Well, you certainly are biased, so I won't bother correcting you, but for everyone else, remember that iTunes is common on PCs running Windows anymore so its naive to say its only a Mac problem.

App fraud seems to be happening in two major ways. One way is for an app to get the info from you directly - you download an app and the app itself asks for password info, credit card info, etc. Then it passes it on to the developer that can use it, sell it, etc for profit.

The second way is to just have your password stolen or brute-force broken. You don't even have to have download an app, just have an iTunes account. If the password isn't stolen from an existing keylogger or virus or trojan, easy passwords (like six-digit numeric birthdays) are brute-force broken in seconds, and the thief can then simply log in to iTunes from anywhere in the world and buy his or her apps. You don't know until you start getting receipts from Apple about the purchases.

I remember people talking about this back in January when fraud apps started appearing on Android Apps. Its a major problem that seems to be sources in China (go figure).

 

[QUOTE=MikeyCB,Jul 6 2010, 12:00 PM] There's one part I find weird:



How about you issue refunds for the transactions that you know where fraudulent, or err on the side of caution and assume NOBODY bought this guy's applications, and refund all money.

 

Very true, but with recent trends which are on an alarming uprise are apple customers. They but it becuase it is the trendy thing to do and be seen with in a starbucks and they are also the most gullible to phish of any computer user IMO!

I know, completely biased statement lol

 

Hmm, where'd you hear that? Because I didn't think the iPhone stored a user's iTunes Store password anywhere. Using customers' data, yes, but I find it rather surprising that the data might be coming from an iPhone app.

 

And if you think this fraud is bad by sneaking under Apple's nose and its "restrictive" approval process, wait until you see what can happen in Android's open market:

http://www.theinquirer.net/inquirer/news/1...oid-apps-market

Imagine downloading an app for yourself, and then giving all your financial info to some thief in another country.

 

"We love 'The Leader.'"



Is it a coincidence that their product colors match the robes?

 

The iPhone does not store such info, but apps, be they Apple or Android, that have in-game purchasing options ask for and send off this sensitive info. Users are effectively being phished for their personal data that is then resold or simply used.

The only thing worse than Apple's vetting process for apps is no vetting process for apps. At least the Apple vetting process can be changed to look for such things - if there's no vetting process in place to begin with, there's never going to be a correction to look for such things.

 

Most Apple users are former Windows users anymore.

And anyway, most computers are Windows based, ~40% or so are thought to be compromised in some way, and iTunes is on a lot of windows computers anymore. Draw a Venn diagram and in the middle you can see how Apple can be entirely outside this equation yet still be effected.

Is Apple's process perfect? No, far from it in fact. Its better than the alternative though.

 

The issue here is apple's security in the itune's store or their app pre-approval process?

 

iTunes is secure - people's accounts were hacked and used to fraudulently purchase apps. Its not even necessarily an application problem, since the account information could be stolen from a PC using a virus.