Slashdot Mirror

← Back to Stories (view on slashdot.org)

More Trouble In Apple's App Store

Posted by kdawson on from the phish-travel-in-squools dept.

quickOnTheUptake writes in to update the story of foul play in Apple's App Store, which we talked over on Sunday. The Next Web, which broke the story, now provides evidence of rampant App Farms used for theft in the store. Here is a summary of the problems TNW has seen, which includes large-scale break-ins of the App Store accounts of users worldwide. Apple has responded to the initial reports, has disabled the account of the initially fingered rogue developer, and has called on those whose accounts were misused to change their password and credit card. Both TNW and Engadget, at least, believe the problems go far deeper than Apple is admitting.

8 of 186 comments (clear)

  1. Quick anecdote by Anonymous Coward · · Score: 5, Interesting

    I know someone who works in the fraud prevention business and they allege that iTunes purchases and credit card fraud are strongly correlated. Their story goes like this: an iTunes purchase is made for an unknown app, and within minutes a very high value (basically max-out) charge is placed on the same card. The catch is that the max-out charge is placed with an *actual* card (presumably a cloned card) and since it is incredibly unlikely that every case is fraud abuse (a made up 'theft' story by the cardholder) there is something that iTunes is either doing directly or indirectly that is enabling this activity.

    Now the question for the armchair detectives is: is the iTunes purchase the moment of the leak of the card info (through some sort of hacked app), or is the iTunes purchase a test mechanism for the already stolen card info? Not being a big Apple person I haven't spent much time buying from the App store; is it possible to buy an app for someone elses' device, or for a device that doesn't exist yet?

    1. Re:Quick anecdote by Kitkoan · · Score: 2, Interesting

      Consider either using iTunes gift cards.

      Gift cards like those worry me and I refuse to buy them for ANY company. I've seen too many people buy gift cards (that just use a number string) try to get the credit from the card after buying them to only be told that the number has already been used by someone else (they use them by using a Random Key Generator). And since it's just about impossible to prove that you were the first and only owner of it, your typically SOL.

      --
      Attention... all grammer nazi"s! Is they're anything; wrong with: my post,
    2. Re:Quick anecdote by pseudorand · · Score: 3, Interesting

      > My solution? Consider either using iTunes gift cards, or if that isn't an option, put the CC info in, make purchases, then remove the information.

      TFA agrees with you ("Remove your iTunes card details and consider using gift cards where possible."), but using a gift card is a really bad idea. The article also says to "try prevent any iTunes purchases from clearing." These suggestions show a misunderstanding of the legal protections afforded consumers when we use credit cards.

      Under the law, you have 60 days to dispute credit card transactions. You can do this if the transaction has cleared (which is typically less than 24 hours). You can do this even if you've already paid your credit card bill. Your credit card company is required to refund the amount to your account until the dispute is resolved and help you in the dispute resolution process. The law has some antiquated restrictions about transactions occurring more than 50 miles from your home and technically gives you a liability of $50, and doesn't cover debit cards. However, both Visa and Mastercard have policies of zero liability that cover both credit and non-PIN-based debit transactions independent of how far from your home they occur. I've disputed numerous charges for various reason, including having someone make a copy of my card in Mexico (I still had the card but the bank said it was a card-present transaction). Disputes have always been resolved quickly and in my favor. In short, using a credit cards is the safest way to buy stuff. Always use a credit card for any purchase.

      Think if you'd used a gift card. Gift cards are like cash. If the purchase was fraudulent, you only lose the value of the gift card, but you have no way to get it back. I guess the safest way would be to reload your gift card each and every time you make a purchase for the exact purchase amount. I think that would be a bit annoying.

  2. New Credit Cards? by fluch · · Score: 5, Interesting

    Wait, so they suggest customers to get new credit cards? Well, one thing I do not understand is this: the credit card information is with Apple, but I thought only Apple has access to this stored information. There should be no way for the bad guys to obtain my credit card information from there. If they have the credentials to my apple account they can make Apple charge my credit card without my authorisation. But in this case Apple would have to give me back this money as I did not authorise it etc. And as soon as I have changed my password ... the problem should stop (as long as they don't get my new password somehow)...

    Or what am I missing here?

    1. Re:New Credit Cards? by cusco · · Score: 2, Interesting

      Or what am I missing here?

      Stolen database backup? It's incredibly easy, and extremely embarrassing. Most companies don't want to admit, "Well, the intern that we foisted the backup jobs on gave the tapes to some guy in an Iron Mountain shirt and now we don't know where your data is." I know it's happened locally at least twice, and neither company fessed up to its customers.

      --
      "Think about how stupid the average person is. Now, realise that half of them are dumber than that." - George Carlin
  3. Approved apps? by fluch · · Score: 4, Interesting

    Just wondering: So if harm is done with apps approved by Apple ... isn't Apple then also liable for the fraud done by them?

  4. Apple Slashdot Attention by helix2301 · · Score: 2, Interesting

    I have to agree Apple is getting a tone of slashdot attention. Knowing Apple's reputation they probably plan and want the publicity. But lately they been getting a lot of negative attention which is not a good thing.

    --
    http://www.thetechnologygeek.org
  5. The attacks on Apple continue (but not from apps) by sjonke · · Score: 2, Interesting

    This is yet another ludicrous attack on Apple. The problem here is not that "rogue apps" have stolen your itunes account and credit card number, it is that these rogue developers have stolen itunes accounts/credit cards or purchased same from some other source and are using these to purchase their apps and make money, both from the purchases and the rising up in the charts. So, please, please just stop with this. Why do you idiots want to kill Apple? If it's because they don't make a phone that you like, well, that is really f-ing pathetic.

    --
    --- What?