Imagine you’re a developer, who has decided to try to make your fortune selling apps on Apple’s iOS App or Mac App store.
One thing that is obviously important is to have an easy way to upload new versions of your app so the guardians of Apple’s walled garden can cast their eyes over and (hopefully) grant approval for your software to be made available. Also, you will want a way of tracking sales and income.
Naturally, Apple has developed a system for precisely this purpose – it’s called iTunes Connect. And, quite rightly, Apple requires developers to enter their username and password to access their iTunes Connect accounts.
After all, you wouldn’t want a stranger having the ability to delete your apps, or upload bogus version of your apps, or peruse your sales graph, would you?
No, I doubt you would.
But, unfortunately, multiple iOS and Mac App Store developers have reported that that when they tried to log into iTunes Connect they were not taken to their own account, but that of a completely random *other* developer.
Whether unauthorised users would have been able to see financial reports, or delete apps from iTunes Connect is unclear (some are reporting that the privacy breach only showed developers’ names and the names of their apps rather than more sensitive information) but it hardly instils confidence that Apple knows what it is doing.
The fact is, for a while it would have been a case of Russian Roulette whether your developer account was accessed by a complete stranger.
According to Apple’s System Status page, both iTunes Connect and Test Flight (a service which allowed for new apps to be uploaded and to manage the invitation of testers) have now been restored to normal working order.
Of course, this isn’t the first time that Apple has been caught with its trousers down when it comes to its online services for developers. In 2013, for instance, the Apple Developers Center was down for some days following a hack.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.