Apple has since pulled the rogue apps from iTunes. The scam appears to have only affected only a few hundred users. Apple has since issued a public statement posted first by Engadget admitting to the shenanigans:
The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns.
Developers do not receive any iTunes confidential customer data when an app is downloaded.
If your credit card or iTunes password is stolen and used on iTunes we recommend that you contact your financial institution and inquire about canceling the card and issuing a chargeback for any unauthorized transactions. We also recommend that you change your iTunes account password immediately. For more information on best practices for password security visit http://www.apple.com/support/itunes. – Apple statement via Engadget
This iTunes hack highlights how even Apple’s well-curated App Store can be susceptible to rogue developers.
The good news, however, is that it’s relatively easy to guard against fraud and identity theft scams in iTunes. In fact, it can all be boiled down to three easy steps:
Know your developer
Active developer Websites aren’t just a security concern either; if something goes wrong with your application you will have no way to contact the developer for help. It also suggests that you won’t be seeing any updates to the application over the long term, which could eventually leave you with an outdated and broken application.
Monitor your iTunes Account
The best way to guard against identity theft on iTunes is to periodically check your iTunes account. To do this, open iTunes and select Store>View My Account. You’ll be prompted for your iTunes password, and then taken to your main account page. From there, select “Purchase History” to view your most recent app purchases arranged by the date they were charged to your account. If you think there’s a problem with any of your purchases, just click on the date in question to get a detailed breakdown of the applications you were charged for that day.
If you believe you were wrongly charged for an application, click on the “Report a Problem” button found at the bottom of every Purchase History page. You can also use Apple’s support site to e-mail the company by clicking on iTunes Store Account and Billing>Billing Inquiries>Email us. Also, make sure you report any suspicious activity on your credit card to your bank or credit card provider as soon as possible.
It’s also a good idea to change your iTunes password and make sure you use a combination of letters, numbers and special characters. For more information on best practices for passwords, check out PCWorld’s “Creating Secure Passwords You Can Remember.”
Watch Out for In App Purchases
Even if an application is legitimate, keep your eye on the cost of in-app purchases for each application you use. There are many iPhone apps that charge exorbitant prices for additional content or virtual goods. This is especially true for iPhone games. Gaming company Storm8, for example, offers a game called iMobsters, where you can purchase favor points that can be used to help you progress through the game. The top bundle of iMobsters favor points costs $150. There are many other games that also offer high-priced point bundles that can be exchanged for virtual goods including the aquarium game Tap Fish by BayViewLabs and Zynga’s Farmville.
Although these games are pretty clear about the cost of their in-game purchases, at $50-$150 a pop it only takes a few inadvertent taps to end up with a sizable iTunes bill.
Overall, the iTunes App Store is a relatively safe environment to make electronic purchases, especially when you compare it to some of the malware problems Google’s Android Marketplace has had. Nevertheless, even the most stringent security measures are no replacement for your own vigilance and common sense.
Connect with Ian on Twitter (@ianpaul).