The Mac App Store’s Dirty Little Secret


Apple’s Mac App Store is promoted as a simple solution for installing and managing third party apps on your Mac. On the face of it this would indeed appear to be true, but The Mac App Store is hiding a dirty little secret!

Apple makes some grand claims on their web site:

Thousands of apps. One simple way to get them.

With the Mac App Store built into OS X Lion, getting the apps you want has never been easier. No more boxes, no more discs, no more time-consuming installation. Click once to download and install any app on your Mac.

Keep your apps up to date.

Since developers are constantly improving their apps, the Mac App Store keeps track of your apps and tells you when an update is available. Update one app at a time or all of them at once, and you’ll always have the latest version of every app you own.

That sounds wonderful – but it’s a lie!

Some developers aren’t happy with providing free app updates to existing customers, so they publish updates as a discrete new app. This means that existing customers aren’t able to receive the update without purchasing the app all over again. Even worse the developer sometimes removes the legacy app from the App Store entirely, so it’s not available if you want to re-install it.

Buy, download and even re-download.

You can install apps on every Mac authorised for your personal use, and even download them again. This is especially convenient when you buy a new Mac and want to load it with apps you already own.

Again, not true!

If a developer decides to withdraw an application that you previously purchased from the App Store then it’s gone and there is no mechanism to download it again.

Not Available

I discovered this anomaly after I tried to install an app that I ‘owned’ onto a new Mac. After a bit of head scratching it was apparent that the developer had published a new version of the app just a few months after my purchase. Since I couldn’t re-download my purchased app I took it up with Apple Customer Support..

This is their email response:

I certainly understand how recent difficulties might have been frustrating for you. If I were in your situation, I would definitely feel the same way.

We do want that your experience with iTunes to be pleasant, however, I regret to inform you that your request has been denied. In accordance with the iTunes Store Terms of Sale that you agreed to when you created your iTunes Store account, all sales on the iTunes Store are final. This policy matches Apple’s refund policies and provides protection for copyrighted materials.

Please review the iTunes Store Terms of Sale for more information:

As mentioned earlier, the iTunes Store is not responsible for the loss of purchases and encourages customers to back up their hard disks regularly. If an item needs to be replaced, you can restore your purchases from the backup and avoid the need to purchase replacement copies of titles from your collection.

Additionally, please make back up copies of your new purchases on a regular basis.

Apple’s recommendation then is that you keep a backup of your purchases! This contradicts The Mac App Store’s advertised capability of facilitating the re-download of apps you already own.

To conclude their email Apple went on to firmly slam the door in my face:

Again, I apologize for any inconvenience you have experienced. Any additional emails from you regarding this issue will not receive a response from iTunes Store Customer Support. Thank you for understanding.

That was not the response I was expecting from Apple’s renowned customer service.

What value are Apple adding to justify taking 30% of the sale price? Not much in my opinion. They aren’t future-proofing your purchases and in my experience their customer support isn’t great either. If you’re given the choice, my advice is to purchase apps direct from the developer instead.

Satellite TV Upgrade Pack?

The image above is of a jiffy bag that I received in the post this morning.

Being the wary soul that I am, I was immediately suspicious of this package and so inspected it in more detail.

On face value it looks like an official upgrade pack, perhaps from the satellite broadcaster BSkyB? They do occasionally update their viewing cards and so this seemed quite likely.

But on closer inspection I spotted this small-print:

This package contains promotional material from Virgin Media.

I should have guessed as much when I saw that it was addressed to “The Occupier”. This is a well known tactic of Virgin Media to stop their tat being classed as addressed mail and thereby sidestepping the Mailing Preference Service. I’ve never been able to shake off Virgin’s junk mail, I don’t think anyone ever has.

So this package isn’t anything to do with satellite TV at all. It’s yet more pointless unsolicited junk mail from Virgin Media.

A quick bit of web searching and I found a recent Advertising Standards Authority (ASA) Adjudication on Virgin Media Limited.

The conclusion of the adjudication was that Virgin Media had breached two Committee of Advertising Practice codes and that their advert was misleading.

The ASA noted the text “This package contains promotional material from Virgin Media” was considerably smaller than the main copy on the front of the envelope, was at 90 degrees to all the other text on the envelope, and was located far to the right of the envelope under a series of reference numbers.  We considered that the combination of those factors meant it was likely to be overlooked by consumers and that consumers would therefore be unaware that the envelope contained promotional material from Virgin.

We noted Virgin considered the text “Please see inside for Legal Stuff” indicated that the envelope contained promotional material.  However, we considered that that statement was unlikely to be understood by consumers to mean that the mailing was a marketing communication. We considered, for instance, that the placement of that statement, combined with the likelihood that consumers might not have noticed the text which identified that the mailing was from Virgin, could lead consumers to think that the envelope contained legal and other information, and possibly technology, from their satellite TV provider which would result in an upgrade to their existing satellite TV package.

We considered the ad did not make clear that it was a marketing communication, or that it was sent with commercial intent, and concluded that it breached the Code.

The ASA adjudication is dated 2nd November 2011, but I received this package today on 16th November 2011.

It looks like Virgin have subtly altered the layout on the envelope and moved the line about it being promotional material, but this doesn’t make it any less misleading.

A complaint to the ASA has been submitted. Let’s see what happens this time!


The ASA response:

Further to my letter of 21 December, we have now received a response from Virgin Media. They have assured us they will not use the ad or similar ads again and that in future mailings they will make clear that they are marketing communications. We consider that this will resolve the complaint without referring the matter to the ASA Council, and will consequently be closing our file.

In a formal investigation, if the ASA Council decides that an ad is in breach of the Code, the advertisers are told to withdraw or amend it. Because Virgin Media has already assured us that the advertising you complained about has been withdrawn, we consider there is little to be gained from continuing with a formal investigation, which would achieve the same outcome.

So a small victory for the small guy then.

Twitter Typosquatting

I just mistyped as and was surprised to find that I was redirected to what looked like a Twitter survey / competition page.

The logo at the top of the page is presumably deliberately designed to fool you into thinking that it’s an official Twitter survey:


You’ve been selected to take part in our short, anonymous 30 second questionnaire. To say “thank you”, you’ll have the opportunity to receive one of our exclusive offers including a Airline Travel Voucher and Win an iPad2. Start this short survey now.

I tried going to a few times and was redirected to a number of alternative domains, each with the same fake ‘quiz’:

I got bored of harvesting all the various quiz and survey related domain names (they actually had some really good names), but I collected around 70 and submitted them to the OpenDNS Community tagged as Adware.

Incidentally, if you’re not already using the fantastic OpenDNS service then I highly recommend it.

All Your MMS Are Belong To China

A warning about the GO SMS Pro messaging app in Android Market.

I have discovered that when used in a particular way the app uploads your private MMS image attachments to a public web server in China (

For example, here’s one I sent earlier –

It doesn’t tell you that it’s doing this and the client settings aren’t obvious. Worst of all there is no way to delete images once they have been posted.

Try it for yourself:

  • Open GO SMS Pro and start composing a new message
  • Add some text and then tap on the paperclip icon to add an attachment
  • In the GO tab, tap Pictures and select an image to attach, then tap Send

You’ll see that instead of a true MMS with an embedded image attachment being sent, your image has been uploaded to a Chinese web server and your message now contains a link to it.

If you are using this app in place of your stock messaging client and want to be sure that your images are sent only to the intended recipient, then I strongly urge you to uninstall immediately.

Customer Data Insecurity

In the last couple of weeks I’ve received separate emails from Sega and Travelodge informing me that my personal details have been ‘stolen’ by hackers and may be used in phishing attacks against me. These are just a couple in a long line of examples of well publicised hacks against major online sites.

Actually this likely won’t affect me at all. I have no faith in web sites keeping my personal data safe and don’t trust the security of online retailers at all. My email is delivered via collaborative filtering anti-spam techniques and I rarely see spam nowadays anyway.

I use a different secure password for every web site and never divulge real personal details in online registrations. They don’t have my real date of birth, mother’s maiden name or anything else considered valuable information by the hacker community.

Don’t forget that the retailers have no idea what your real personal details are, so you are perfectly entitled to make up what you want when you register with them. I strongly advise you to invent a pseudo-identity with an alternative date of birth and security credentials. As long as you keep note of what these are then you won’t have a problem with authentication and you won’t be exposed to serious data theft if your details are exposed.

It’s disappointing, but not surprising, that online retailers are being compromised in this way. Despite Travelodge’s claims that their “main priority is to ensure the security of our customers’ data” I don’t imagine that customer data security is at the top of the average retailer’s requirements list when it comes to web site design.

As Travelodge are so fond of saying – “Sleep tight” !