Software Testing Blog

This past weekend, Vietnamese developer, Thuat Nguyen, hacked into 400 iTunes accounts to catapult his apps to best seller status. Nguyen accomplished this by buying his own Books apps — using the hacked iTunes accounts — which boosted his app ratings and launched his apps to the top of the list. The result? 42 of Nguyen’s apps were among the ‘Top 50 Books’ and up to $500 was deducted from each iTunes account.

After tracking down Alex Brie, a developer who first discovered the issues, PC World reported:

“After Brie’s calculations, Nguyen would have needed at least 3,000 hacked iTunes accounts to reach the ranking he had on Sunday in the App Store…[and] Brie speculates that to achieve such high ratings for his apps, Nguyen had to hack into Apple’s iTunes servers and skip the normal security steps, or run an automated scripted program.”

According to Engadget, Apple responded last night:

The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns…

I was under the impression that the App Store approval process was brutal. So, how did this rogue developer get through? What additional security measures and tests need to be put into place to prevent account fraud?