{"id":610,"date":"2010-07-07T20:27:39","date_gmt":"2010-07-08T01:27:39","guid":{"rendered":"http:\/\/www.jitesh.com\/blog\/?p=610"},"modified":"2017-07-17T13:08:10","modified_gmt":"2017-07-17T18:08:10","slug":"apple-response-to-itunesapp-store-hack-seems-dubious","status":"publish","type":"post","link":"http:\/\/www.jitesh.com\/blog\/2010\/07\/07\/apple-response-to-itunesapp-store-hack-seems-dubious\/","title":{"rendered":"Apple Response to iTunes\/App Store Hack Seems Dubious"},"content":{"rendered":"<p>Over the long weekend, there were reports that iTunes accounts were hacked and fraudulent purchases were made in iTunes and the App Store. Most\u00a0notorious\u00a0was a single author having a lot of his books in the top 50 in iBooks. Yesterday, <a href=\"http:\/\/www.engadget.com\/2010\/07\/06\/apple-responds-on-itunes-fraud-vaguely-confirms-said-fraud\/\">Apple responded<\/a> with the following:<\/p>\n<blockquote><p>The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.<\/p>\n<p>Developers do not receive any iTunes confidential customer data when an app is downloaded.<\/p><\/blockquote>\n<p>Engadget also reported that roughly 400 iTunes users were affected by this. To me, all of this does not make sense. I still have questions, and as far as I can tell, the press has taken Apple&#8217;s word and moved on to other things.<\/p>\n<ol>\n<li>How was a developer able to make fraudulent purchases on other users&#8217; behalf?<\/li>\n<li>Is Apple implying that Apps this developer made were able to do this? If so, what have they done to prevent other developers from doing the same thing? Have they issued a <a href=\"http:\/\/www.crunchgear.com\/2008\/08\/07\/apple-can-remotely-remove-applications-from-your-iphone\/\">remote kill<\/a> on his Apps? This would seem to be a very big security issue. (Also, some of the people who reported the fraudulent activity claimed they never purchased anything from that developer).<\/li>\n<li>If they aren&#8217;t implying that, what other mechanism was used by this developer?<\/li>\n<li>Apple&#8217;s own PR says that over <a href=\"http:\/\/www.apple.com\/pr\/library\/2010\/05\/03ipad.html\">1.5M books were downloaded in the first 28 days<\/a>. Since then, over 2M more iPads were sold. It took only 400 iTunes accounts to push 42 books into the Top 50? On the surface, it seems like a very low number of books (assume 400 copies of each) to take over the Top 50. Are sales for popular books that low?<\/li>\n<\/ol>\n<p>I hope people out there are doing some more digging on this and not just taking Apple&#8217;s statement as the full story.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Over the long weekend, there were reports that iTunes accounts were hacked and fraudulent purchases were made in iTunes and the App Store. Most\u00a0notorious\u00a0was a single author having a lot of his books in the top 50 in iBooks. Yesterday, Apple responded with the following: The developer Thuat Nguyen and his apps were removed from [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"footnotes":""},"categories":[20,8],"tags":[287,50,289,288,215,286],"class_list":["post-610","post","type-post","status-publish","format-standard","hentry","category-news","category-technology","tag-app-store","tag-apple","tag-fraudulent-charges","tag-hack","tag-investigation","tag-itunes"],"_links":{"self":[{"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/posts\/610","targetHints":{"allow":["GET"]}}],"collection":[{"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/comments?post=610"}],"version-history":[{"count":2,"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/posts\/610\/revisions"}],"predecessor-version":[{"id":867,"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/posts\/610\/revisions\/867"}],"wp:attachment":[{"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/media?parent=610"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/categories?post=610"},{"taxonomy":"post_tag","embeddable":true,"href":"http:\/\/www.jitesh.com\/blog\/wp-json\/wp\/v2\/tags?post=610"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}