The story of hacked iTunes accounts, stolen money, rouge developers and scammy app farms that came out over the holiday weekend is scary enough. But seeing all these reports makes me wonder exactly how this happened in the first place given that Apple is supposed to have pretty tight control over what goes in the app store. The person responsible for this weekend's shenanigans is now gone (maybe for good), but the overall problem remains.
This is what we know so far: this weekend, several iTunes accounts were hacked and used to purchase apps for the purpose of raising their rankings. The Next Web posted that users are reporting charges to their accounts ranging from $100 to $1,400. The developer responsible for this, Thuat Nguyen, has been kicked off the app store, but it's unclear whether he will face any legal repercussions as he resides in Asia.
Apple's official response is to suggest that users change their iTunes password immediately, cancel their credit card if they were affected, and see if their financial institutions will cancel the fraudulent charges. That's not terribly reassuring, but probably the best first step right now. Be sure to check your app purchase statements to see if there are any apps that you didn't buy.
The real problem is that Thuat Nguyen is not that only developer to run this scam. According to Zee at The Next Web, this fraudulent activity didn't just start this weekend, it's been going on for at least 4 weeks and possibly since last year. And other "App Farms" in the app store haven't been removed even though it's apparently easy to tell which of these apps are just fronts by doing something as simple as visiting the links provided by the developers as they lead to non-existent pages. Another trademark appears to be low-quality images for the icons.
The question that immediately leaps to mind is: how did Apple let this happen? The approval process for the app store is already notorious for keeping out the likes of Google Voice, Skype, and dirty smut like James Joyce's Ulysses, so why can't the people involved spot these scam developers? Shouldn't the approval process involve going to the developer websites listed in the app at the very least?
It also appears that iTunes users have left comments on app farm apps that label them as fake or fraudulent. Though I don't expect Apple to keep track of every single comment or rating left on the thousands of apps in the store, wouldn't it be prudent to set up an alert when a user calls an app fake or explicitly says that the developer stole money? Of course users should report these incidents, too, but Apple needs to keep on top of this stuff themselves.
Instead of worrying over exposed breasts, Apple needs to evaluate the proliferation of useless apps in the iTunes store as it seems that they're breeding grounds for shady behavior. Zee is compiling a list here which is bound to grow. Hopefully the company will start there.
In the meantime, I'd follow Zee's suggestion and remove your credit card information from iTunes and just use gift cards, instead.