The Mac App Store’s Dirty Little Secret

appstore_download

Apple’s Mac App Store is promoted as a simple solution for installing and managing third party apps on your Mac. On the face of it this would indeed appear to be true, but The Mac App Store is hiding a dirty little secret!

Apple makes some grand claims on their web site:

Thousands of apps. One simple way to get them.

With the Mac App Store built into OS X Lion, getting the apps you want has never been easier. No more boxes, no more discs, no more time-consuming installation. Click once to download and install any app on your Mac.

Keep your apps up to date.

Since developers are constantly improving their apps, the Mac App Store keeps track of your apps and tells you when an update is available. Update one app at a time or all of them at once, and you’ll always have the latest version of every app you own.

That sounds wonderful – but it’s a lie!

Some developers aren’t happy with providing free app updates to existing customers, so they publish updates as a discrete new app. This means that existing customers aren’t able to receive the update without purchasing the app all over again. Even worse the developer sometimes removes the legacy app from the App Store entirely, so it’s not available if you want to re-install it.

Buy, download and even re-download.

You can install apps on every Mac authorised for your personal use, and even download them again. This is especially convenient when you buy a new Mac and want to load it with apps you already own.

Again, not true!

If a developer decides to withdraw an application that you previously purchased from the App Store then it’s gone and there is no mechanism to download it again.

Not Available

I discovered this anomaly after I tried to install an app that I ‘owned’ onto a new Mac. After a bit of head scratching it was apparent that the developer had published a new version of the app just a few months after my purchase. Since I couldn’t re-download my purchased app I took it up with Apple Customer Support..

This is their email response:

I certainly understand how recent difficulties might have been frustrating for you. If I were in your situation, I would definitely feel the same way.

We do want that your experience with iTunes to be pleasant, however, I regret to inform you that your request has been denied. In accordance with the iTunes Store Terms of Sale that you agreed to when you created your iTunes Store account, all sales on the iTunes Store are final. This policy matches Apple’s refund policies and provides protection for copyrighted materials.

Please review the iTunes Store Terms of Sale for more information:
http://www.apple.com/legal/itunes/ww

As mentioned earlier, the iTunes Store is not responsible for the loss of purchases and encourages customers to back up their hard disks regularly. If an item needs to be replaced, you can restore your purchases from the backup and avoid the need to purchase replacement copies of titles from your collection.

Additionally, please make back up copies of your new purchases on a regular basis.

Apple’s recommendation then is that you keep a backup of your purchases! This contradicts The Mac App Store’s advertised capability of facilitating the re-download of apps you already own.

To conclude their email Apple went on to firmly slam the door in my face:

Again, I apologize for any inconvenience you have experienced. Any additional emails from you regarding this issue will not receive a response from iTunes Store Customer Support. Thank you for understanding.

That was not the response I was expecting from Apple’s renowned customer service.

What value are Apple adding to justify taking 30% of the sale price? Not much in my opinion. They aren’t future-proofing your purchases and in my experience their customer support isn’t great either. If you’re given the choice, my advice is to purchase apps direct from the developer instead.

Satellite TV Upgrade Pack?

The image above is of a jiffy bag that I received in the post this morning.

Being the wary soul that I am, I was immediately suspicious of this package and so inspected it in more detail.

On face value it looks like an official upgrade pack, perhaps from the satellite broadcaster BSkyB? They do occasionally update their viewing cards and so this seemed quite likely.

But on closer inspection I spotted this small-print:

This package contains promotional material from Virgin Media.

I should have guessed as much when I saw that it was addressed to “The Occupier”. This is a well known tactic of Virgin Media to stop their tat being classed as addressed mail and thereby sidestepping the Mailing Preference Service. I’ve never been able to shake off Virgin’s junk mail, I don’t think anyone ever has.

So this package isn’t anything to do with satellite TV at all. It’s yet more pointless unsolicited junk mail from Virgin Media.

A quick bit of web searching and I found a recent Advertising Standards Authority (ASA) Adjudication on Virgin Media Limited.

The conclusion of the adjudication was that Virgin Media had breached two Committee of Advertising Practice codes and that their advert was misleading.

The ASA noted the text “This package contains promotional material from Virgin Media” was considerably smaller than the main copy on the front of the envelope, was at 90 degrees to all the other text on the envelope, and was located far to the right of the envelope under a series of reference numbers.  We considered that the combination of those factors meant it was likely to be overlooked by consumers and that consumers would therefore be unaware that the envelope contained promotional material from Virgin.

We noted Virgin considered the text “Please see inside for Legal Stuff” indicated that the envelope contained promotional material.  However, we considered that that statement was unlikely to be understood by consumers to mean that the mailing was a marketing communication. We considered, for instance, that the placement of that statement, combined with the likelihood that consumers might not have noticed the text which identified that the mailing was from Virgin, could lead consumers to think that the envelope contained legal and other information, and possibly technology, from their satellite TV provider which would result in an upgrade to their existing satellite TV package.

We considered the ad did not make clear that it was a marketing communication, or that it was sent with commercial intent, and concluded that it breached the Code.

The ASA adjudication is dated 2nd November 2011, but I received this package today on 16th November 2011.

It looks like Virgin have subtly altered the layout on the envelope and moved the line about it being promotional material, but this doesn’t make it any less misleading.

A complaint to the ASA has been submitted. Let’s see what happens this time!

Update!

The ASA response:

Further to my letter of 21 December, we have now received a response from Virgin Media. They have assured us they will not use the ad or similar ads again and that in future mailings they will make clear that they are marketing communications. We consider that this will resolve the complaint without referring the matter to the ASA Council, and will consequently be closing our file.

In a formal investigation, if the ASA Council decides that an ad is in breach of the Code, the advertisers are told to withdraw or amend it. Because Virgin Media has already assured us that the advertising you complained about has been withdrawn, we consider there is little to be gained from continuing with a formal investigation, which would achieve the same outcome.

So a small victory for the small guy then.

Twitter Typosquatting

I just mistyped twitter.com as twtter.com and was surprised to find that I was redirected to what looked like a Twitter survey / competition page.

The logo at the top of the page is presumably deliberately designed to fool you into thinking that it’s an official Twitter survey:

Congratulations!

You’ve been selected to take part in our short, anonymous 30 second questionnaire. To say “thank you”, you’ll have the opportunity to receive one of our exclusive offers including a Airline Travel Voucher and Win an iPad2. Start this short survey now.

I tried going to twtter.com a few times and was redirected to a number of alternative domains, each with the same fake ‘quiz’:

I got bored of harvesting all the various quiz and survey related domain names (they actually had some really good names), but I collected around 70 and submitted them to the OpenDNS Community tagged as Adware.

Incidentally, if you’re not already using the fantastic OpenDNS service then I highly recommend it.

All Your MMS Are Belong To China

A warning about the GO SMS Pro messaging app in Android Market.

I have discovered that when used in a particular way the app uploads your private MMS image attachments to a public web server in China (gosms.en.3g.cn)

For example, here’s one I sent earlier –

http://gosms.en.3g.cn/D?f=NPQRRMAE200dI_ViaGoSMS

It doesn’t tell you that it’s doing this and the client settings aren’t obvious. Worst of all there is no way to delete images once they have been posted.

Try it for yourself:

  • Open GO SMS Pro and start composing a new message
  • Add some text and then tap on the paperclip icon to add an attachment
  • In the GO tab, tap Pictures and select an image to attach, then tap Send

You’ll see that instead of a true MMS with an embedded image attachment being sent, your image has been uploaded to a Chinese web server and your message now contains a link to it.

If you are using this app in place of your stock messaging client and want to be sure that your images are sent only to the intended recipient, then I strongly urge you to uninstall immediately.

Customer Data Insecurity

In the last couple of weeks I’ve received separate emails from Sega and Travelodge informing me that my personal details have been ‘stolen’ by hackers and may be used in phishing attacks against me. These are just a couple in a long line of examples of well publicised hacks against major online sites.

Actually this likely won’t affect me at all. I have no faith in web sites keeping my personal data safe and don’t trust the security of online retailers at all. My email is delivered via collaborative filtering anti-spam techniques and I rarely see spam nowadays anyway.

I use a different secure password for every web site and never divulge real personal details in online registrations. They don’t have my real date of birth, mother’s maiden name or anything else considered valuable information by the hacker community.

Don’t forget that the retailers have no idea what your real personal details are, so you are perfectly entitled to make up what you want when you register with them. I strongly advise you to invent a pseudo-identity with an alternative date of birth and security credentials. As long as you keep note of what these are then you won’t have a problem with authentication and you won’t be exposed to serious data theft if your details are exposed.

It’s disappointing, but not surprising, that online retailers are being compromised in this way. Despite Travelodge’s claims that their “main priority is to ensure the security of our customers’ data” I don’t imagine that customer data security is at the top of the average retailer’s requirements list when it comes to web site design.

As Travelodge are so fond of saying – “Sleep tight” !

WeWillRipYouOff.com

They have the most banal and irritating advertising campaign ever (which makes goCompare.com look positively award winning!) and now webuyanycar.com has been investigated by the Office of Fair Trading who have taken enforcement action against them over concerns that its online valuations were misleading.

The full investigation can be found on the OFT web site.

We Buy Any Car Limited also has a bit of history with the Advertising Standards Authority …

… and in the national press (this article from The Sun):

CAR sales “specialist” WEBUYANYCAR sacked an employee for paying too much for a motor, the worker has claimed.

He was among dozens of readers who emailed us to complain about the company after it was slammed by regulators last week for ripping off Brits.

The employee, who asked to remain anonymous, claimed colleagues “reset” service warning lights on cars they bought. It meant they could sell them for more at auction.

WeBuyAnyCar yesterday said anyone found doing so would be “dismissed”.

A spokesman added: “We train our buyers to make accurate valuations. Occasionally the buyer proves incapable of the task and we have to let them go.”

Phone "hacking" my arse

I can’t believe the furore over the claims that certain tabloid journalists engaged in what has been ludicrously termed as “phone hacking”. It has even led to the resignation of Andy Coulson, the now ex-Director of Communications at No.10.

The quotes that are coming out of some people are astonishing:

Labour deputy leader Harriet Harman, speaking on Sky News, said: “Hacking into people’s phones is illegal. Obviously the criminal law has got to be complied with and if it is broken then it should be investigated by the police and it should be enforced.

Gordon Brown has asked the police to investigate whether he was the victim of phone hacking, The Independent on Sunday has learnt. Mr Brown has written at least one letter to the Metropolitan Police over concerns that his phone was targeted when he was Chancellor, during the latter stages of Andy Coulson’s reign as editor of the News of the World.

Mr Brown and Mr Blair are the most senior political figures to be linked to the phone-hacking scandal. In September, The IoS revealed that Lord Mandelson’s mobile-phone details and an invoice for research on him were among files seized by police investigating illegal activity by NoW reporters when Mr Coulson was editor. Other Labour figures understood to have been targeted include Lord Prescott, David Blunkett, Tessa Jowell and Chris Bryant.

Now let’s be clear about what this “phone hacking” actually means.

When you setup your mobile account you are generally provided with a voicemail service by your mobile operator. You normally press the voicemail button or dial the voicemail service to listen to your messages, but there is also usually another number you can dial from any phone which allows you to listen to your messages if you don’t have your mobile handset with you.

Obviously when you call from another phone the voicemail service needs to authenticate you in some way, so it does this by asking you to input your secret PIN, much in the same way that you enter your secret PIN when you withdraw cash from a cash machine.

The mobile networks have a default PIN for voicemail accounts and you are prompted to change it the first time you use the voicemail service. Now if you elect not to change your PIN and leave it as the default code, then anyone will be able to listen to your messages. THIS IS NOT HACKING!

Hacking would imply something more involved than simply knowing a persons mobile number and the default voicemail PINs of the UK mobile networks.

The idiot ‘victims’ of this voicemail story should be embarrassed more than anything else. Anyone who is stupid enough to leave their voicemail PIN on the default setting without changing it to something secret is an imbecile, particularly those in the public eye who have something to hide.