• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • "Massive Failure:" Mac App Store Titles Easily Pirated


    Concerns have been raised about Mac App Store security after a simple cut-and-paste workaround was found that defeats copy protection for some paid apps. While many pundits are blaming developers for not following Apple's security guidelines, others are pointing out that the recommendations are complicated and incomplete.

    Just hours after apps began appearing on the Mac App Store yesterday, news emerged that you could get around the copy protection on some apps by exchanging the receipt and signature files with ones from a free app. John Gruber of Daring Fireball said the vulnerability was due to poor programming, saying that "it appears that many apps don't perform any validation whatsoever," and urged Apple to "test for this in the review process, and reject paid apps that are susceptible to this simple technique."

    However, developer Sean Christmann points out that the guidelines call for apps to validate receipts against plaintext data external to the binary itself, located in the Info.plist file. A much better approach, Christmann suggests, would be to validate against values hard-coded into the app. Christmann noted that the "pastebin" workaround not only allowed users to defeat the admittedly-lax security on Angry Birds, but also another paid app he had copied from a friend's computer, in what he called "a massive failure in the implementation of Apple's receipt system."

    Jailbreaking and pirating are two very separate activities that are already too confused in the public's mind, which is why I'm not posting any details about the workaround here. Developers deserve to be paid for their hard work, which is the whole idea behind Cydia as a free market. With pirates gearing up to rip apps off the Mac App Store, developers need to be very cautious to protect their work from unauthorized copying. While following Apple's guidelines is an important first step, efforts can't stop there.

    Source: AppleInsider
    This article was originally published in forum thread: "Massive Failure:" Mac App Store Titles Easily Pirated started by Paul Daniel Ash View original post
    Comments 71 Comments
    1. gthugballin's Avatar
      gthugballin -
      Quote Originally Posted by Raptors View Post
      Wonder how many people did this after reading this thread

      While I don't pirate app store apps, I didn't know about this until I read it on MMI.... so lol now i know, and an easy search i would be able to do it.

      inb4 "omg i hope you become poor and people pirate your food"

      I'm not going to pirate, i'm done with that lol, i even buy.... wait for it..... wait for it... Music... omg.
    1. Darrius777's Avatar
      Darrius777 -
      I wonder how many people complaining about pirating have ever downloaded a song that they didn't pay for or snuck into a movie theater. I'm not saying pirating is right, but I think we have all stollen something in one way or another.
    1. Broomhead's Avatar
      Broomhead -
      The fact that the Appstore is way low on security is legit news
    1. Raptors's Avatar
      Raptors -
      Quote Originally Posted by Broomhead View Post
      The fact that the Appstore is way low on security is legit news
      I'll have to disagree, it might be just me, but this goes against MMi views on piracy.
    1. MacMan24's Avatar
      MacMan24 -
      Got so much free stuff
    1. delusion950's Avatar
      delusion950 -
      my predictions were right.
    1. gthugballin's Avatar
      gthugballin -
      Quote Originally Posted by MacMan24 View Post
      Got so much free stuff
      lol someone made a new name just to get banned.
    1. Bluprint's Avatar
      Bluprint -
      if we are not allowed to talk about pirating then don't post articles regarding it. For many reasons, I don't feel bad for millionaires, likewise I don't feel bad about this neither. I already knew this was going to happen a long time ago.
    1. dq13's Avatar
      dq13 -
      Quote Originally Posted by Broomhead View Post
      The fact that the Appstore is way low on security is legit news
      Very certain, but I think there is no need on describing the "how to"

      Quote Originally Posted by Paul Daniel Ash View Post
      news emerged that you could get around the copy protection on some apps by exchanging the receipt and signature files with ones from a free app.
      plaintext data external to the binary itself, located in the Info.plist file. Christmann noted that the "pastebin" workaround not only allowed users to defeat the admittedly-lax security on Angry Birds, but also another paid app he had copied from a friend's computer
    1. dale2's Avatar
      dale2 -
      Quote Originally Posted by Raptors View Post
      I'll have to disagree, it might be just me, but this goes against MMi views on piracy.
      Quote Originally Posted by Forum rules View Post
      WAREZ

      We do not allow any warez on our boards. Warez includes cracked programs that are supposed to be paid for, bios files for game emulators, games that you have to buy like NES roms, and illegal software.

      Warez posts will be removed as well as the posting user. Do NOT beg for warez on our forums.
      thats pretty clear, dont offer or ask for pirated software, but nothing about discussing pirating and security itself
    1. coolduckey's Avatar
      coolduckey -
      I thought it would just work the same as iTunes. But then again, Apple removed the DRM off songs.
    1. steve-z17's Avatar
      steve-z17 -
      MMI just doesn't want people saying how much stuff they pirate or that you do pirate on the forums, you can go somewhere else to do that.
    1. sziklassy's Avatar
      sziklassy -
      Honestly. no matter how difficult it is to do, people will still get around it. I am neither shocked, nor am I necessarily worried. The people that pirate wouldn't have bought the app anyway, so it probably isn't much real money loss.

      Quote Originally Posted by McMichael96 View Post
      Oh, So I guess the dev of Angry Birds just lost $5 because of you... So he(or she ) spent all that time making an AWESOME app just for you to pirate it?... Hmmm. I hope you become a dev one day and NEVER get paid for it because people pirate your apps...
      Rovio makes millions a month off that app. I am not condoning piracy, but I doubt they are hurting...
    1. Rcworship's Avatar
      Rcworship -
      I agree. I'd guess the vast majority of people with unpaid-for apps wouldn't have purchased them anyways. Sometimes it's just 'cause I can.'
    1. mvhurlburt's Avatar
      mvhurlburt -
      This lazy programming on the part of some devs. Had they followed proper proceadure in validating receipts we wouldn't see this issue, and this is why aren't seeing this issue with many other paid apps. The interwebs have been so quick to coin this as a massive security failure on the part of Apple when the exact opposite is in fact the case. There are a reasons for guidelines as far as DRM is concerned. I really love that people are so quick to jump on Apple's overly-restrictive DRM practices in regards to iTunes, it's also lovely to see the same people who ***** about the iOS App Store's overly restrictive policies in regards to App-approval. So what does Apple do, they loosen things up on the Mac end and give more responsibility to the developer and people cry about that geesh. Since when was it the OS maker's responsibility to create, implement and strictly regulate DRM at the application on desktop platforms. Seriously that has always been the responsibility of 3rd party devs, Hell apple has gone above and beyond by providing recommendations and procedures to secure their apps against pirating. If certain devs choose to either not follow those protocols or develop their own solution they have it coming IMO. I mean seriously what do people want, next thing ya know they'll want a closed platform, requiring a jailbreak, on your desktop!!! Nothing is ever enough for the haters, no matter what apple does it will always be an uber-fail in their eyes!
    1. quidam_brujah's Avatar
      quidam_brujah -
      Quote Originally Posted by Volerikan View Post
      Guess I should think twice before I build anything for the App store
      +1 for that if you want to get paid

      Quote Originally Posted by name00 View Post
      thats how i got Angry Birds on my Mac without paying 5 bucks
      +1 douche

      Quote Originally Posted by feidhlim1986 View Post
      Mods warn us not to talk about piracy or we'll get banned, then the Staff Writers post this...
      Quote Originally Posted by Raptors View Post
      I'll have to disagree, it might be just me, but this goes against MMi views on piracy.
      {dale2 quotes the actual forum rules}
      Quote Originally Posted by dale2 View Post
      thats pretty clear, dont offer or ask for pirated software, but nothing about discussing pirating and security itself
      +1 - thanks! I was starting to get a little annoyed with people not knowing the difference between using MMi to actually pirate (which is against the rules) and discussing the issues surrounding piracy. There are a number of devs who read MMi and this could be useful info to them either on why they shouldn't use the App Store or maybe how to implement their own DRM if they don't want to wait for Apple.

      Quote Originally Posted by Browning151 View Post
      Shouldn't this and the other article about the Mac app store be in the Mac news section instead of the iPhone news section? Or am I missing something?
      +1 - wait -- there's non-iPhone content here???
    1. Stray's Avatar
      Stray -
      Quote Originally Posted by name00 View Post
      thats how i got Angry Birds on my Mac without paying 5 bucks
      Your happy why? 5 bucks and you can't get that. How can you even afford a Mac.
    1. gthugballin's Avatar
      gthugballin -
      Quote Originally Posted by dq13 View Post
      Very certain, but I think there is no need on describing the "how to"
      +1
    1. zoso10's Avatar
      zoso10 -
      Programmers shouldn't take shortcuts to get their app out quicker and I'm assuming that's what these people did. Also, I don't see how the writers are condoning piracy they're just reporting that a lot of security issues are going around with the Mac App Store. Although he did go into a quite a bit of detail on how people are pirating, so who knows what the intentions were... Hahaha
    1. MetallicaFan1991's Avatar
      MetallicaFan1991 -
      This is good news...