with garbage apps and blatant copyright infringement (though it does also have some good apps in the mix). Apple's doing a great job overall.
I think there's still the remaining question on how the apps got published in the first place - surely "mycompany" with website "Home.com" would've looked suspicious.
This has to be the number one question they should answer. With Apples draconian approval guidelines designed to prevent malicious code, porn, and free speech, it is hard to imagine how this slipped through.
As much as I love what the iTunes store offers, it is an antiquated system with limited searching capabilities that favor only those Apps with existing popularity, or those that hack through. The thing that irks me most is that although I can search by release date, it will not find newly updated Apps. This means that should a developer convert their app to Universal, it will not show up as a new release and I might not find it, unless I know what it is called. We need the ability to sort by release date, update date, popularity, rating, and a boolean combination of those tied to type of App. When you are used to performing sophisticated searches, iTunes is incredibly limiting.
Anyway checking my iTunes account purchase history isn't very reassuring since most of the stuff that should be there isn't.
what crap apps have you paid for and want a refund? could you provide a list? forgive my suspicion, but you are a troll.
fixed