• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • "Massive Failure:" Mac App Store Titles Easily Pirated


    Concerns have been raised about Mac App Store security after a simple cut-and-paste workaround was found that defeats copy protection for some paid apps. While many pundits are blaming developers for not following Apple's security guidelines, others are pointing out that the recommendations are complicated and incomplete.

    Just hours after apps began appearing on the Mac App Store yesterday, news emerged that you could get around the copy protection on some apps by exchanging the receipt and signature files with ones from a free app. John Gruber of Daring Fireball said the vulnerability was due to poor programming, saying that "it appears that many apps don't perform any validation whatsoever," and urged Apple to "test for this in the review process, and reject paid apps that are susceptible to this simple technique."

    However, developer Sean Christmann points out that the guidelines call for apps to validate receipts against plaintext data external to the binary itself, located in the Info.plist file. A much better approach, Christmann suggests, would be to validate against values hard-coded into the app. Christmann noted that the "pastebin" workaround not only allowed users to defeat the admittedly-lax security on Angry Birds, but also another paid app he had copied from a friend's computer, in what he called "a massive failure in the implementation of Apple's receipt system."

    Jailbreaking and pirating are two very separate activities that are already too confused in the public's mind, which is why I'm not posting any details about the workaround here. Developers deserve to be paid for their hard work, which is the whole idea behind Cydia as a free market. With pirates gearing up to rip apps off the Mac App Store, developers need to be very cautious to protect their work from unauthorized copying. While following Apple's guidelines is an important first step, efforts can't stop there.

    Source: AppleInsider
    This article was originally published in forum thread: "Massive Failure:" Mac App Store Titles Easily Pirated started by Paul Daniel Ash View original post
    Comments 71 Comments
    1. Volerikan's Avatar
      Volerikan -
      Guess I should think twice before I build anything for the App store
    1. name00's Avatar
      name00 -
      thats how i got Angry Birds on my Mac without paying 5 bucks
    1. feidhlim1986's Avatar
      feidhlim1986 -
      Mods warn us not to talk about piracy or we'll get banned, then the Staff Writers post this...
    1. Rob2G's Avatar
      Rob2G -
      Quote Originally Posted by name00 View Post
      thats how i got Angry Birds on my Mac without paying 5 bucks
      I hope you get banned.
    1. JedixJarf's Avatar
      JedixJarf -
      Who DIDNT see that coming?
    1. Daerid's Avatar
      Daerid -
      Quote Originally Posted by Volerikan View Post
      Guess I should think twice before I build anything for the App store
      Or follow the guideline...

      Quote Originally Posted by name00 View Post
      thats how i got Angry Birds on my Mac without paying 5 bucks
      And you're proud of this that you want to announce it to the world? Sad...
    1. Broomhead's Avatar
      Broomhead -
      Quote Originally Posted by feidhlim1986 View Post
      Mods warn us not to talk about piracy or we'll get banned, then the Staff Writers post this...
      we're on it
    1. n00neimp0rtant's Avatar
      n00neimp0rtant -
      For a model like the App Store, devs should not be responsible for securing their apps; DRM and protection should be handled by Apple. What is that 30% going towards, anyway?
    1. bimmercub's Avatar
      bimmercub -
      Advertisement and transaction processing fees.
    1. Jay Marcase's Avatar
      Jay Marcase -
      Quote Originally Posted by n00neimp0rtant View Post
      For a model like the App Store, devs should not be responsible for securing their apps; DRM and protection should be handled by Apple. What is that 30% going towards, anyway?
      Mmmm...maybe keeping the store runnin perhaps?
    1. dq13's Avatar
      dq13 -
      this will happen regardless of the security implemented sooner or later. look at the trackers for the iphone, you can get any app for free and if you pay for them, a simple click will crack them and anyone can install them on their device. so it was a matter of time, although it was quite too easy this time
    1. hollow0's Avatar
      hollow0 -
      "cydia as a free market" should be corrected to "open". Not all is free and can confuse certain people that are not tech savvy with this type of information.

      Quote Originally Posted by n00neimp0rtant View Post
      For a model like the App Store, devs should not be responsible for securing their apps; DRM and protection should be handled by Apple. What is that 30% going towards, anyway?
      Probably hosting and paying their reviewers.
    1. Zeal's Avatar
      Zeal -
      arrrrim a pirate
    1. feidhlim1986's Avatar
      feidhlim1986 -
      Why couldn't the App Store app check your installed apps against your Apple ID account purchases. Not saying you would need to be online to use apps, but even if there was a check once a week or something.Dunno how this would account for apps installed via disc or third party websites, but that also can come from the App Store
    1. Browning151's Avatar
      Browning151 -
      Shouldn't this and the other article about the Mac app store be in the Mac news section instead of the iPhone news section? Or am I missing something?
    1. LordBrian's Avatar
      LordBrian -
      I have a paid app in the app store but chose not to add drm, if your going to pirate my app drm isn't going to stop you.
    1. McMichael96's Avatar
      McMichael96 -
      Quote Originally Posted by name00 View Post
      thats how i got Angry Birds on my Mac without paying 5 bucks
      Oh, So I guess the dev of Angry Birds just lost $5 because of you... So he(or she ) spent all that time making an AWESOME app just for you to pirate it?... Hmmm. I hope you become a dev one day and NEVER get paid for it because people pirate your apps...
    1. Raptors's Avatar
      Raptors -
      Wonder how many people did this after reading this thread
    1. feidhlim1986's Avatar
      feidhlim1986 -
      Quote Originally Posted by LordBrian View Post
      I have a paid app in the app store but chose not to add drm, if your going to pirate my app drm isn't going to stop you.
      Very unfortunate but also very true. No amount of DRM is going to stop someone who doesn't want to pay for software.
      Hope your App sells well.
    1. riverratt's Avatar
      riverratt -
      Quote Originally Posted by feidhlim1986 View Post
      Mods warn us not to talk about piracy or we'll get banned, then the Staff Writers post this...
      Apples and oranges.
      Mind the pun.