App Store Breach Raises Security Concerns

2
789

appleADOTAS – Last week, a smartphone security software firm released an inflammatory report suggesting that a fifth of the apps in the Android Market collect data that could be used for evildoing by evildoers. The media picked up on it, but failed to note (at first) that 1) apps need permission to access such data and 2) SMobile Systems had deep ties with AT&T, which you may have heard is the exclusive carrier of the iPhone and doesn’t offer any competitive Android phones.

Instead yelling “Smoke!” when there’s no fire, perhaps SMobile should be looking closer to home: Apple announced that Vietnam-based developer Thuat Nguyen had been booted from the App Store along with his apps after he took 42 of the top 50 rankings in the eBooks category over the holiday weekend — though most of them were spurious titles, and almost all in Vietnamese.

Apparently 400 iTunes accounts were hacked and used to buy Nguyen’s “works.” Though Apple said in a release that Nguyen had violated the developer license agreement “including fraudulent purchases,” the company is mum to admit actual fraud occurred.

“Developers do not receive any iTunes confidential customer data when an app is downloaded,” Apple made sure to comment.

Of course, that was followed by a paragraph telling users whose credit card numbers of iTunes passwords to call their financial institutions immediately. To further allay concerns, apparently Apple is going to ask for credit card CCV verification more often.

But how did Nguyen get into those 400 iTunes accounts? That may be a small percentage of iTunes accounts, but it certainly raises great security concerns. And while the App Store may have been breached this time, similar safety questions need to be examined regarding the Android Market.

2 COMMENTS

  1. Is it possible this is just the tip of the iceberg, or the start of a new wave? This guy was, effectively, an amateur. It is well known organised crime syndicates in Russia hired many ex-KGB hackers in the 1990’s and built a super-computer center somewhere. Online fraud now produces more money for organised crime than the drug industry. By building iTunes and the AppStore Apple concentrated vast amounts of credit card data into one convenient location for easy hacker access and positioned themselves for a massive security war with the world’s best hackers. Apple customers are now trusting Apple to protect them with a system an amateur can hack. If Apple had allowed other companies to sell into iPhone and iPod this data would not be concentrated in a single location behind a single security wall, but would be spread across thousands of locations with many different security systems. Even if Apple hired the best security specialists on the planet, they couldn’t keep hackers out with 100% perfection – no security system is perfect. Apple may well have built the world’s most attractive target for professional hacking.
    The question for Apple customers is now risk vs convenience. Do you trust Apple to be completely open about breaches, to notify people in time, and to refund your money quickly and without hassle if it’s stolen?

  2. It’s audacious for Adotas to accuse a security firm for releasing an inflammatory report when this blog post itself is sensational. “App Store Breach” and “iTunes accounts were hacked” imply incorrectly that Apple has a serious security problem. The reality is that someone guessed and/or stole the Apple or AOL ID and Passwords of 400 iTunes customers (who chose to save their payment information so they wouldn’t have to reenter it again for future purchases). The wrongdoers did not gain access to any credit card or other sensitive personal information. It’s specious to completely fault Apple for this incident, and even more wrong to compare it to the threat of Android malware.

LEAVE A REPLY

Please enter your comment!
Please enter your name here