Slashdot Mirror


Users Report Foul Play In App Store Rankings, Purchases

An anonymous reader writes "Two iPhone App developers have spotted what appears to be a hacking of the App store rankings by a rogue developer. The rankings in the books category of the US iTunes store features 40 out of 50 apps by the same app developer, Thuat Nguyen. What's more concerning is that it seems individuals' iTunes accounts have been hacked to make mass purchases of that one developer's apps." Among the comments attached to the linked story is one which suggests the security problem may lie elsewhere.

9 of 144 comments (clear)

  1. Hrm by therealobsideus · · Score: 4, Insightful

    Perhaps this is just another reason why I don't use iTunes. If I like an artist I download, I'll buy their CD - if not, I delete it. And makes it much easier to convert a CD to ogg or flacs than with a lot of their Apple's AAC crap.

    1. Re:Hrm by socceroos · · Score: 5, Insightful

      Meh, every online store is going to have its weaknesses. Unfortunately, most of the time, the greatest weakness is the users themselves.

      Not trying to justify iTunes - I hate it. Just saying that I doubt its any more 'hackable' than the next online store.

    2. Re:Hrm by Anonymous Coward · · Score: 5, Insightful

      Not liking assholes and viewing greed as a negative human quality doesn't necessarily make one a communist.

    3. Re:Hrm by sortius_nod · · Score: 3, Insightful

      Exactly.

      It's kind of like blaming Blizzard for people's WoW accounts getting hacked. Your account has something someone wants, they'll try to get it. If you use weak passwords, well, no one's fault but your own there.

    4. Re:Hrm by Mitsoid · · Score: 4, Insightful

      Except Blizzard has a track record of account restoration and decent customer service in this area.

      In reality, most of the time it's neither party's fault -- The recent Adobe Flash exploit hurt a lot of people as they targeted flash advertisements for wow websites... even legitimate websites could be infected as they have to show advertisements to stay in business.

      Thankfully, Blizzard realizes that blaming end-users when a large, large percentage did not 'ask' for it, only costs the company money in the end when users stop using their service.

    5. Re:Hrm by shutdown+-p+now · · Score: 4, Insightful

      I fail to see what relevance Apple (much less Steve Jobs personally) has here. This is about hacked user accounts. This kind of thing is an unfortunate fact of life, keeping in mind that social engineering attacks take up the majority in security breaches. There's only so much Apple can do to mitigate this, and I don't see that they missed anything.

      Heck, if anything, Apple's "walled garden" model - for all my dislike of it - is most efficient at dealing with these kinds of abuses. When malware authors have to go to the effort of hacking user accounts to get their crap shoved at users, you know they're tight against the wall already. In comparison, with Android, you just call yourself "Googe" (note spelling) and upload your malware directly.

      (How do I know it's malware? I haven't installed it, of course - but when all their apps, including a non-multiplayer five-in-a-row game, request "full network connectivity" and "location information" permissions on install, you know something's fishy; the fake company name is just icing on the cake.)

      The irony is that I can't even use Market feature to report it as malware, or at least write a 1-star review with a warning, because you can only write reviews/complaints once you install the app...

  2. Sounds like phishing... by maccodemonkey · · Score: 4, Insightful

    Any bets? Sounds like there were suddenly a bunch of phished accounts that got "activated."

  3. You've been Steeved! by Animats · · Score: 3, Insightful

    Other problem with iTunes, "All sales are final." .... From Terms and conditions, security section: "You are entirely responsible for all activities that occur on or through your Account, and you agree to immediately notify Apple of any unauthorized use of your Account or any other breach of security. Apple shall not be responsible for any losses arising out of the unauthorized use of your Account. "

    That's so Steve Jobs.

  4. Occam's Razor by webdog314 · · Score: 4, Insightful

    After reading the article, the other linked article, and the comments posted on the linked site, I have to ask what's more likely here: that approximately 30 people out of 100+ millions of iTunes users have infected systems with key-loggers and were phished, or that the App Store has some huge security problem?

    Just saying.