Update: Apple has issued a press release about the matter but has not added any mention to the apps listed below.
As the story of of iTunes accounts being hacked continues to develop, we’ve come across a number of what we would call “App Farms” in iTunes being used to scam users out of their money.
Despite a claim that we’re exaggerating the gravity of the entire situation, let’s show you a few examples of these app farms and you can judge for yourself.
1. The Company/Thuat Nguyen begun our investigation. It’s responsible for 42 apps, 41 of which are book apps, all in the top 50 best selling apps in the books category. This app developer hacked iTunes user accounts and purchased their own apps using those accounts. (Update: This app developer has now had all his apps removed)
2. Charismaist (iTunes Link). With only three apps in the app store, Charismaist can hardly be considered a farm but we’ve already received 4 reports of charges up to $600 for the purchases of this developer’s apps.
One reader says:
“Someone has downloaded 8 apps and two songs totalling £61.70. The most expensive being an app called All Match by Charismaist for £54.99! The other apps seem to be based on photographer like Camera One, Night Shot, Camera Flash Ultra. Surely Apple won’t pay out to these developers.”
“My iTunes account was also hacked in the last week or so and I was billed £140. iTunes customer support was less than supportive and it took my bank getting involved, my card being cancelled and reissued and 2 changes of passwords to get is sorted. The apps that Jamie Vickery mentioned were bought using my account too.”
Comments on iTunes about one of the apps can be found below:
3. Wishii Network. Similar to the first example, Wishii Networks apps completely dominate the top travel iPad apps list with 29 out of 50 apps in the Travel category of apps store, this time on the iPad.
We’ve now receive 3 reports from people who have spotted these apps in their billing history but considering this is the US itunes app store and each of the apps requires payment to climb up the chart – there’s bound to be many more.
4. Storm 8 (itunes link). Check out the screenshot below. An app developer with 45 Games, many are clones that only differ by the number of “points” they offer. The quality of Storm 8’s games are definitely above any of the other scammy apps listed above, the company has been around a year and has a strong following however there is something very suspicious about the pricing for various in-game purchases of points. The developer hands out its games for free (or very little) and then uses the in-game points purchases to make its money, often charging up to $150 for in-game points purchased. You can see the cost of some of the point s purchases to the right.
One report we received:
“Our account was hacked just over a week ago. We’re still waiting on our bank to finish its ‘investigation’ to get our money back. Unlike what others have reported, we were taken for over $1400.00 on what looks like in-game credits for some game called World War at $160 a transaction and some music. Again, Apple did nothing to help but give the password reset advice and removing of the credit card info.”
The company has sent over a statement saying:
“Most of our games have been on the App Store for over a year. Our games are free to download and play. Like many apps from iTunes, we offer certain virtual goods (like Honor Points) for sale through In-App Purchase. They are an optional part of the game, and serve to enhance various aspects of user experience and game play. In no case do users have to buy points to use our free applications.
We have replied to the comment of the user which you quoted in this post. We do not hack into anyone’s account and we do not use anyone’s account to make purchases.”
There are other App Farms we know of, but no reports of whether or not they have been used for unethical purposes. One example is Brighthouse Labs with 4568 Apps, all virtually worthless.
As I’ve said before, clearly when one developer completely dominates the ranking in a particular category, other app developers suffer but when it happens by means of hacking end users accounts – it’s a serious concern that leaves everyone involved suffering. Developers don’t get the recognition they deserve, users are robbed and left with a poor user experience, while Apple is left with a tarnished brand and a lot of explaining to do.
Why does Apple not have mechanisms in place to detect when previously unpopular apps from the same developer flood the top rankings?
When some apps are left waiting weeks for approval, only to be rejected by Apple for minor objections, how does a company with no website, no description and apps that are literally swarming iTunes escape punishment? More importantly, how has someone managed to hack users’ accounts and left many, we can only assume, unaware they’ve been robbed?
More to follow. If you know of any other companies with similar set-ups on iTunes, do please let us know.