Developer frustrated that Apple grants Game Center support to pirated iOS apps

123457

Comments

  • Reply 121 of 145
    OMG. The iPod plays unlicensed MP3 and AACS files. Therefore, Apple supports piracy. Let's light torches and march on the castle gates in Cupertino.
  • Reply 122 of 145
    qualiaqualia Posts: 73member
    Quote:
    Originally Posted by DocNo42 View Post


    That's why you can rent it now.



    And yet the majority of people are still probably pirating it or lying about being students



    Face it, pirates are assholes. Like drug addicts, they will rationalize and come up with a million reasons why their bad behavior isn't bad or is at least neutral (Well, I wasn't going to buy it anyway therefor they really aren't out anything anyway and your just being a dick for calling me a thief!).



    It's still theft and it's still wrong. If you don't like the cost of something, go create your own alternative. There is no moral imperative to use someone else's stuff for free just because you don't agree with their wishes.



    Selfish thieves....



    Indeed. Who are they trying to convince? I'd have more respect if they just said: "I want it but I don't want to pay for it, so I'm not gonna." At least that's honest. Seriously, the old App Store reviews that were all "Should be free!" to every single paid app were far less annoying than pirates.
  • Reply 123 of 145
    apple ][apple ][ Posts: 9,233member
    Last week on a thread about jailbreaking, I said that many jailbreakers are pirates, liars and dishonest people.



    A few morons on that thread got mad at me.



    Guess what......I still think that many jailbreakers are dishonest liars and pirates. Judging by the replies in that other thread, you'd think that 95% of people who jailbreak do it for reasons other than piracy, or so they claim.



    I say bullshit. Be a man, quit lying, grow some testicles and just admit that you're a pirate.
  • Reply 124 of 145
    tallest skiltallest skil Posts: 43,388member
    Quote:
    Originally Posted by Apple ][ View Post


    I say bullshit. Be a man, quit lying, grow some testicles and just admit that you're a pirate.



    Nah, I'll just go ahead and keep jailbreaking and not pirating anything. How's that sound?
  • Reply 125 of 145
    apple ][apple ][ Posts: 9,233member
    Quote:
    Originally Posted by Tallest Skil View Post


    Nah, I'll just go ahead and keep jailbreaking and not pirating anything. How's that sound?



    Sure, you are free to do that. You might indeed be one of the honest ones.



    But if there are 10 people who jailbreak and all 10 claim not to be pirates, that's where I have to call BS.
  • Reply 126 of 145
    zorinlynxzorinlynx Posts: 170member
    I wonder if the dev realizes that many people own more than one device and put the apps they own on all of them?



    Often a family will have the same purchased app installed on 3 or 4 devices. This means the number of people who play the game will likely always be higher than the number who have purchased it.
  • Reply 127 of 145
    gxcadgxcad Posts: 120member
    Quote:
    Originally Posted by fabian9 View Post


    Actually, you are wrong. Apple can and does check which apps have been purchased, this happens if a cracked app is updated through the AppStore. A prompt comes up to ask the user to purchase the app as it hasn't previously been purchased.



    It would be quite simple to therefore also perform this check when gamecenter is launched, or just display stats for purchased apps in GC.





    Read through half a page of unconvincing arguments before I stumbled on this one. This logic makes sense to me. Apple could restrict game center for only pirated apps...



    Perhaps they do not want an alternative to game center to emerge and become popular? Who knows.
  • Reply 128 of 145
    MarvinMarvin Posts: 15,280moderator
    Quote:
    Originally Posted by Prof. Peabody View Post


    There is no good, legitimate reason to jailbreak your phone.



    It depends what you call legitimate. I'd say being able to test out apps on the $500 device you bought without having to pay $100 every year to Apple again is legitimate. I'd say customisation is legitimate too - not just themes but gestures. A lot of the new features in iOS5 have been implemented in much the same way as software that can only be implemented on a jailbroken phone and people have had those features for a year or more now. People who follow Apple's restrictions have to wait. Waiting is not better.



    On the flip side, it appears that a lot of jailbreakers do steal apps so if Apple implements measures to stop jailbreaking, I'd rather they combine it with some more relaxed rules so that people have fewer legitimate reasons to do so.



    Quote:
    Originally Posted by katastroff


    The cracking procedure strips that copy-protection out of the app. That's why devs should put in extra routines.



    There are two steps though - cracking the app and modifying the installd binary via AppSync. If Apple did a remote hash check of the installd binary when you install an app (even a free one from the AppStore) or go online and warn that all apps would be removed on the next sync unless the OS was restored to a legitimate version, that would put a stop to it.



    Quote:
    Originally Posted by Stuffe


    Checksum the binary

    Phone home with the checksum

    Allow the remote server to sent a result back to say if it's valid or not

    continue appropriately



    Yeah, any verification step needs to be remote but another option that's interesting is the one some apps on Steam use. I think it's been cracked already but it still makes things more difficult as you have to do it yourself for every app. It's called custom executable generation (CEG) and for every app that gets installed, it compiles an executable just for your account:



    http://steampowered.com/steamworks/p...ngservices.php



    Apple can't get the source code for every app but they may be able to link a dynamic library at run-time, which has been generated from source-code they own and has to be run before the app runs. This custom executable would only have to contain a unique code that referenced the iTunes purchase.



    On connecting to the App Store or internet, it could check if all your CEGs match and if not, disable or remove the offending apps. There's no way that a unique id generated from an iTunes purchase could be reverse engineered because it would use a timestamp.
  • Reply 129 of 145
    cloudgazercloudgazer Posts: 2,161member
    Quote:
    Originally Posted by Apple ][ View Post


    Sure, you are free to do that. You might indeed be one of the honest ones.



    But if there are 10 people who jailbreak and all 10 claim not to be pirates, that's where I have to call BS.



    The pirates aren't posting on AI, they're too busy playing Angry Birds.
  • Reply 130 of 145
    cloudgazercloudgazer Posts: 2,161member
    Quote:
    Originally Posted by Marvin View Post


    There are two steps though - cracking the app and modifying the installd binary via AppSync. If Apple did a remote hash check of the installd binary when you install an app (even a free one from the AppStore) or go online and warn that all apps would be removed on the next sync unless the OS was restored to a legitimate version, that would put a stop to it.



    There's no such thing as a remote hash check, there is only a remote request for a local hash-check. To do a remote hash-check Apple would have to competely download the App/OS back down from that handset, which would be a little hot on the bandwidth. Even then the OS could just spoof it if it had a delta so that it could generate the original binary on the fly.



    Inevitably any anti-piracy measure will have a local component, and so once the OS is compromised, you cannot rely upon it.



    Quote:

    Apple can't get the source code for every app but they may be able to link a dynamic library at run-time, which has been generated from source-code they own and has to be run before the app runs. This custom executable would only have to contain a unique code that referenced the iTunes purchase.



    The CEG solution, or for that matter anything which embeds a user specific code into the binary is an option, but all it could reliably do is deny you access to the game-center, you could still play the game, because again an OS level hack could simply disable the entire process that checks the validity of the code. Moreover any such protection system would risk false positives, even if the rate is one in a million, when you have 15billion app downloads that can start to be a major headache.



    So a considerable technical undertaking, requiring additional servers, large databases, more complex cloud (redownload needs to be the same unique CEG), pissed off consumers and all you've achieved is that pirates don't get their highscores recorded.
  • Reply 131 of 145
    MarvinMarvin Posts: 15,280moderator
    Quote:
    Originally Posted by cloudgazer View Post


    To do a remote hash-check Apple would have to competely download the App/OS back down from that handset, which would be a little hot on the bandwidth.



    The hash is generated locally but verified remotely. If iTunes generated the hash of installd on the device and sent the hash back to Apple's servers, it could be verified against the correct one. iTunes could be hacked to generate a valid hash but it's an extra layer of difficulty.



    Quote:
    Originally Posted by cloudgazer View Post


    The CEG solution, or for that matter anything which embeds a user specific code into the binary is an option, but all it could reliably do is deny you access to the game-center, you could still play the game, because again an OS level hack could simply disable the entire process that checks the validity of the code.



    It could do more than that because if the purchase tag inside the CEG didn't match a valid iTunes purchase then it would remove the app whenever your device goes online or connects to iTunes. Obviously, hacked apps can be distributed with a valid code but Apple can check how many unique hardware identifiers are using it.



    Enough layers to make it not worth the bother.



    - first you have to get a jailbreak

    - you have to install AppSync

    - you have to install Installous for DRM-stripped apps

    - you have to hack iTunes to bypass the hash verification on installd

    - you have to either generate a CEG for every DRM-stripped app or you have to hack the OS to allow you to bypass the check

    - you have to block any internet connection and iTunes sync from checking for a CEG mismatch



    After that, I'm sure a lot of people would just say 'hell it's only 99c, I'll just buy the app'.



    Quote:
    Originally Posted by cloudgazer View Post


    Moreover any such protection system would risk false positives, even if the rate is one in a million, when you have 15billion app downloads that can start to be a major headache.



    They already have these checks now though. The App Store verifies your purchases and remembers apps/music you bought. Over 600 million encrypted movies/TV Shows have been sold and they know which computers are verified to play them. Even with the possibility of false positives, I think they can handle it.
  • Reply 132 of 145
    cloudgazercloudgazer Posts: 2,161member
    Quote:
    Originally Posted by Marvin View Post


    The hash is generated locally but verified remotely. If iTunes generated the hash of installd on the device and sent the hash back to Apple's servers, it could be verified against the correct one. iTunes could be hacked to generate a valid hash but it's an extra layer of difficulty.



    a) people can just go tether free in a few weeks,

    b) hacking iTunes would be no harder than jailbreaking, in fact it would be rather easier

    c) only sync your iDevice with the network cable unplugged



    Quote:

    It could do more than that because if the purchase tag inside the CEG didn't match a valid iTunes purchase then it would remove the app whenever your device goes online or connects to iTunes. Obviously, hacked apps can be distributed with a valid code but Apple can check how many unique hardware identifiers are using it.



    How exactly? Oh by issuing an instruction to iOS, which was compromised. Oh dear. Besides my hacked iOS can just not communicate app data to the servers at all, ever. The only reason it would ever need to is to access a service like game-center.



    Quote:

    Enough layers to make it not worth the bother.



    - first you have to get a jailbreak

    - you have to install AppSync

    - you have to install Installous for DRM-stripped apps

    - you have to hack iTunes to bypass the hash verification on installd

    - you have to either generate a CEG for every DRM-stripped app or you have to hack the OS to allow you to bypass the check

    - you have to block any internet connection and iTunes sync from checking for a CEG mismatch



    The hacked ROMs might lag a little, but they'd be available for easy download. Likewise the hacked iTunes. Once you had them you could pirate freely. Given that people have paid money for physical hardware that allowed them to pirate on platforms in the past, I think that just downloading some stuff will not prove too taxing.



    Never underestimate how much effort pirates will invest in not paying.



    Quote:

    They already have these checks now though. The App Store verifies your purchases and remembers apps/music you bought. Over 600 million encrypted movies/TV Shows have been sold and they know which computers are verified to play them. Even with the possibility of false positives, I think they can handle it.



    That's all entirely local. iTunes does the verification, as does the iDevice - there's no huge database to be maintained just a little bit of (easily stripped) DRM data that can be checked to see if it matches your user code. It's far simpler, and there's no possibility of a server failure causing users to suddenly suffer an inability to play content.



    What you're describing brings to mind how Steve Jobs described the blu-ray DRM situation - a world of hurt. Much like that blu-ray DRM it's a world of hurt that serves no good purpose, it would put Apple at war with its consumers, it won't happen.
  • Reply 133 of 145
    recrec Posts: 217member
    As an iOS developer getting ready to release a new app, I'm seriously considering making it so that my app will fail to run on jailbroken devices. I happen to agree that most jailbreakers are pirates, so why should I support their community at all?



    I say everyone should start to do a little extra check on the system and if its not a legit copy of iOS running then your app = black screen of nothing.
  • Reply 134 of 145
    tallest skiltallest skil Posts: 43,388member
    Quote:
    Originally Posted by REC View Post


    black screen of nothing.



    Goatse with a subtitle: "Don't pirate my stuff."



    Or smile.dog. That's always a winner.
  • Reply 135 of 145
    Game Center ID != Apple ID for purchasing apps. They are not the same, and this is clearly not a way of measuring piracy.



    I have 80gb+ of purchased apps, no jailbroken devices, no pirated apps. My Apple ID is used in our household for our iOS devices. (two iPhones, an iPad, two iPod touches) but all four of us each have separate Game Center ID's... otherwise save games, scores etc can't be compared or kept separate.
  • Reply 136 of 145
    MarvinMarvin Posts: 15,280moderator
    Quote:
    Originally Posted by cloudgazer View Post


    a) people can just go tether free in a few weeks,

    b) hacking iTunes would be no harder than jailbreaking, in fact it would be rather easier

    c) only sync your iDevice with the network cable unplugged



    They are all more compromises you have to make. There's no way you will remember to unplug the internet during every sync, especially on devices with 3G. Having to get hacked iTunes versions would be a nuisance after a short time.



    Quote:
    Originally Posted by cloudgazer View Post


    How exactly? Oh by issuing an instruction to iOS, which was compromised. Oh dear. Besides my hacked iOS can just not communicate app data to the servers at all, ever. The only reason it would ever need to is to access a service like game-center.



    You would need to connect to their servers to buy content from iTunes. Of course if you steal all apps and music and movies and don't sync using iTunes or iCloud, you can avoid it but then you don't have backups and an app you want might not exist on Installous.



    Quote:
    Originally Posted by cloudgazer View Post


    Never underestimate how much effort pirates will invest in not paying.



    Yeah, I know but as I say, enough measures make it not worthwhile. Look at Sony for example. You could say you just get a jailbreak, you download a Blu-Ray rip, copy it onto a USB drive and there you go. But banning accounts from PSN, forcing firmware updates to play new games, matching the hacked apps with your hacked firmware so they run properly and the sheer size of Blu-Ray downloads just make it not worthwhile. The PS3 is almost impervious to piracy right now and will be for the life of the console.



    Quote:
    Originally Posted by cloudgazer View Post


    That's all entirely local. iTunes does the verification, as does the iDevice - there's no huge database to be maintained



    If it wasn't server-side, you wouldn't be able to de-authorise all computers associated with your id, nor could Apple impose a 5-machine limit on your authorised machines:



    http://en.wikipedia.org/wiki/FairPlay#How_it_works



    Fairplay has of course been reverse-engineered and there's even an app for stripping DRM from other apps and the same could happen with a new scheme but if you had enough measures, I think it would at least tone down the piracy.



    The most effective hack is hiding apps from any checks - just make the OS unaware. Cydia apps don't sync to your iTunes library. But that's a one-off modification to the OS. If every legitimate application had code to perform a check of which apps were installed, they could report back to HQ. This can be updated way more frequently than the OS because they just apply the new custom executable to every new app purchased from the app store. The only way round this is to avoid using any of Apple's services ever and Apple could close down your App Store account on a detection or erase the offending apps. Yes they could strip the CEG from every app after reverse-engineering it but they'd have to keep updating it and the very second Apple updates it, BOOM, apps are gone.



    Quote:
    Originally Posted by cloudgazer View Post


    What you're describing brings to mind how Steve Jobs described the blu-ray DRM situation - a world of hurt. Much like that blu-ray DRM it's a world of hurt that serves no good purpose, it would put Apple at war with its consumers, it won't happen.



    It's not the DRM of Blu-Ray that's the 'bag of hurt' but the licensing. Apple already use HDCP DRM. Anyway, the checks impose no limitations on legitimate purchases. With music and movies, the restrictions are problematic because you generally want to use the media on multiple devices. Apps are designed to run on one type of device so there's no harm done to legitimate users.
  • Reply 137 of 145
    cloudgazercloudgazer Posts: 2,161member
    Quote:
    Originally Posted by Marvin View Post


    Yeah, I know but as I say, enough measures make it not worthwhile. Look at Sony for example. You could say you just get a jailbreak, you download a Blu-Ray rip, copy it onto a USB drive and there you go. But banning accounts from PSN, forcing firmware updates to play new games, matching the hacked apps with your hacked firmware so they run properly and the sheer size of Blu-Ray downloads just make it not worthwhile. The PS3 is almost impervious to piracy right now and will be for the life of the console.



    http://www.gamesradar.com/ps3/playst...14115917309058



    Sony went to huge efforts to block piracy on the PS3, and it still failed. Unlike Apple, Sony's primary income stream from the PS3 is from software sales, so it was highly motivated to do this - and it still seems to have failed.



    Expecting Apple to do the same when it has practically no skin in the game is ridiculous.



    Quote:

    If it wasn't server-side, you wouldn't be able to de-authorise all computers associated with your id, nor could Apple impose a 5-machine limit on your authorised machines:



    That again is dependent on trusted client software obeying the server.



    Quote:

    The most effective hack is hiding apps from any checks - just make the OS unaware. Cydia apps don't sync to your iTunes library. But that's a one-off modification to the OS. If every legitimate application had code to perform a check of which apps were installed, they could report back to HQ.



    If the code to do so was standardized it could be ripped out in a standard way, if the code wasn't standardized then it would be a huge amount of work. Also that would ruin the app sandbox model because suddenly every App has to have networking - so it would reduce user security, in order to improve developer security. If you move the communication back to the server into a special API call, then it's easy to just remove the call.
  • Reply 138 of 145
    solipsismsolipsism Posts: 25,726member
    Quote:
    Originally Posted by darwiniandude View Post


    Game Center ID != Apple ID for purchasing apps.



    Good point.



    Quote:
    Originally Posted by cloudgazer View Post


    Unlike Apple, Sony's primary income stream from the PS3 is from software sales, so it was highly motivated to do this - and it still seems to have failed.



    Another good point.
  • Reply 139 of 145
    pmzpmz Posts: 3,433member
    This topic has brought out sheer ignorance in this thread. A quick read through indicates that many people are willing to accuse everyone who jailbreaks their device of stealing from Apple, without any evidence whatsoever.



    For every person who says that if you jailbreak, you will "probably", "likely" steal pirated apps, you need your @#$%^&* head examined.



    That is no different than saying if you establish an internet connection at home with an ISP, then you will likely pirate music/movies/software.



    What a psychotic lobotomy operation Apple has performed on some you, to the point where you think legally unlocking the in and out of your device has ANYThING to do with piracy. Sick maniacs.
  • Reply 140 of 145
    MarvinMarvin Posts: 15,280moderator
    Quote:
    Originally Posted by cloudgazer View Post


    Sony went to huge efforts to block piracy on the PS3, and it still failed.



    It's a not a case of failing or not. As long as fewer people use them because of the deterrents, it helps:



    http://www.hiphopgamershow.com/2011/...-to-an-extent/



    If they did nothing, the situation would be worse.



    Quote:
    Originally Posted by cloudgazer View Post


    Expecting Apple to do the same when it has practically no skin in the game is ridiculous.



    Apple takes 30% of every sale ($2.5b paid out, $1b kept). If people steal the apps, they lose money too - this revenue keeps the store running. They stepped in when Lodsys were suing their developers so they should step in now and stop people stealing software.



    Quote:
    Originally Posted by cloudgazer View Post


    That again is dependent on trusted client software obeying the server.



    If you make a suitably complex request to the client i.e not 'are you authorised to play this - yes/no', it's difficult to break, especially if the method is revised (security by obscurity).



    Quote:
    Originally Posted by cloudgazer View Post


    If the code to do so was standardized it could be ripped out in a standard way, if the code wasn't standardized then it would be a huge amount of work. Also that would ruin the app sandbox model because suddenly every App has to have networking - so it would reduce user security, in order to improve developer security. If you move the communication back to the server into a special API call, then it's easy to just remove the call.



    It wouldn't have to be a sub-process of the app but a parent process or co-process that is killed so the sandbox is maintained and it just needs read-only access. Plus apps have legitimate access to all your data anyway so it doesn't really matter much about the sandbox when Apple violates it.



    Say your apps are the following (am = authentication method):



    Angry Birds (legit - am 1), Street Fighter IV (hacked - stripped DRM), iOS jailbroken with modified installd.



    You go onto the App Store, download Angry Birds Rio legitimately but it has a new parent wrapper that does a new authentication check (am 2). On launch, the wrapper checks out your installed apps and your OS and phones home and you're caught, apps deleted by wrapper.



    So along comes the hacker and cracks the method for am 2. Big deal, Apple implements another wrapper for every new download instantly, no update required on the user-end. As soon as you install a legit app, it wipes out your illegal apps.



    Obviously, you can avoid visiting the App Store or whatever but with enough methods that make it not worth your while then they at least put up an active resistance to app theft, which is all they need to do.
Sign In or Register to comment.