As Apple’s App Store turns 2 years old this last week, more stories appear of hacked accounts and scamming applications.
One recent story is of an App Store patron, Mike Rohde that found around $200 of In-App purchases for a game called Fishes by PlayMesh. PlayMesh is a developer that puts out many “RPG” type games with 7 to 10 “Ticket” apps that you can purchase to gain in-game points. Those ticket apps go for anything from $0.99 to $99.99. They also have a few random apps like “Tic Tac Toe Online Premium for $4.99.
Mike found the problem when he looked at the email that Apple sends out occasionally to show purchases. It showed several In-App purchases that he knows he didn’t make. His son was the user playing Fishes and he’s pretty sure that his son doesn’t know the password to the iTunes account.
There is some question about password caching on the iPhone/iPod touch/iPad and In-App purchases. Turns out if you purchase an app in the App Store and enter your AppleID and password, that information stays valid for a short period of time. It also stays valid for In-App purchases. The assumption is that Mike made a purchase, then handed the iDevice to his son who then went into Fishes and made several purchases. It’s not clear if the child knew what he was doing or if it was just an unfortunate coincidence.
Mike was able to contact Apple and have one day’s worth of purchases removed. However, the rest he will have to see if PlayMesh will do the right thing and refund. So far, they haven’t returned his inquiries.
This brings up an important security issue. Should Apple allow In-App purchases to access the same AppleID/Password caching that the higher level App Store accesses. It seems that a setting in the Settings App would help here. Forcing the iDevice user to enter an AppleID/Password for every purchase no matter how much time as transpired would solve issues with multiple users accessing iPod touch’s and/or iPad’s.
Another story that emerged over the last few weeks is that someone hacked about 400 iTunes accounts and purchased several ebook apps getting those apps to be the 43 of the top 50 ebook apps. Apple investigated the issue and banned the developer that created the ebook apps.
This hacking issue raised an important question to me. What if a developer, after successfully hacking into a couple of iTunes accounts, changes his apps price from a couple of dollars to $999.99, then purchases it in the hacked accounts, and changes the price back. That developer could make a bunch of money quickly.
This would clearly raise a very bright flag and would probably be stopped fairly quickly. However, would it be quick enough to be stopped before Apple cut a check to the developer? Simply banning the developer wouldn’t stop this scammer from doing it again. Since all they would have to do is create a new developer account with different credentials.
If this hasn’t happened yet, I suspect it might soon and if it does, it will be very interesting to see how it’s resolved.
Otherwise, the App Store has been triving with over 270,000, 14,000+ of which are iPad apps. There hasn’t been any “official” statistics for this last year, but if the growth is anything like it was last year, there have been many billions of application downloads as well as at least 1 billion dollars sent out to developers.
It’s not really all that hard to do when the stores user base is about 60 million users with estimates hitting 100 million by the end of the year. It’s easy to see why Apple’s App Store has so many applications when compared to Android and other mobile platforms.
