http://thenextweb.com/apple/2010/07/04/ ... ck-itunes/

Sounds like fun.

Yes but Apple will stamp on this hard. It might slow up the approvals process.

It's not really anything to do with the approval process. It's the user's accounts that are being hacked and used to present 'false positives' on the apps traffic levels to boost them up the 'most popular' tables. There's no viable method for this to be stopped at the approval stage for the app - all they can do is ban the app & developer when they find out it's happened. What they need is a much more robust way for people to report their accounts being hijacked and a way to 'roll back' any purchases made with those accounts once it has happened. And maybe some sophisticated analysis of buying patterns i.e. raise an alert when they see spikes in app sales that don't seem 'right'.

Jon

Yes but how are the accounts being hacked? If it is via the apps then the approvals process will be a problem. Many people have passwords that are far too easy to hack or use the same passwords for everything. It might help if Apple emailed people to inform them that suspicious activity had be detected on their account.

That's what I was thinking. How did these apps get through the screening process?

Quite. I'm fairly sure it's bad password security rather than trojan apps. The fraudsters have become quite clever about cross-checking this kind of stuff whereas Apple do have automated tools that check when apps are passing data out via the internet. That's how they found out about the analytics stuff they got in such a tizzy about recently.


Yup, I'm not sure how good they are at that, if they do it at all.

Jon

Yes password mismanagement is one very strong possibility. I have 154 passwords and all are different and even randomly generated. Though I might consider changing them annually if necessary. The vast majority use the same password for everything. Lose that one and you are screwed.


I doubt that they do. it is all business as far as they are concerned.

Paul Thurrot got stung a 2 weeks back. His kids downloaded a free app onto their iPod Touches (Tap Fish), which then lets the user buy fish in game. Even though the kids didn't have his password (it was only authorised on his PC, which was used to sync the iPods), they still managed to download nearly $1,000 in fish in-game!

Apple refunded the money without any fuss, and said that he wasn't the first to complain.

I am still bemused how the app can charge anything to his account without authorisation. Did he have his account set up for one click purchases which might explain.

According to him, no. The iPods didn't have the passwords on board and the kids could only download apps from his authorised machine...

Then a serious hole in the system exists. I wonder how many will actually notice?

Considering the packs of fish cost up to $200 a pop, I guess people will notice that fairly quickly - I get an e-mail from Apple for each purchase, if they started sending me notifications of $200 transactions, I'd spot that quickly!

Yes but sometimes the invoice comes many days later. I was assuming that it did not trigger an Apple invoice and just appeared on a credit card statement.

He was sitting at his computer, when a flood of emails from Apple started coming in... He then called his kids into the room, after the second one, then another 4 came in, whilst he was talking to them! Apple put a stop on the transactions and refunded the money, the kids also got to keep the fish - in theory, he deleted the App and the fish from their iPods!