iPhone piracy raising 95%

Member
Posts: 283
Joined: 2006.05
Post: #16
If you use the server delivery product model, your server verifies the transaction receipt with the App Store before delivering whatever is needed to "unlock" the full version. So that adds a little more security against that kind of crack.
Quote this message in a reply
Moderator
Posts: 3,571
Joined: 2003.06
Post: #17
Yeah, that's true. I wasn't even considering the server model, just the built-in model. The server model looks pretty hard to crack in a generalized attack fashion. If the app is just getting content delivered then it can still be cracked and distributed on an app-by-app basis. Network-dependent games are going to be tough to crack though.
Quote this message in a reply
Member
Posts: 81
Joined: 2007.07
Post: #18
Bachus Wrote:I'm seeing pretty large piracy numbers, maybe 50% or more.

I detect if the user is running a pirated copy and disable features, and eventually disable the whole game after enough runs. Anytime they try to use something disabled I pop up a dialog asking them to buy the game with a link to the App Store. Does it work? No clue. Grin

How do you detect if its a pirated copy at runtime?
Quote this message in a reply
Member
Posts: 144
Joined: 2009.11
Post: #19
maximile Wrote:If you use the server delivery product model, your server verifies the transaction receipt with the App Store before delivering whatever is needed to "unlock" the full version. So that adds a little more security against that kind of crack.

All they need is a known good receipt. If they're using the hosts file to fudge certain buy.itunes.apple.com requests (eg. giving a set of known-good receipts to the transaction queue) then they don't even have to modify your app to break it.

IOW, they spoof the buy.itunes.apple.com site locally by redirecting it to localhost and running a cut-down server that passes through most requests to the real site, but on certain requests returns custom doctored results; and instead of sending that user's iTunes receipt list, they send a custom list of known-good receipts (pirated, I would assume). Your app receives these and then submits this known-good receipt to your server. Your server (which doesn't suffer from the hosts file hacking) sends this known good receipt to Apple for validation. Because it's a real receipt, it validates and the file downloads normally.

When I was building my company's (closed, internal, and proprietary, sadly) in-app purchasing server, this is an attack vector I looked at and decided that it just wasn't worth trying to protect against. Maybe there's some SK functionality which would protect against this? Fun, no more work for me. If not, then oh well. Not worth my time protecting against.

IMHO it's not worth worrying about the piracy. If I have 24 hours in a day, I'd rather spend them making my apps better, rather than making them as hard to steal as possible. Which is to say, if there's a cheap and easy thing I can do to make it harder to steal, I'll do it. But if it's taking up a lot of time, I'm inclined to ignore it. PIracy happens, oh well. No point wasting more time (and money) making a mountain out of the molehill.

Everyone's favourite forum lurker!
https://github.com/NSError
Quote this message in a reply
Member
Posts: 26
Joined: 2010.01
Post: #20
Ultimately nothing digital is totally secure, unless you route your players through an online game mode. It's something PC developers learned the hard way, and it's probably the main reason that PC single player games are largely extinct.

However, it's worth noting that the PS3 has survived largely uncracked for a number of years. If you get the security model right at the hardware level, things become a lot more difficult for the hackers. It's just a shame that Apple haven't quite managed it, though I suppose we can always hope for some positive changes on the iPhone.
Quote this message in a reply
Post Reply 

Possibly Related Threads...
Thread: Author Replies: Views: Last Post
  About piracy, web services and subscription payment. riruilo 3 2,773 Feb 28, 2010 02:20 PM
Last Post: AndyKorth
  Why does Apple do nothing against illegal iPhone app piracy? riruilo 33 12,870 May 17, 2009 08:47 AM
Last Post: riruilo