130£ AppStore invoice!?!?

seldNofSparta · 26 Dec 2011 at 21:58

Me and my brother both received ipad2's for Christmas. I purchased/downloaded the real racing 2 hd app for myself and thought it was brilliant. So, being the great older brother I am, I thought I would buy it for him too, I went to his AppStore on his iPad and purchased the app with my card details. I now went to his account Information and checked his app history type thing under 'view my account' and found that there had Been another application purchased for 129.99 and had been charged to my card (the apple Id account apparently stores card information). I had a chat with my brother and he told me that he had not purchased/seen/even heard of the app in question....strange. On his iPad AppStore app it even gives him the opportunity to repurchase the app (as a suppose to the grey faded out 'purchased' icon in place of already purchased/installed apps)

I contacted apple via telephone and they agreed to give a refund but bared my card from being used on AppStore.

I'm well and truly confused, has anybody experienced anything like this before? Have I been 'hacked' or some other fraudulent behaviour?

Thanks

Alpherah · 26 Dec 2011 at 22:05

I might be wrong, but when its showing as you describe isn't it usually an in-app-purchase?

cokecan · 26 Dec 2011 at 22:07

I had something similar happen, though not for anywhere near as much. I had purchased an app (some zip program I think) and installed it, I then noticed that iTunes was trying to download something called GridsGrids. Checked out my iTunes invoices and sure enough there was this random £4 purchase!

Contacted Apple who refunded me and got me to change my passwords. Still no idea what happened? Is it possible for someone to hide malicious code inside an app that auto-buys an app, kinda like an in-app purchase?

Alpherah · 26 Dec 2011 at 22:27

Apple do vet almost every app, but it has been known for the occasional one to sneak through yes.

Xenoxide · 27 Dec 2011 at 19:41

In-app purchases can't be automatically initiated, they always pop up a dialog asking the user to confirm, and if it's been more than 15 minutes since the last in app purchase, it will also ask for a password.

This is standard behaviour. It's possible that some sort of malicious code could be included to bypass this, but I don't see how. (If private API's were being used the approval process picks these up).

Only thing I can thing is that either you or he did it unknowingly, or someone "hacked" the account. Does anyone else know your password?

seldNofSparta · 28 Dec 2011 at 15:23

I didn't give out my details no, maybe I should go to my bank and let them know about this too.