Apple today pulled a large number of apps created by a Vietnamese iPhone developer after claims by competitors that he had pushed his software to the top of the bestseller list by purchasing them with stolen credit cards.
All the apps previously sold by Thuat Nguyen have been yanked from the iTunes App Store, according to Apple, which confirmed the developers' suspicions of fraud.
"The developer Thuat Nguyen and his apps were removed from the App Store for violating the developer Program License Agreement, including fraudulent purchase patterns," the company said in a statement it sent to Engadget early Monday. Apple did not reply to a request by Computerworld for further comment.
More than 40 of Nguyen's apps -- described by one iPhone developer as "roughly coded, non-localized Vietnamese comic book apps" -- suddenly shoved aside longstanding popular programs in the e-book category last week, and captured almost all of the top 50 spots in the bestseller list.
That set off alarms with several iPhone developers.
Alexandru Brie, a Romanian iPhone developer and the maker of the 99-cent Self Help Classics e-book app, was immediately suspicious of the quick rise in popularity of Nguyen's software.
Brie's conclusion: The Vietnamese apps had been purchased with credit cards hacked from Apple's iTunes. "It seems people's iTunes accounts have been hacked, with mass purchases of one developer's apps being made using their accounts," Brie wrote on his blog Sunday.
Brie based his speculation on the fact that Nguyen's software, which had previously been invisible on the top download charts, had captured more than 40 of the top 50 spots in the e-book category's bestseller list, that there was no company or support site for Nguyen listed in iTunes, and that there were very few customer reviews of the programs.
The reviews that did exist were from customers who claimed that their iTunes accounts had been hacked and the apps purchased without their authorization.
Another iPhone developer, who asked to remain anonymous, echoed Brie's suspicions.
"This is the first time I've seen anything like this," the developer said in an interview Tuesday. "The App Store is often volatile, but this was very unusual," he added, noting that Nguyen's foreign language apps were suddenly a big hit in the U.S. "There were no reviews of these apps, and the fact that 40 apps from a single developer occupied a block of rankings from 10 to 50 was very suspicious."
In its statement, Apple denied that any hack had taken place. "Developers do not receive any iTunes confidential customer data when an app is downloaded," the company said as it urged customers who suspected that their credit card had been used to buy Nguyen's apps to contact their banks, and to immediately change their iTunes accounts' passwords.
Brie said he had been contacted by Phillip Schiller, Apple's head of product marketing, and told that Apple was investigating. He also estimated Nguyen's take over the last month and a half at more than $1 million.
"A quick estimate -- it takes at least 100 sales/day needed to secure #9 in the top paid books U.S. chart -- multiplied by the $4.99 [that] one app costs and the 41 apps with this behavior, would give us around $20,000/day in 'earnings,'" said Brie in a follow-up blog Monday. "That's at least $1 million [from mid-May], although it might be double of that."
The iPhone developer who asked for anonymity was not as convinced as Brie that iTunes had been hacked. "I think the primary purpose of this was credit card fraud," he said, noting that although there was no hard evidence to pin on Nguyen, the circumstantial evidence was significant. "A by-product was that the [Nguyen] apps were pushed up in the rankings. They got greedy ... this could have gone on much longer."
Nguyen could not be reached for comment.
Brie said there were hints that other similar scams may be operating and questioned why Apple had not noticed the unusual behavior. "I wonder how is it that no one noticed that the top grossing paid books in the U.S. were owned by similar, weirdly named, expensive-yet-strangely-successful Vietnamese apps," he said Sunday.
"This comes down to a simple case of credit card fraud," the nameless developer added. "I don't think it was specific to iTunes. It could have happened to any online system ... iTunes is vulnerable because they have a lot of users."
Gregg Keizer covers Microsoft, security issues, Apple, Web browsers and general technology breaking news for Computerworld. Follow Gregg on Twitter at @gkeizer or subscribe to Gregg's RSS feed . His e-mail address is firstname.lastname@example.org.