• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • "Massive Failure:" Mac App Store Titles Easily Pirated


    Concerns have been raised about Mac App Store security after a simple cut-and-paste workaround was found that defeats copy protection for some paid apps. While many pundits are blaming developers for not following Apple's security guidelines, others are pointing out that the recommendations are complicated and incomplete.

    Just hours after apps began appearing on the Mac App Store yesterday, news emerged that you could get around the copy protection on some apps by exchanging the receipt and signature files with ones from a free app. John Gruber of Daring Fireball said the vulnerability was due to poor programming, saying that "it appears that many apps don't perform any validation whatsoever," and urged Apple to "test for this in the review process, and reject paid apps that are susceptible to this simple technique."

    However, developer Sean Christmann points out that the guidelines call for apps to validate receipts against plaintext data external to the binary itself, located in the Info.plist file. A much better approach, Christmann suggests, would be to validate against values hard-coded into the app. Christmann noted that the "pastebin" workaround not only allowed users to defeat the admittedly-lax security on Angry Birds, but also another paid app he had copied from a friend's computer, in what he called "a massive failure in the implementation of Apple's receipt system."

    Jailbreaking and pirating are two very separate activities that are already too confused in the public's mind, which is why I'm not posting any details about the workaround here. Developers deserve to be paid for their hard work, which is the whole idea behind Cydia as a free market. With pirates gearing up to rip apps off the Mac App Store, developers need to be very cautious to protect their work from unauthorized copying. While following Apple's guidelines is an important first step, efforts can't stop there.

    Source: AppleInsider
    This article was originally published in forum thread: "Massive Failure:" Mac App Store Titles Easily Pirated started by Paul Daniel Ash View original post
    Comments 71 Comments
    1. whereswaldo's Avatar
      whereswaldo -
      When there is software, there will be pirates. The only thing you can do about it is make it harder to pirate, which Apple has failed to do
    1. Mookest's Avatar
      Mookest -
      Quote Originally Posted by STRAYunINFIDEL View Post
      Your happy why? 5 bucks and you can't get that. How can you even afford a Mac.
      lol, It's not about the money. As was posted earlier. True, he should have said that. His ego got in the way. But to explain better, you could not have bought the time and knowledge to have the app without paying. I think the knowledge of the workaround was worth more than having the app for free. I bet if the workaround was sold for $10, it probably would have been bought. Not to condone piracy, I will probably look at the workaround just for the purpose of knowing and understanding that much more about the world of software.
    1. Xenthis's Avatar
      Xenthis -
      Quote Originally Posted by feidhlim1986 View Post
      Why couldn't the App Store app check your installed apps against your Apple ID account purchases. Not saying you would need to be online to use apps, but even if there was a check once a week or something.Dunno how this would account for apps installed via disc or third party websites, but that also can come from the App Store
      Wow. Really. I lost about $100 worth of songs when my iPod died on me... And don't tell me to sync more, I am lazy.
    1. mr117's Avatar
      mr117 -
      I paid $5 for Angry Birds, and all the apps on my phone are legit and paid for. What's the big deal? If you don't pay for apps, they won't make apps (not talking about Adobe or Microsoft, where they trot out a new iteration every year and charge $500+ for it). The little devs deserve the money (not that the devs of Angry Birds are little anymore ). Anyone too cheap to pay for a $.99 app when they are paying $99 a month for an iPhone is a cheap thief in my book. I'm a jailbreaker, not a thief.

      As to the new store, I don't see it as being all that exciting. Much of it seems useless and overpriced. I'm waiting for the Cydia version to open, then we'll hopefully see some interesting tweaks and mods.
    1. BenderRodriguez's Avatar
      BenderRodriguez -
      What I hate is that it admin protects and downloads them to the Applications folder

      There are so many applications already in that folder from apple

      You will never find your app plus it install it onto the Dock which is extremely annoying especially when you have dock lock on through Terminal code cause I'm always accidentally pulling stuff off of my dock

      Make a folder on the Desktop Call it AppStore or whatever Apple dangit

      At this point you can move your games around to a different folder or whatever but the problem would be when updates come out the AppStore might think you delete the app and never tell you that there is an update idk at this point
    1. mr117's Avatar
      mr117 -
      Uh... the Mac OS really wants apps where they belong. If you move them, updates won't find them because they are in the wrong place. This has been the case since 10.0. OS 9 and earlier didn't really care where anything was, but 10 is quite demanding.

      I have no issues with the store, except, as I already stated, it seems a bit overpriced and the apps don't hold much interest for me.

      As to pulling things off the dock by accident.....

      Ya know, you can make a folder of app alias's (just create a new folder in Applications and then put your selected apps in it, then pull into the dock) and open from it. I do that just to speed things up for lesser-used apps. Pretty simple to do.
    1. BenderRodriguez's Avatar
      BenderRodriguez -
      That's true I forgot about creating shortcuts from the applications folder to another folder but think about how hard it will eventually become to find the main apple Apps in the applications folder like Utilities and such
    1. moon#pie's Avatar
      moon#pie -
      Quote Originally Posted by name00 View Post
      thats how i got Angry Birds on my Mac without paying 5 bucks
      Really? I guess posers like you have to save so long before you buy a mac that you can't afford any software. I hope you get robbed at gunpoint. Maybe then you'll realize what you're doing.

      Quote Originally Posted by mr117 View Post
      Uh... the Mac OS really wants apps where they belong. If you move them, updates won't find them because they are in the wrong place. This has been the case since 10.0. OS 9 and earlier didn't really care where anything was, but 10 is quite demanding.

      I have no issues with the store, except, as I already stated, it seems a bit overpriced and the apps don't hold much interest for me.

      As to pulling things off the dock by accident.....

      Ya know, you can make a folder of app alias's (just create a new folder in Applications and then put your selected apps in it, then pull into the dock) and open from it. I do that just to speed things up for lesser-used apps. Pretty simple to do.
      I moved angry birds to my games folder and it updated yesterday. *callsBS*

      As for most apps being to much money, many of those apps have become discounted. PIxelmator is 50% and exclusivly in the app store. Welcome to the world of high quility applications.
    1. nomad707's Avatar
      nomad707 -
      who needs the app store to pirate software anyhow?
    1. thacarta1's Avatar
      thacarta1 -
      Quote Originally Posted by Raptors View Post
      Wonder how many people did this after reading this thread
      Alot!!! Speaking upon the matter spread it lik wildfire! If u didn't want to add to the "whatever u wanna call it," then u shouldnt have written a column about it! U add to the mayhem jus lik posting about jb exploits! It's all sum1s hard wrk at the end of the day! For sum it's money, for sum it the effort! Don't try to exclude urself from the mess while writing the post cuz u jus look dumb! We were bettr off not knowing! #BackwrdsJournalism
    1. Cdaniels0's Avatar
      Cdaniels0 -
      Ugh.
    1. Saved0ne's Avatar
      Saved0ne -
      Quote Originally Posted by dq13 View Post
      this will happen regardless of the security implemented sooner or later. look at the trackers for the iphone, you can get any app for free and if you pay for them, a simple click will crack them and anyone can install them on their device. so it was a matter of time, although it was quite too easy this time
      Very true!
    1. TheJailbreakGenius's Avatar
      TheJailbreakGenius -
      this is just like Apple. Here is there business plan:

      1) Release epic fail
      2) Fix it as slowly as possble for a bajillion dollar company.
      3) Then, at the next event, complement themselves on how much they've grown.

      Quote Originally Posted by thacarta1 View Post
      Alot!!! Speaking upon the matter spread it lik wildfire! If u didn't want to add to the "whatever u wanna call it," then u shouldnt have written a column about it! U add to the mayhem jus lik posting about jb exploits! It's all sum1s hard wrk at the end of the day! For sum it's money, for sum it the effort! Don't try to exclude urself from the mess while writing the post cuz u jus look dumb! We were bettr off not knowing! #BackwrdsJournalism
      good point.
    1. mr117's Avatar
      mr117 -
      Apple hasn't released too many "epic fails." I don't think all the Consumer Reports bs and all the negative press means much of anything when it comes to the actual products. It's sold a kajillion iPhones, and they keep flying out the door. The iPad is an enormous success. Apple's computers sell very well. Is Apple's stuff overpriced? Well, compared to Windows stuff, maybe, but I don't mind paying more for what I perceive to be a better product.

      As a consumer, I make my choices based on a number of parameters, including my previous experience with the company's products. I've never has a "fail" from Apple, the worst I've had is a couple of worn-out HDs and a display failure they fixed for free. That's over more than ten years of using Apple products.

      As to moving slowly, show me any major corporation that can turn on a dime. There are levels upon level of company strata, and no one person who just says, "do this now!" Not Apple, not Dell, not Ford, not G.E., not any of them.

      Every company puts forward its best face and says, "look how much we've improved out product." That's called PR. Hell, you screw up and then do better, YOU do the same thing. Why hold a company to a different standard than that which you hold yourself to?

      Oh, and I agree, writing about the ease of cracking is probably a big mistake. This site should be about modding, not cracking.
    1. awesomeSlayer's Avatar
      awesomeSlayer -
      Quote Originally Posted by name00 View Post
      thats how i got Angry Birds on my Mac without paying 5 bucks
      GTFO!

      Lazy programming...Apple should have spent more time on the Mac App Store's security.

      Quote Originally Posted by feidhlim1986 View Post
      Mods warn us not to talk about piracy or we'll get banned, then the Staff Writers post this...
      Why do people sometimes act like idiots? MMi does not condone piracy. Links and downloads to warez and discussing about piracy (asking where to find warez, etc.) is against these rules, but news about piracy is a different story. Also, admitting to piracy is also against the forum rules and Terms of Service.
    1. Deth chez's Avatar
      Deth chez -
      Well that sucks
    1. Dranon's Avatar
      Dranon -
      No No we all have not. That is the same argument that we heard as teenagers "everyone is doing it" whether that refers to sex or drugs etc etc...

      Quote Originally Posted by Bluprint View Post
      if we are not allowed to talk about pirating then don't post articles regarding it. For many reasons, I don't feel bad for millionaires, likewise I don't feel bad about this neither. I already knew this was going to happen a long time ago.
      Why would anyone feel bad for millionaires???
      But if I was a millionaire or maybe even a thousandaire I would still be pissed that someone was stealing my work! Ultimately it is my decision when I want to stop being paid for my work or take less money ala Steve Jobs
    1. Willsey's Avatar
      Willsey -
      Some people can be so pathetic... As someone said before it's NEWS about piracy and some bad programming from apples side.. That's it.. But instead, we get 40,000 complaints about how one guy admitted hit just ripped software.. Your ******** isn't going to solve a thing..
    1. mr117's Avatar
      mr117 -
      Millionaires are people, too. Maybe the money is not making them happy. Just like someone who gets cosmetic surgery, the underlying issues are always going to be there. We can all desire their lifestyles, but until you walk in someone's shoes...

      As to "I already knew this was going to happen a long time ago," nah, too easy.
    1. moon#pie's Avatar
      moon#pie -
      Actually, this is not Apple's fault. It was developers that did not properly secure their applications (mainly speaking of twitter). Once this gets going in full swing, Apple will force devs to secure their apps to keep other devs safe.

      Quote Originally Posted by Bluprint View Post
      if we are not allowed to talk about pirating then don't post articles regarding it. For many reasons, I don't feel bad for millionaires, likewise I don't feel bad about this neither. I already knew this was going to happen a long time ago.
      Most devs are NOT millionaires. Very few ever reach that status. And if they do, they greatly deserve it.