Affiliate Disclosure
If you buy through our links, we may get a commission. Read our ethics policy.

iTunes App Store hit by developer and account fraud

Apple's iTunes Store users are increasingly being targeted in a number of fraud cases, some of which appear to be orchestrated by iOS app developers seeking to boost their sales rankings, and others which appear to be a widespread hack of user accounts.

While the billions of songs and apps being sold in the iTunes Store to millions of account holders are certain to bring with it a certain amount of fraudulent purchase reports, a new wave of very suspicious app purchases appear to have boosted the sales of a single App Store developer to an overwhelming 40 spots of the top fifty apps in the books category.

The books in question are a low-quality series of mostly Japanese manga titles all published by "developer" Thuat Nguyen, whose publishing company is listed by Apple as "mycompany" with a website of "Home.com." It's impossibly unlikely that 80% of the American App Store's book sales were legitimately dominated by sales of shoddy anime book apps that are not localized, appear to violate intellectual property rights, and were all dumped into the App Store at once over a period of a couple days.

Even more worrying is that sales of the junk apps are being reported by multiple users in iTunes as fraud activity. User ratings on the titles frequently complain about having discovered the purchase as part of fraud activity on their accounts. A flurry of positive reviews say simple things like, "it's great" and "good, this story is very interesting," creating the appearance that they have been added by the same group behind the fraud sales.

The fraudulent book sales are not just overwhelming the App Store charts with junk; they're also pushing legitimate titles by real developers out of the view of shoppers, devaluing the iTunes Store in the minds of users, and eroding Apple's position that the App Store is a carefully curated marketplace that doesn't suffer from the junkware bloat and intellectual property fraud of Google's Android Market.

iTunes fraud

iTunes accounts being hacked

In addition to listings fraud aimed at promoting the sales of specific junkware developers, it also appears that Apple's iTunes accounts are widely being compromised by organized attacks based in China, where crackers obtain the account information of legitimate users and resell access to the accounts to buyers who pay a few dollars in exchange for information that allows them to make fraud purchases of several hundred dollars before the account's card is turned off.

Last month, a user posted a forum comment stating, "I am going to tell you the truth about what has been going on with your account." The anonymous user then explained, "let’s say you are a Chinese guy or girl with an iPhone or iPad and you want to get some music, movie or app. How you do you do it? You go to http://www.taobao.com: The (by far) largest online market in the world and type iTunes in the search bar. Immediately you will be presented with a list of more than 7,000 items.

"You want to save money, so you filter the list to show only items under RMB25.00- (US $3.60) and still you have more than 3,600 offers. So you pick some one at random like, as an example, this one: http://item.taobao.com/item.htm?id=5516054242. You open the online chat and you transfer him RMB22.00 (US $3.20). He ask you in the online chat to provide a new iTunes account name and password, and you comply: User: qiuwge3foe3333@yahoo.com Password: qwer34567

"He asks you to wait 10 minutes online. He has already a number of user accounts under surveillance, so he enters in the iTunes account of his victim, change his/her username and password to the one you provided, and come back to ask you try it and approve the transaction so Taobao.com releases his money. Even if you cant read Chinese you can see very clearly in his item description that this account will not last more than 24 hours (the time for his victim to see the charges mounting and then cancel the credit card).

"He claims that he selects 'his' accounts so you can drain at least US $250.00 from them before they get cancelled. He urges you to be fast and buy and download as fast as you can. Start immediately! Keep the download going on for the full 24 hours! There is no warranties on how long it will last! Because he already changed the username and password, the victim can’t stop you.

"There are cheaper ways, of course! You can join a 'frenzy feeding,' where the same hijacked account is sold to several customers. It is much slower and, because it was 'opened' maybe hours ago, it will be much shorter lived. It can be had for RMB1.00 to RMB5.00 (US $0.14 to US $0.74). The most important thing, however, is to BUY fast not to download fast. You can download at leisure during the next weeks. iTunes will not stop you: It will only remind you that your (victim’s) credit card is not working and invite you to update your payment details.

"Then, if you want more applications later on, you just enter in Taobao.com and get again a new account in a few minutes. This is the sad reality. There are a lot of of things Apple could do to stop this, like canceling the hijacked accounts and de-authorizing its computers, making the whole process useless. But for what? This is not a problem for Apple: It is a problem for the credit card industry. The account is right, the payment is right, end of the story. If you claim that someone used your credit card to buy things it is a problem between you and your bank, not between you and Apple!

"Please note that when you are buying like crazy with 'your' new account Apple doesn’t bill directly to the credit card every time you add an item: It bills in batches of around (below) US $50. This is another detail that shows how cunning they are! You buy, buy, and buy. And every time your reach 40-something dollars Apple invoices the card. If it pass, you can keep buying. If not, it stops you from buying more.

"This achieves two things: One, it limits the damage to Apple as they only can get hooked for, at most, US $50. Two, makes the whole system safer for them, as purchases under US $50 are not protected in the States law. And it is funny that if that last transaction doesn’t go through, then is when the rage of Apple comes over you for any item you may have already download before the invoicing point was reached.

"Apple will put a flag on your account and will not allow you to download updates for any of the apps on 'your' account (whatever order they came from) or download the pending episodes of 'your' season passes). In this case, you have no option but to go to Taobao.com and use another procedure.

"There are people (the same people) who saves you time by doing in advance the whole process of providing the user, etc. They’ve already 'opened' an account and used it to purchase one or two US $50.00 gift certificates. You get one (US $1.40) and use it to cover the debt with Apple so they can let you enjoy peacefully the items you 'own.'"

Apple monitoring fraud

Out of the billions of transactions handled by iTunes, it's not surprising that there is considerable fraudulent activity occuring. However, the apparently unchecked fraud being orchestrated on such a wide scale, combined with Apple's very slow response in handling extremely suspicious sales that dramatically distort sales rank as noted in the initial example, shed a very questionable light on Apple's assertion that iTunes is a carefully curated marketplace.

It also calls into question why the company works so hard to carefully review developer titles in some areas while at the same time allowing large amounts of very low quality junkware to be listed by obviously illegitimate "companies" with fake contact information.

(Update: A report by App Store developer Alex Brie on the situation indicates App Store developers have been contacted by Apple's Worldwide Product Marketing senior vice president Phil Schiller, and an investigation is now underway.)



71 Comments

prof. peabody 14 Years · 2858 comments

Quote:
Originally Posted by AppleInsider

... The books in question are a low-quality series of mostly Japanese manga titles all published by "developer" Thuat Nguyen, ...

I wish Apple would just stop the entire practice of selling "apps" the are actually books. There already exist multiple online bookstores for those that have the legal rights to publish a book and the "books" apps just junk up the store.

I'm an artist, and could easily steal some old out of copyright work and jazz up a few illustrations and a cover for it and sell it on the app store. I don't do that though, because it's wrong, (legal though it might be). These kind of apps add nothing and are a blight on the app store for the most part.

ltcommander.data 16 Years · 327 comments

This is definitely an alarming issue that needs more widespread attention. I don't usually expect AppleInsider to be so critical on Apple, but it's good that this report is thorough and concerned about Apple's slow response.

In terms of people who've used fake or stolen accounts to purchase apps, can Apple's app kill switch be used to deactivate those applications on those user's next iTunes sync? Or is the app kill switch a more blunt instrument that can only to be used to kill an app for all users across the whole App Store rather than just those users who have participated in fraud? Although, Apple needs to be very careful in using this of course, since the media attention on false positives would be even worse than the fraudulent activity going on right now.

a_greer 21 Years · 4341 comments

Quote:
Originally Posted by Prof. Peabody

I wish Apple would just stop the entire practice of selling "apps" the are actually books. There already exist multiple online bookstores for those that have the legal rights to publish a book and the "books" apps just junk up the store.

I'm an artist, and could easily steal some old out of copyright work and jazz up a few illustrations and a cover for it and sell it on the app store. I don't do that though, because it's wrong, (legal though it might be). These kind of apps add nothing and are a blight on the app store for the most part.

I agree for the most part, however, I would caution that some book apps are really good, I dont have nor want kids, but I have seen some apps in use that do things that Kindle, ibooks and the like do not, things like animated illustrations, or read along features where kids who are just learning to read can have each word highlighted as it is played via a recording of a friendly sounding professional reader, not a robo voice like the Kindle offers for some books.

What needs to happen is there needs to be media apis available to i Books, have three book cases, traditional books, PDFs, and interactive material. This would be great for digital textbook supplemental materials as well. With DVD Studio Pro and Motion laying around, Apple has all the tools to build an awesome content creation experience for interactive books, just mix and match the best of those video features with what Apple has learned from Pages and Keynote and make an application for Mac that does content design for iBooks, and allow other third party reputable resellers like amazon, or barns and noble to do book apps...problem solved.

davesw 14 Years · 340 comments

Hope Apple files charges against this idiot developer.Also i don't think he will ever be in ANY app store. his credibility and reputation is now in the shitter.

foad 21 Years · 674 comments

It seems as though Apple has removed the books in question and now the top books are where there were before.