iTunes accounts hacked by shady developer?
[Update 1, later the same day: do take a look at the follow-up; after submitting the story to Apple, a fellow developer got word from none other than Phillip Schiller that the App Store team has started investigations on this. Gg, guys!]
[Update2, the day after: over at this post I put together a quick estimate of the amount this guy has made since this story started: it adds up to over 1 million dollars!]
[Update3: The most insightful follow-up on the subject comes from AppleInsider, where they explain the mechanism that Far-East teenagers use in order to make iTunes purchases using stolen iTunes accounts]
[Update, 4: I wrote down some final thoughts commenting on Apple's statement on the subject, and detailing why I think that this story is a sign of an organized network and not a singular case, and it's of a much higher proportion than what Apple suggests]
And now, the story:
I was contacted yesterday(Saturday July 3 2010) by another iPhone app developer, Patrick Thomson. Here’s what he wrote:
I’m the developer of the QuickReader iPhone application. I’ve been noticing over the past few days that my app along with yours has been slipping down in the rankings. On trying to figure out why, I discovered what appears to be a concerted and criminal effort to game the Books category rankings.
It looks like the Books category has been hijacked by an app publisher named mycompany/Thuat Nguyen. His apps now occupy 40 of the top 50 ranks in the Books category on the app store. These are apps that typically wouldn’t rank in the Books category and most of them don’t have any ratings or reviews. However if you look at the reviews for the Conan 3 app, you can see that 2 reviewers complain (as early as Monday the 28th) that their iTunes accounts were hacked and the apps were purchased by the hacker. It would appear that this publisher is hacking accounts and buying his own apps in order to drive up his rankings in the Books category.
This is having a negative impact on our apps, which are being pushed down in the rankings and losing visibility, plus it makes for a bad user experience.
I had noticed the issue as well; I just hadn’t given it much thought, believing that, out of a sudden, there are many US people interested in badly coded vietnamese manga apps. I was hoping that it would pass by itself, and that once it does my Self Help Classics app would regain its top 20 place in the Book apps category it had kept for the last 1.5 years. However, Patrick made a good point – if there’s criminal activity at hand, iPhone app customers are the primary victims, with the developers of legitimate, hard-worked apps a collateral damage.
I made some additional investigations and noticed some other irregularities.
To sum the entire case up, here are the facts:
- the unexplained rise of a bunch (41 by the count of them) strange, roughly coded, non-localized vietnamese(?) comic book apps in the US Book Store. All 41 of them are now occupying the top 50 paid iphone book apps section, suggesting a vast demand for them from US-based vietnamese residents. However, had there been a real demand for them, these apps would have been in the top books for Vietnam AppStore book section also; as it turns out, they are nowhere to be found in the top 200 there – so the stolen itunes accounts story starts to be a possibility.
- the two reviews saying their accounts had been hacked and the purchases made without their knowledge. Since there are no kind of reviews elsewhere, one more clue pointing out that other victims aren’t aware of their accounts being hacked.. ; the Conan 3 book does have other *extremely* positive reviews written in poor english; none of the other 41 books has any reviews; had the positive ones been legit, other apps should have some kind of reviews as well. But they don’t, so it might be that Conan 3 positive reviews were written by their developer(or his partners), in an attempt of diverting attention from the real issue..
- looks like all 41 books are based on stolen intellectual property (I’m not sure here about the licensing rights of major Japanese manga, but I’m just guessing) – 7 Vien Ngoc Rong series (http://en.wikipedia.org/wiki/Dragon_Ball); Conan series(http://en.wikipedia.org/wiki/Case_Closed);
- the developer itself doesn’t seem to be legit – both the company site and support page are missing, no reference of them could be found on Google
- it’s statistically impossible that out of 41 book apps of a developer (he also has one game in his 42 apps portfolio), all of them are in top 50 paid books US, having been published on the same days (most of them on April 16, others on April 20 and the rest on April 22).
I hope that sometime soon Apple hears of this. Just to be clear, the issue here is not me or Patrick being disgruntled with another developer’s success. The issue is that it seems people’s iTunes accounts have been hacked, with mass purchases of one developer’s apps being made using their accounts. This is a new kind of internet theft(the first of its kind that I hear of), and such a vulnerability is a major threat to all that Apple’s AppStore ecosystem means: a safe, secure place for people to download legitimate and curated apps.
[Please make sure you also read the follow up articles on this subject, the ones I linked to in the updates I added at the top]
If you're new here, you may want to subscribe to my RSS feed. Thanks for visiting!
138 Comments to “iTunes accounts hacked by shady developer?”
Leave a Reply
[...] developer Alexandru Brie wrote on his blog that his “Self Help Classics” application had been bumped from the top 50 [...]
[...] to doing all that kind of activity. You may read the full story of iTunes accounts hacked on the source and until next update we recommend you all to change your passwords of iTunes and PayPal as a [...]
今早有提到iTunes Store被駭的事情,實際上比較像是戶口被盜用,而且可能跟淘寶的貨品有關。據 http://www.alexbrie.com/archives/205 上說,Apple已經在調查了。
[...] on his blog, developer Alexandru Brie noted that his app, Self Help Classics, had fallen out of the top 50 paid [...]
[...] not all of the facts are out yet, but if what is being reported on The Next Web and by developer Alexandru Brie turn out to be true, it may be prudent to stop reading this now and remove your credit or debit [...]
[...] iTunes accounts hacked by shady developer? | alexbrie . com [...]
[...] iPhone developers have uncovered what seems to be a massive hack of the App Store. After seeing the rating of their apps [...]
[...] not all of the facts are out yet, but if what is being reported on The Next Web and by developer Alexandru Brie turn out to be true, it may be prudent to stop reading this now and remove your credit or debit [...]
[...] first signs of trouble happened over the holiday weekend when two app developers noticed their apps in the books category started dropping in the popularity rankings – dramatically. [...]
Is your apple itunes account one of those that got hacked? Suggest changing password. http://www.alexbrie.com/archives/205
[...] not all of the facts are out yet, but if what is being reported on The Next Web and by developer Alexandru Brie turn out to be true, it may be prudent to stop reading this now and remove your credit or debit [...]
if you have an account here you better read this… just in case http://www.alexbrie.com/archives/205
[...] iOS app developer 發現 book 分類的排行榜突然被一大堆 來自越南的侵權漫畫 app 佔據,顯示這些 app [...]
Ahhh.. shady vietnamese developer… The icons are even (and I am assuming the content of the apps) rip offs of the Japanese dragon ball series.
[...] not all of the facts are out yet, but if what is being reported on The Next Web and by developer Alexandru Brie turn out to be true, it may be prudent to stop reading this now and remove your credit or debit [...]
[...] not all of the facts are out yet, but if what is being reported on The Next Web and by developer Alexandru Brie turn out to be true, it may be prudent to stop reading this now and remove your credit or debit [...]
[...] rise in the Vietnamese books’ rankings was noticed by two competing iPhone developers, Alex Brie and Patrick Thomson, who were alarmed by their apps slipping in rankings in favor of those from [...]
[...] initial report by blogger Alex Brie highlighted the fact that 40 of the top 50 iPhone apps in the Books category were created by [...]
[...] Over the Fourth of July holiday weekend here in the U.S., reports broke out that Apple’s App Store had been hacked by a rogue developer who figured out how to cheat the system and artificially drive up sales of their e-books. Turns out, the whole thing may have been much ado about very little. MacRumors is reporting that the App Store “hacking” reported on Sunday by TheNextWeb — which quickly spread some degree of panic across Twitter and several tech blogs — is not really quite what it seems at first glance. The initial report claimed that “a rogue developer had gamed the system by artificially driving sales to their e-books.” In this case, a flood of “poorly coded Vietnamese-based books” had shot to the App Store’s Top Books Paid Software ranks, which was quickly spotted and immediately called into suspicion by competing developers. [...]
[...] information place: Alex Brie (english) Bookmark It Hide Sites $$('div.d205').each( function(e) { [...]
[...] the weekend, reports emerged that Apple’s App Store had been hacked. A rogue developer seems to have hacked people’s iTunes [...]
[...] first hint that something was amiss over the weekend came when two developers noticed that 40 out of the top 50 slots in the iTunes books section were all released by the same dev [...]
[...] initial report by blogger Alex Brie highlighted the fact that 40 of the top 50 iPhone apps in the Books categorywere created by [...]
[...] their knowledge or consent. The first hint that something was amiss over the weekend came when two developers noticed that 40 out of the top 50 slots in the iTunes books section were all released by the same [...]
[...] first hint that something was amiss over the weekend came when two developers noticed that 40 out of the top 50 slots in the iTunes books section were all released by the same [...]
[...] developer and the maker of the 99-cent Self Help Classics e-book app wrote in his July 4, 2010 blog [...]
[...] has since removed the apps from the App Store, though Alex Brie, a blogger who first brought the strange listings to attention, has suggested other developers might be using a similar hack. The Next Web is also suggesting the [...]
[...] die Berichte über zahlreiche Apple-Kunden, die Opfer von Hackern geworden sein sollen. Entwickler Alex Brie war aufgefallen, dass am Wochenende 42 der eBook-Apps aus den Top 50 von Thuat Nguyen stammten. [...]
[...] lớn các ứng dụng của cùng một nhà phát triển,” Brie đã viết trên blog của anh vào hôm Chủ Nhận vừa [...]
[...] iTunes accounts hacked by shady developer? | alexbrie . com [...]
[...] bookstore – comic apps that were, themselves, stolen intellectual property. The trail began with the discovery this weekend that 41 out of Apple's top 50 book apps belonged to developer Thuat Nguyen, who may have earned [...]
[...] Alex Brie, un desarrollador rumano, fue el primero en advertir anomalías en la AppStore. http://www.alexbrie.com/archives/205 [...]
[...] initial report by blogger Alex Brie highlighted the fact that 40 of the top 50 iPhone apps in the Books category were created by [...]
[...] rise in the Vietnamese books’ rankings was noticed by two competing iPhone developers, Alex Brie and Patrick Thomson, who were alarmed by their apps slipping in rankings in favor of those from [...]
[...] not all of the facts are out yet, but if what is being reported on The Next Web and by developer Alexandru Brie turn out to be true, it may be prudent to stop reading this now and remove your credit or debit [...]
[...] Exploiting and stealing [...]
[...] a shame to have to point out such underhanded behavior on a holiday weekend, but we got a heads-up from developers Alexandru Brie and Patrick Thomson that something was seriously amiss in the Books category on the App Store. As detailed on [...]
[...] developer Alexandru Brie wrote on his blog that his “Self Help Classics” application had been bumped from the top 50 [...]