Author |
Message |
JJW009
I haven't seen my friends in so long
Joined: Thu Apr 23, 2009 6:58 pm Posts: 8767 Location: behind the sofa
|
_________________jonbwfc's law: "In any forum thread someone will, no matter what the subject, mention Firefly." When you're feeling too silly for x404, youRwired.net
|
Mon Jul 05, 2010 3:06 pm |
|
 |
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am Posts: 29240 Location: Guantanamo Bay (thanks bobbdobbs)
|
Yes but Apple will stamp on this hard. It might slow up the approvals process.
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
Mon Jul 05, 2010 6:36 pm |
|
 |
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm Posts: 17040
|
It's not really anything to do with the approval process. It's the user's accounts that are being hacked and used to present 'false positives' on the apps traffic levels to boost them up the 'most popular' tables. There's no viable method for this to be stopped at the approval stage for the app - all they can do is ban the app & developer when they find out it's happened. What they need is a much more robust way for people to report their accounts being hijacked and a way to 'roll back' any purchases made with those accounts once it has happened. And maybe some sophisticated analysis of buying patterns i.e. raise an alert when they see spikes in app sales that don't seem 'right'. Jon
|
Mon Jul 05, 2010 8:03 pm |
|
 |
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am Posts: 29240 Location: Guantanamo Bay (thanks bobbdobbs)
|
Yes but how are the accounts being hacked? If it is via the apps then the approvals process will be a problem. Many people have passwords that are far too easy to hack or use the same passwords for everything. It might help if Apple emailed people to inform them that suspicious activity had be detected on their account.
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
Mon Jul 05, 2010 8:35 pm |
|
 |
l3v1ck
What's a life?
Joined: Fri Apr 24, 2009 10:21 am Posts: 12700 Location: The Right Side of the Pennines (metaphorically & geographically)
|
That's what I was thinking. How did these apps get through the screening process?
|
Mon Jul 05, 2010 8:53 pm |
|
 |
jonbwfc
What's a life?
Joined: Thu Apr 23, 2009 7:26 pm Posts: 17040
|
Quite. I'm fairly sure it's bad password security rather than trojan apps. The fraudsters have become quite clever about cross-checking this kind of stuff whereas Apple do have automated tools that check when apps are passing data out via the internet. That's how they found out about the analytics stuff they got in such a tizzy about recently. Yup, I'm not sure how good they are at that, if they do it at all. Jon
|
Mon Jul 05, 2010 10:32 pm |
|
 |
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am Posts: 29240 Location: Guantanamo Bay (thanks bobbdobbs)
|
Yes password mismanagement is one very strong possibility. I have 154 passwords and all are different and even randomly generated. Though I might consider changing them annually if necessary. The vast majority use the same password for everything. Lose that one and you are screwed. I doubt that they do. it is all business as far as they are concerned.
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
Tue Jul 06, 2010 12:31 am |
|
 |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
Paul Thurrot got stung a 2 weeks back. His kids downloaded a free app onto their iPod Touches (Tap Fish), which then lets the user buy fish in game. Even though the kids didn't have his password (it was only authorised on his PC, which was used to sync the iPods), they still managed to download nearly $1,000 in fish in-game!
Apple refunded the money without any fuss, and said that he wasn't the first to complain.
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Tue Jul 06, 2010 5:49 am |
|
 |
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am Posts: 29240 Location: Guantanamo Bay (thanks bobbdobbs)
|
I am still bemused how the app can charge anything to his account without authorisation. Did he have his account set up for one click purchases which might explain.
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
Tue Jul 06, 2010 5:57 am |
|
 |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
According to him, no. The iPods didn't have the passwords on board and the kids could only download apps from his authorised machine... 
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Tue Jul 06, 2010 6:50 am |
|
 |
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am Posts: 29240 Location: Guantanamo Bay (thanks bobbdobbs)
|
Then a serious hole in the system exists. I wonder how many will actually notice?
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
Tue Jul 06, 2010 3:15 pm |
|
 |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
Considering the packs of fish cost up to $200 a pop, I guess people will notice that fairly quickly - I get an e-mail from Apple for each purchase, if they started sending me notifications of $200 transactions, I'd spot that quickly!
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Wed Jul 07, 2010 4:25 am |
|
 |
Amnesia10
Legend
Joined: Fri Apr 24, 2009 2:02 am Posts: 29240 Location: Guantanamo Bay (thanks bobbdobbs)
|
Yes but sometimes the invoice comes many days later. I was assuming that it did not trigger an Apple invoice and just appeared on a credit card statement.
_________________Do concentrate, 007... "You are gifted. Mine is bordering on seven seconds." https://www.dropbox.com/referrals/NTg5MzczNTkhttp://astore.amazon.co.uk/wwwx404couk-21
|
Wed Jul 07, 2010 8:26 am |
|
 |
big_D
What's a life?
Joined: Thu Apr 23, 2009 8:25 pm Posts: 10691 Location: Bramsche
|
He was sitting at his computer, when a flood of emails from Apple started coming in... He then called his kids into the room, after the second one, then another 4 came in, whilst he was talking to them! Apple put a stop on the transactions and refunded the money, the kids also got to keep the fish - in theory, he deleted the App and the fish from their iPods! 
_________________ "Do you know what this is? Hmm? No, I can see you do not. You have that vacant look in your eyes, which says hold my head to your ear, you will hear the sea!" - Londo Molari
Executive Producer No Agenda Show 246
|
Wed Jul 07, 2010 11:45 am |
|
|