1. Paul Daniel Ash's Avatar


    Concerns have been raised about Mac App Store security after a simple cut-and-paste workaround was found that defeats copy protection for some paid apps. While many pundits are blaming developers for not following Apple's security guidelines, others are pointing out that the recommendations are complicated and incomplete.

    Just hours after apps began appearing on the Mac App Store yesterday, news emerged that you could get around the copy protection on some apps by exchanging the receipt and signature files with ones from a free app. John Gruber of Daring Fireball said the vulnerability was due to poor programming, saying that "it appears that many apps don't perform any validation whatsoever," and urged Apple to "test for this in the review process, and reject paid apps that are susceptible to this simple technique."

    However, developer Sean Christmann points out that the guidelines call for apps to validate receipts against plaintext data external to the binary itself, located in the Info.plist file. A much better approach, Christmann suggests, would be to validate against values hard-coded into the app. Christmann noted that the "pastebin" workaround not only allowed users to defeat the admittedly-lax security on Angry Birds, but also another paid app he had copied from a friend's computer, in what he called "a massive failure in the implementation of Apple's receipt system."

    Jailbreaking and pirating are two very separate activities that are already too confused in the public's mind, which is why I'm not posting any details about the workaround here. Developers deserve to be paid for their hard work, which is the whole idea behind Cydia as a free market. With pirates gearing up to rip apps off the Mac App Store, developers need to be very cautious to protect their work from unauthorized copying. While following Apple's guidelines is an important first step, efforts can't stop there.

    Source: AppleInsider
    2011-01-07 07:03 PM
  2. Volerikan's Avatar
    Guess I should think twice before I build anything for the App store
    2011-01-07 07:11 PM
  3. name00's Avatar
    thats how i got Angry Birds on my Mac without paying 5 bucks
    2011-01-07 07:24 PM
  4. feidhlim1986's Avatar
    Mods warn us not to talk about piracy or we'll get banned, then the Staff Writers post this...
    2011-01-07 07:28 PM
  5. Rob2G's Avatar
    thats how i got Angry Birds on my Mac without paying 5 bucks
    I hope you get banned.
    2011-01-07 07:29 PM
  6. JedixJarf's Avatar
    Who DIDNT see that coming?
    2011-01-07 07:53 PM
  7. Daerid's Avatar
    Guess I should think twice before I build anything for the App store
    Or follow the guideline...

    thats how i got Angry Birds on my Mac without paying 5 bucks
    And you're proud of this that you want to announce it to the world? Sad...
    2011-01-07 07:55 PM
  8. Broomhead's Avatar
    Mods warn us not to talk about piracy or we'll get banned, then the Staff Writers post this...
    we're on it
    2011-01-07 07:56 PM
  9. n00neimp0rtant's Avatar
    For a model like the App Store, devs should not be responsible for securing their apps; DRM and protection should be handled by Apple. What is that 30% going towards, anyway?
    2011-01-07 08:14 PM
  10. bimmercub's Avatar
    Advertisement and transaction processing fees.
    2011-01-07 08:40 PM
  11. Jay Marcase's Avatar
    For a model like the App Store, devs should not be responsible for securing their apps; DRM and protection should be handled by Apple. What is that 30% going towards, anyway?
    Mmmm...maybe keeping the store runnin perhaps?
    2011-01-07 08:41 PM
  12. dq13's Avatar
    this will happen regardless of the security implemented sooner or later. look at the trackers for the iphone, you can get any app for free and if you pay for them, a simple click will crack them and anyone can install them on their device. so it was a matter of time, although it was quite too easy this time
    2011-01-07 08:42 PM
  13. hollow0's Avatar
    "cydia as a free market" should be corrected to "open". Not all is free and can confuse certain people that are not tech savvy with this type of information.

    For a model like the App Store, devs should not be responsible for securing their apps; DRM and protection should be handled by Apple. What is that 30% going towards, anyway?
    Probably hosting and paying their reviewers.
    Last edited by hollow0; 2011-01-07 at 08:44 PM. Reason: Automerged Doublepost
    2011-01-07 08:44 PM
  14. Zeal's Avatar
    arrrrim a pirate
    EDM
    2011-01-07 08:48 PM
  15. feidhlim1986's Avatar
    Why couldn't the App Store app check your installed apps against your Apple ID account purchases. Not saying you would need to be online to use apps, but even if there was a check once a week or something.Dunno how this would account for apps installed via disc or third party websites, but that also can come from the App Store
    2011-01-07 08:50 PM
  16. Browning151's Avatar
    Shouldn't this and the other article about the Mac app store be in the Mac news section instead of the iPhone news section? Or am I missing something?
    2011-01-07 08:50 PM
  17. LordBrian's Avatar
    I have a paid app in the app store but chose not to add drm, if your going to pirate my app drm isn't going to stop you.
    2011-01-07 08:56 PM
  18. McMichael96's Avatar
    thats how i got Angry Birds on my Mac without paying 5 bucks
    Oh, So I guess the dev of Angry Birds just lost $5 because of you... So he(or she ) spent all that time making an AWESOME app just for you to pirate it?... Hmmm. I hope you become a dev one day and NEVER get paid for it because people pirate your apps...
    I like apple stuff.
    If you see the username "McMichael96" anywhere, it's probably me.
    2011-01-07 09:04 PM
  19. Raptors's Avatar
    Wonder how many people did this after reading this thread
    2011-01-07 09:08 PM
  20. feidhlim1986's Avatar
    I have a paid app in the app store but chose not to add drm, if your going to pirate my app drm isn't going to stop you.
    Very unfortunate but also very true. No amount of DRM is going to stop someone who doesn't want to pay for software.
    Hope your App sells well.
    2011-01-07 09:09 PM
72 123 ...
LINK TO POST COPIED TO CLIPBOARD