Strange goings on at Apple's App Store

According to several reports, irregularities were witnessed this weekend in one of the book categories in Apple's App Store for iOS devices. A number of poorly scanned books from someone who appears to be a Vietnamese developer are reported to have found their way onto the best-seller list. The irregularities appear to be connected to iTunes access data stolen from large numbers of iTunes users who are reporting on various forums that their accounts have been used to purchases the developer's 'book apps'. It's not known how many users are affected.

According to estimates by MacRumors, hitting the top 50 list in the book category in question requires sales in the region of just 50 to 250 per day. This would put the number of iTunes users affected by the hack at just a few hundred. Apple has since removed the incriminating apps from its App Store. It's not clear how the fraudsters behind the hack got hold of users' access credentials, but such hacks are commonly carried out by password stealing trojans or phishing sites. Because iTunes accounts can be used to download music, applications and games, which are then paid for using the user's saved credit card details, they are popular trade goods for criminals.

The incident raises the issue of whether and how Apple actually verifies developers' details. The internet address given by the app developer leads to a parking domain. It also raises the questions of how the apps were accepted for sale in the App Store in the first place and why there were no mechanisms in place to flag that the best-seller list was being flooded with apps from a single vendor.

(crve)