More Trouble In Apple's App Store 186
quickOnTheUptake writes in to update the story of foul play in Apple's App Store, which we talked over on Sunday. The Next Web, which broke the story, now provides evidence of rampant App Farms used for theft in the store. Here is a summary of the problems TNW has seen, which includes large-scale break-ins of the App Store accounts of users worldwide. Apple has responded to the initial reports, has disabled the account of the initially fingered rogue developer, and has called on those whose accounts were misused to change their password and credit card. Both TNW and Engadget, at least, believe the problems go far deeper than Apple is admitting.
Re:So much for app review (Score:4, Informative)
I have seen 'fake' apps in the Android store so this is not isolated to just Apple.
If you see an app in the market with virtually no rating then you know to pass it by.
The one thing that the Android market lacks is filters.
Re:Quick anecdote (Score:5, Informative)
This is probably another quick and anonymous method of checking the validity of a stolen card. Before, credit card thieves would run cards through gas station card readers. This worked until the readers started prompting for the ZIP code of the cardholder.
My solution? Consider either using iTunes gift cards, or if that isn't an option, put the CC info in, make purchases, then remove the information.
Re:But they were approved! (Score:2, Informative)
Re:But they were approved! (Score:5, Informative)
Apple didn't catch him. The "apps" in question were absolute trash (along with the 300+ iFart apps), making a mockery of any illusions that it's a curated garden.
However just to be clear, we already know that the Android market can do precisely the same thing, forcefully reaching out and removing rogue content. Instead of any ridiculous notions of curation, however, Android relies upon a permissions system that makes a user aware of the potential reach of any given application. It is far from perfect, yet despite some ignorant criticism directed at it recently it beats the hell out of anything on the iPhone.
Not really sure why we're talking about the phones though. The exploit in this case didn't necessarily have much to do with the actual handsets themselves.
Re:Quick anecdote (Score:5, Informative)
The iTunes thing is a credit card test.
If you think about it, if you steal a bunch of credit cards (e.g., hack a payment processor), the easiest way to test them is to run up a charage against something that has most people thinking is a normal charge.
E.g., a lot of people have iTunes accounts, so get iTunes to do run a charge and see if it goes through - you'll see this as a $0.99 billing mostly. The goal is to hide that 99 cent charge amongst hopefully other iTunes charges.
Earlier this year, a payment processor was hacked (one used by one of my favorite stores) - it's unusual because the store itself doesn't store credit card data (they can't), but a bunch of people who used that store noticed the iTunes charges, while others noticed and saw the strange charges as well (too late).
I don't think there's any credit card information being stolen from Apple (no app can get at it unless it key logs - at worst they'll get your iTunes account information as your credit card isn't transmitted to Apple at all - Apple looks up your stored credit card info).
As for enabling the activity, I think it's because iTunes is quite popular - a good chunk of those doing online shopping have probably bought something from iTunes, thus the change of burying a charge is greater, and there's probably some API that was hacked in order to rapidly test credit cards. Also, Apple delays charging for a week or so (to avoid multiple 99 cent charges, they'd rather do a batch charge) but iTunes does do a reservation for each charge to ensure credit is available.
Re:4568 apps? (Score:5, Informative)
The apps from that 'developer' are things like 'xxx Quotes' where there are quotes collections for many many different people. And slider puzzles where there are many different pictures. And recipie books.
Basically the kind of 'stuff' where the actual codebase is a small container re-released over and over and over with different content.
That's part of the problem in general with the 'little Apps' model Apple has developed. There are separate 'Web Radio Players' for each radio station, leading to thousands of different radio 'apps.'
Re:But they were approved! (Score:3, Informative)
Methinks that stupid/useless apps are not an issue. There's a lot of crappy books in every bookstore, and I have no problem with that. But the issue is that people's iTunes credentials got stolen, and I don't think it was Apple's fault unless the exploits were running on OS X...
Apple isn't arrogant? (Score:5, Informative)
Listen, when your marketing literally states that you are "changing the world" with your phone, and apparently you didn't properly engineer the antenna, your customers are going to complain bitterly. And then everyone who realizes that Apple is just Microsoft with better industrial designers and better marketing are going to laugh at the brand loyalists who got bitten again because Apple favors form over function.
It's really not more complicated than that.
Re:But they were approved! (Score:3, Informative)
I haven't seen anything saying a program itself did anything without a password. Most likely scenario is developer got password through some other means, put up all these random apps, and began purchasing them.
Re:But they were approved! (Score:2, Informative)
Yeah, guy, Steve Jobs said it at D8. Feel free to do a search.
NO IT ISN'T.
Listen, I realize you might have a problem with threaded conversation, and you seem to be trying to mesh every comment with the submission, but that just isn't how it works. See, I was replying to someone who made a command, and this thread carried on from there.
Are you new to Slashdot? You understand the conversational nature? You might want to get acquainted with theads and conversations.
Fascinating. So you have inside knowledge on what happens? No, I don't think you do.