• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • "Massive Failure:" Mac App Store Titles Easily Pirated


    Concerns have been raised about Mac App Store security after a simple cut-and-paste workaround was found that defeats copy protection for some paid apps. While many pundits are blaming developers for not following Apple's security guidelines, others are pointing out that the recommendations are complicated and incomplete.

    Just hours after apps began appearing on the Mac App Store yesterday, news emerged that you could get around the copy protection on some apps by exchanging the receipt and signature files with ones from a free app. John Gruber of Daring Fireball said the vulnerability was due to poor programming, saying that "it appears that many apps don't perform any validation whatsoever," and urged Apple to "test for this in the review process, and reject paid apps that are susceptible to this simple technique."

    However, developer Sean Christmann points out that the guidelines call for apps to validate receipts against plaintext data external to the binary itself, located in the Info.plist file. A much better approach, Christmann suggests, would be to validate against values hard-coded into the app. Christmann noted that the "pastebin" workaround not only allowed users to defeat the admittedly-lax security on Angry Birds, but also another paid app he had copied from a friend's computer, in what he called "a massive failure in the implementation of Apple's receipt system."

    Jailbreaking and pirating are two very separate activities that are already too confused in the public's mind, which is why I'm not posting any details about the workaround here. Developers deserve to be paid for their hard work, which is the whole idea behind Cydia as a free market. With pirates gearing up to rip apps off the Mac App Store, developers need to be very cautious to protect their work from unauthorized copying. While following Apple's guidelines is an important first step, efforts can't stop there.

    Source: AppleInsider
    This article was originally published in forum thread: "Massive Failure:" Mac App Store Titles Easily Pirated started by Paul Daniel Ash View original post
    Comments 71 Comments
    1. smsjrtato's Avatar
      smsjrtato -
      Quote Originally Posted by moon#pie View Post
      Actually, this is not Apple's fault. It was developers that did not properly secure their applications (mainly speaking of twitter). Once this gets going in full swing, Apple will force devs to secure their apps to keep other devs safe.


      Most devs are NOT millionaires. Very few ever reach that status. And if they do, they greatly deserve it.
      This is off topic but your sig made me laugh. jaja
    1. EskimoRuler's Avatar
      EskimoRuler -
      Quote Originally Posted by quidam_brujah View Post
      +1 - thanks! I was starting to get a little annoyed with people not knowing the difference between using MMi to actually pirate (which is against the rules) and discussing the issues surrounding piracy. There are a number of devs who read MMi and this could be useful info to them either on why they shouldn't use the App Store or maybe how to implement their own DRM if they don't want to wait for Apple.
      exactly. This was not a how-to guide on pirating the apps, just info on what's going on. Sad to hear people are to cheap to buy a 5 dollar game for there $1000 and up Mac
    1. jasvncnt10's Avatar
      jasvncnt10 -
      I don't think its about being too cheap to buy an app. Can you tell me you have never borrowed a friends tape, CD, DVD movie to make a copy for yourself....or how many have ever had chips in the PS or Xbox to play copied games...
    1. ajl917's Avatar
      ajl917 -
      Quote Originally Posted by DRFP View Post
      I know I posted some quotes from an article talking about something that I found out was like this.........I was asking about it because one of the apps was claiming many people are stealing...

      I did not know it was about this instead the mod just said it was and closed the thread.... if its not telling how or where then whats the harm in free discussion? I don't get it.
      Check your PM's
    1. II WIZZLE II's Avatar
      II WIZZLE II -
      Quote Originally Posted by Jay Marcase View Post
      Mmmm...maybe keeping the store runnin perhaps?
      Ha ha ha, you think it cost millions upon millions of dollars a year to run the app store? Your obviously very intelligent. Tell me more please
    1. II WIZZLE II's Avatar
      II WIZZLE II -
      Quote Originally Posted by dale2 View Post
      thats pretty clear, dont offer or ask for pirated software, but nothing about discussing pirating and security itself
      I find this forums policy on warez quite funny. They do not support pirating because it's illegal while they have supported jailbreaking for over three years even while the legality of it was being debated by apple, which wouldnt have made it illegal per say but it would put it in a gray area where it could have been made illegal. If it had would those of you who had jailbroken iphones restored them? If it had been made illegal would you have complied and not jailbroken anymore? My point is moot now since the bill stating jailbreaking is legal has been in effect for a while but still. Besides the legality of it what's the difference between jailbreaking and pirating? In basic terms you are doing something that the creator of the product wishes you not too. I just thought it was kinda funny.
    1. Simon's Avatar
      Simon -
      One is stealing and one is modifying a device to add features that Apple may have left out or restricts. Pretty clear cut difference if you ask me.
    1. Cowboy's Avatar
      Cowboy -
      Quote Originally Posted by II WIZZLE II View Post
      I find this forums policy on warez quite funny. They do not support pirating because it's illegal while they have supported jailbreaking for over three years even while the legality of it was being debated by apple, which wouldnt have made it illegal per say but it would put it in a gray area where it could have been made illegal. If it had would those of you who had jailbroken iphones restored them? If it had been made illegal would you have complied and not jailbroken anymore? My point is moot now since the bill stating jailbreaking is legal has been in effect for a while but still. Besides the legality of it what's the difference between jailbreaking and pirating? In basic terms you are doing something that the creator of the product wishes you not too. I just thought it was kinda funny.
      Pirating is stealing jailbreaking is gaining root access to your device making it your own and being able to customize it and add features to it that apple does not allow. Once again pirating is scamming and ripping people off that work hard to develop apps for the app store, music, and even Cydia app or tweak developers. Pirating is not supported here

      If you don't agree with the rules mmi sets please go to another forum.
    1. mr117's Avatar
      mr117 -
      Let's see... one is stealing something from someone, and the other is simply changing the way something looks. Yep, they're the same. I come in your house and steal your tv, or I redecorate my house. Yep, they're the same. I steal a painting off of your wall, or I buy a painting by you and I draw a mustache on it. Yep, they're the same.

      Jailbreaking has never been illegal. Apple can say whatever it wants, it does not write bills or sign them into law.

      There have never been any laws on the books against jailbreaking. Stealing someone's work is on the books as a crime. And now, jailbreaking is officially legal and Apple is continuing to make it difficult. It does have the right to make its firmware however it wants, but the first time Apple announces it has purposely stymied jailbreaking, court time!
    1. jasvncnt10's Avatar
      jasvncnt10 -
      Huh?
    1. smoelge's Avatar
      smoelge -
      I don't know what the big deal is.
      Sooner or later there was going to be the same app piracy as on the iphone. And as macs aren't sandboxed there wasn't much apple could do about it.

      Cheers
      smoel