Comments for iPhone Developer Fights Back Against Piracy, Turns Cracked Apps into Demos

iPhone Developer Fights Back Against Piracy, Turns Cracked Apps into Demos

2009-03-09T13:30:29Z

A company called Sopods, makers of the Full-Screen Web Browser application for the Apple iPhone, have just implemented new ground-breaking anti-piracy measures for the iPhone platform. After pirated copies of the company's application began to surface in the wild, the application's developer, angry about the lost income, came up with a way to detect the cracked apps and then turn them back into "demoware." With this process, the cracked apps will still work, but a message will appear after 10 runs encouraging the owner to purchase the legal copy in the iTunes store or exit the application

]]> App Phones Home, Tracks Pirates, Nags Them to Buy

Ben Chatelain is the software engineer behind the Full Screen Web Browser application which was released in the iPhone App Store on February 12th, 2009. It soon became fairly popular, having now been downloaded over 66,000 times and ranking in the Top 100 Paid Apps lists in ten countries. In the U.S. and nine other countries, it also ranks in the Top 20 Utilities list.

However, within four days of the initial release, Ben received a Google Alert informing him that a cracked version of the application had been made public on Appulo.us - a site that supposedly provides the "try before you buy" functionality that's currently missing from iTunes. In theory, users can download and evaluate applications using Appulo.us, but in reality it mostly serves as a way to download pirated copies of paid iPhone applications for free.

Upset to find his application pirated, Ben began to investigate ways to detect the cracked apps in order to do something to the pirated copies out there, like shutting them down remotely or causing them to self-destruct. Still, he didn't want to do anything that would affect legitimate users of the app or cause problems with Apple that could lead to his app being pulled from their store.

Instead, Ben developed a server callback mechanism that alerted him when a copy of his application was cracked. The data sent back to him included the app's unique device identifier (UDID). For those applications registered as cracked, the server will now control a demo period. After 10 runs, a message is presented to those running the bootlegged copy, encouraging them to purchase the Full Screen Web Browser page in the App Store. The only other option provided is to exit the application.

In addition to the warning message, Ben also cleverly adds a "guilt trip" to the message, informing the users of the pirated copies that purchasing the application legally will help him feed his 1-year-old baby. (He decided against his wife's suggestion of actually putting a photo of the baby in the message.)

Says Ben, one of his main motivators for choosing the server-controlled demo option was because with iPhone applications, there's no way to save data outside the tightly-controlled sandbox in which they run. That means that demo periods could easily be reset by simply reinstalling the application. His method, which uses a web service instead, lets him control applications from outside the app's sandbox.

Piracy Troubles

Since the announcement of Crackulous, a program for pirating applications from the iPhone App Store, a lot of developers have been discussing what they can do to prevent their applications from becoming compromised. Some game developers have considered using server-based tracking methods to separate the high scores of the pirates from those of the paid users, but to our knowledge, no one has yet implemented anything like this yet.

Other developers are turning to solutions like Kali's Anti-Piracy service, which is installed as an additional layer of protection on top of the application itself. Although not entirely foolproof, it does make it more difficult for hackers to crack an application. Hackers attempting to crack Kali-protected apps will end up with non-functional copies, says the company.

But unlike other anti-piracy methods, Ben's server-controlled method, inspired by John Gruber's article on Daring Fireball, allows for the possibility of converting pirated copies into paid versions. Since the introduction of his new anti-piracy measures only two days ago, 23 of the pirated users have seen the "crack detected" message. One of the 23 ended up purchasing a legal copy. Ben reports that the current rate of pirated users is around 9.1% (758 pirates out of 8241 users who have run the app since the crack appeared). For applications whose install base is even larger, turning pirates into customers in this manner could have even a greater impact. This method could be especially useful to iPhone game developers, who, according to a game developer quoted by Gruber, are the most affected by piracy. For example, two out of three users of that particular game ran bootleg copies of the application.

The server-based tracking method implemented in the Full Screen Web Browser represents what is likely to be only one of many future attempts by iPhone developers to prevent their apps from being cracked and pirated. Expect to see more of the same soon.

Comment from Hjalmar on 2009-03-09

2009-03-09T14:58:58Z

I bet this "piracy protection" is one byte in a hexeditor away from being reversed.

Besides, this only works for applications that require a net connection, how happy would you be if your offline application for iphone suddenly refused to start when you where in a spot where there is no internet connection?

Comment from Walt Ruppar on 2009-03-09

2009-03-09T15:36:50Z

Never knew about Appulo.us before... but now I do. kthxbye!

Comment from Jim Glidewell on 2009-03-09

2009-03-09T15:38:31Z

Thanks for publicizing this.

This is a company that I will *never* do business with.

I have spent several hundred dollars on the App Store, have four Ipod touches in my household, and will simply not buy ANY iPhone app that includes copy protection beyond Apple's standard FairPlay protection.

While I hate to see babies starve, I am not willing to support software vendors who put their paying customers at risk to prevent piracy.

Apple provides a reasonable mechanism for preventing casual piracy with every App store application. Adding additional copy protection means that at some point in the future, this app is significantly more likely to break. I encourage folks to boycott any app author who adopts this strategy.

Comment from Dimitry Z on 2009-03-09

2009-03-09T16:25:30Z

So this app calls home and reports the theft? Isn't this a trojan or one of those other malicious software names? I'm pretty sure people were up in arms when a record label (Sony?) put something similar into their CDs.

As for threatening with a hungry child to stop the piracy, it reminds me of the internet laws that get passed because of the 'Fight Against Child Pornography' clause.

Comment from Bill on 2009-03-09

2009-03-09T16:29:28Z

Thanks for the new site to check out. Also, warez-bb.org and forumw.prg have quite a bit of apps as well.

Will never purchase this app, and let me tell you all, this app has been cracked again since the update and there is nothing the developer can do because he isnt as smart as the millions of pirates out there hehehehe

Comment from Ben Chatelain on 2009-03-09

2009-03-09T17:48:24Z

Legitimate copies of Full Screen Web Browser will never break with this approach. First of all, the app MUST be tampered with to even trigger any kind of protection. Also, because the server controls demo period, it can be disabled at any time should something go wrong.

Apple's mechanism for preventing piracy is not longer reasonable because there are thousands of apps which are already cracked and it is trivial for a user of a jailbroken phone to install one. They can even crack apps themselves in mere minutes.

I believe this approach to piracy is the best compromise and actually creates some value in the wide distribution of cracked copies of our app. Other options are to raise prices or to use more draconian methods of copy protection, neither sit will with me.

Comment from Joel on 2009-03-09

2009-03-09T17:56:29Z

" I am not willing to support software vendors who put their paying customers at risk to prevent piracy."

Right -- the risk that you'll be suddenly with a full screen Safari browser -- holy sh*t! That'd be sooo tragic. So logically: let's boycott this guy for trying to protect his hard work and right income from it?!

"there is nothing the developer can do because he isnt as smart as the millions of pirates out there hehehehe"

A million laughs -- jerk.

"So this app calls home and reports the theft? Isn't this a trojan or one of those other malicious software names? I'm pretty sure people were up in arms when a record label (Sony?) put something similar into their CDs."

Mmm NO. The sony rootkit was different because it installed itself with root access, among all the other issues, it was a security risk. This mechanism operates within the app itself, unlike a music CD installing software to playback. So, is it wrong for an app with a commercial license to verify that is legitimate, seems like it comes with the territory?

Suck it up you paranoiacs. Afraid of a software dev with a bad attitude getting GPS info and hunting you down Charles Bronson 'Death Wish' style and strong arming you for 99 cents, is it really about privacy? Or are you just cheapskates?

Comment from Nate on 2009-03-09

2009-03-09T18:50:46Z

"this app has been cracked again since the update and there is nothing the developer can do because he isnt as smart as the millions of pirates out there hehehehe"

I don't think he claimed to be smarter then them, he just wanted some sort of protection for his hard work.

Seriously, why would you state something like that? Did you think you were being smart, hope not? I think most users who read that part were thinking, "Wow, its another internet loser. Wonder what hes done with his life." But, if it really tickles your pickle to state such a useless thing, to each their own. No one is really going to stop you from posting these things, not many will care. Though it made me chuckle at reading that.

Comment from Dimitry Z on 2009-03-09

2009-03-09T19:38:52Z

@Joel - "Or are you just cheapskates?"

As some other commenters have said, there is little a person can do to protect their software on other peoples devices. I was implying that the action by Mr. Chatelain is the kind of response to piracy that in the past has caused misunderstanding and negative reactions from users.

Comment from Don on 2009-03-09

2009-03-09T19:39:12Z

I think that there is nothing wrong with a developer trying to prevent their software from being pirated, it's in their right to protect their business. However I think that trying to out smart the hacker community is just useless.

It's Apple's responsibility to continue to improve their DRM or disable the cracked iPhone apps with their firmware updates, as they do with the jailbreaked phone. But they are failing to do so, causing developers to take this into their own hands. I personally like the stance of the developers of mobileairmouse.com (in their FAQ section). Although there are some people who are just thieves and don't want to pay for anything they can get for free, a lot of people are sick of paying for crappy apps and have resorted to piracy. Hopefully enough of those users will actually pay for apps that they consider useful.

Comment from allgood2 on 2009-03-09

2009-03-09T19:54:29Z

Hhmmm... this reminds me of when shareware was becoming popular. Tons of developers starting investing in increasingly complicated and expensive schemes to stop pirates and freeloaders. Until a few developers started standing up in stating, that they'd prefer to invest their time in creating an application that people want to pay for and see further developed, than wasting their time trying to keep ahead of pirates.

The problem with pirates, at least most of them is, they don't want to pay for your app. No matter how good it is, how affordable it is, how great a service you provide. And worse yet, they suck time and attention away from paying clients. If the developer believes there are actually potential clients among the pirates, because some people want to try before they buy; then release a free version, that randomly nags say once every 30-45 days.

The problem when developers start fighting pirates is that it becomes this big game of back and forth and the generally speaking, the developer can't win. Because while you're trying to work for a living: they're forcing you to compromise your code, divert your attention, and lose focus from your clients.

That's not to say a minimal amount of protection isn't good. Just that this dogfight has already been fought. The developers got beaten down, until they made a collective comeback by giving a virtual finger and focused on persuading potential buyers to buy.

I can't remember who made the stand first, but I remember personally buying a large amount of software in the month or so after that, to support all the other developers who stood up behind him, and removed all that very irritating anti-piracy protection from their applications.

Comment from Jim Glidewell on 2009-03-09

2009-03-09T20:12:02Z

While folks like Joel might be willing to go back to the days where every vendor used a different copy protection technique, and every system update broke a few dozen apps, I am not willing to.

Ben can choose to implement any sort of foolish copy protection that he chooses to - but I will go out of may way to let the dozen or so folks that I know who own iPhones to avoid his app like the plague.

He has made the choice to put the protection against piracy higher on his priority list than doing everything possible to make his app the best it can be for paying customers - his priorities don't match mine.

Chasing after pirates in this way is stupid - the App Store provides a marketplace where literally millions of people with un-hacked iPhones and iPod touches, with a mechanism in place to prevent casual sharing. While there are no doubt a lot of people with hacked devices, their numbers are dwarfed by the user of un-hacked iPhones
and touches.

I am really not interested in evaluating on a case-by-case basis how obtrusive the additional copy-protection might be - there are enough apps out there that it is easier to simply dismiss as defective garbage any app that adds additional layers of copy protection.

Based on this criteria, this application is junk. IMO, Apple should remove any application from the App Store that implements additional copy protections to protect their paying customers. At minimum, there should be a clear indication of this in the App Store itself, so users can make an informed decision.

Comment from Jeff on 2009-03-09

2009-03-09T22:34:49Z

Curiously enough, I'm surprised Apple haven't shut him down already. Apps that change their behaviour based on info they download from the Internet are verboten according to the SDK agreements.

That's the key reason you don't see a Python interpreter, or a native Flash runner. Because Apple can't control the content that ends up on the machine

Comment from Bertil on 2009-03-09

2009-03-10T00:11:18Z

I would like to have the opinion of the leaders of the hacking community: are you disapointed that you work against Ben Chatelain? Would it take you so much more effort, say, to re-develop a similar App and submit it for free? Or do you recognize yourself among the million laughts?

Jeff: The app doesn't change it's behaviour based on downloaded information — the modified app does; that might explain Apple's reaction. If you care, I think that the replicator isn't held in the highest regard anyway. I have to say: while I like to have someone arguing for certain features (e.g. video streaming) that part doesn't appear as constructive as developping for Android.

In a similar vein: has anyone developped an anti-advertising system?

(Facebook Connect doesn't work: the text in French is too long and the button is outside of the pop-up window, with no scroll bar to reach it. Please can you tell Facebook?)

Comment from Richard Azia on 2009-03-09

2009-03-10T04:31:20Z

I think that guy is going to annoy a lot of people by doing this. Not sure of the price of the app but sometimes piracy can help build up adoption over time. Worked for some programs I've used.

Comment from Brian Bufalo on 2009-03-09

2009-03-10T04:49:48Z

Yes but this is probably the guys bread and butter. It's a recession, let him make his $$$$$!

Comment from ejonesss on 2009-03-10

2009-03-10T10:00:32Z

all that has to happen now is someone like obdevelopment or whoever makes little snitch make a version for the iphone to block the phone home.

or if the iphone has an equiv of the hosts file then the server could be blocked and redirected to 127.0.0.1 or 0.0.0.0.

127.0.0.1 is localhost and 0.0.0.0 is an invalid ip address.

also cracking is a lot more than that often a cracker has to change the jump routine in hex to jump past the registration and remove the phone home system.

Comment from Charles on 2009-03-10

2009-03-10T15:47:58Z

This is the perfect try b4 you buy method the App store needs.

Comment from tester on 2009-03-10

2009-03-11T02:01:00Z

his app has already been patched. check appulo.us.

there are already lot's of applications out there which have additional protection and a few patchers are working on them.
the only new thing here is the "killswitch" triggered by his server.

Comment from tester on 2009-03-10

2009-03-11T02:03:44Z

his app has already been patched. check appulo.us.

there are already lot's of applications out there which have additional protection and a few patchers are working on them.
the only new thing here is the "killswitch" triggered by his server.

Comment from gu1337 on 2009-03-11

2009-03-11T17:05:54Z

we have an extensive collection of cracked apps, and movies, come visit www.GU1337.com

Comment from wtf on 2009-03-21

2009-03-21T15:37:51Z

I'm always amazed to hear you people scoff at developers trying to protect their hard work from thieves. Why don't these criminals steal from professions that actually DO NO REAL HARD WORK and get paid millions, and ruin countries? Why not target bankers, lawyers, etc? Direct your virgin anger at an appropriate target.

Comment from Jack on 2009-03-22

2009-03-22T08:43:27Z

Hey!!

If any devs are interestedy here's my little post on protecting against cracking:

http://www.everythingapple.org/cracking/developers-how-to-protect-your-apps-from-being-cracked

Comment from frank rapport on 2009-07-05

2009-07-05T19:20:07Z

Cracking a 99 cent app for people who bought overpriced and overcharged Iphones? Seriously people, work toward the universal & low access fee, micro payments for use and far fewer attempts to throttle the pipes with tolls.

Comment from Thomas Walker on 2009-08-06

2009-08-06T13:22:53Z

Heres what would solve the fucking problem, if apple got their act together and found a way to stop JAIL-BREAKING. Hahaha that would be fucking funny wouldn't it, Millions of weeping cheapskates for years to come.Without precious appulo.us.And i think it's hilarious how all the twats out their using cracked apps suddenly regard themselves as "master hackers". There such a consumer in that situation! They forget that their Suckling of the boob of 1 intelligent person. HA! leave them on their own and ask them to re invent jail-breaking. Oh and jim if you were a developer you wouldn't have made that twattish remark. And as for this server idea, fucking fantastic lets get it working. He-he just thinking this comment probably is going to piss off everyone who isn't a developer.

Comment from Chris on 2009-08-25

2009-08-25T23:24:19Z

Just let me make something very clear here.

I buy software, well at least I use to. I bought a very popular piece of software under the jailbreak system. It was working fine then after a while it poped up a very nasty message telling me my copy was pirated and i was a criminal. After contacting the developer i was told it was an unfortunate bug in the licencing software. I received no appology and I had to wait for a new version to be released. I also found out the application was phoning home with my details. None of this was mentioned in the EULA. How dare a developer steal my personal information. This developer is engaging in piracy himself and on a huge scale, and for what outcome, the loss of a real customer.
These developers should spend more time writing good apps rather than worrying about the imaginary losses of piracy. By your own figures in this article only one person bought the app. Developers should concentrate on the people who buy their applications not the pirates (who will never buy the it anyway) at the expense of legitimate customers. I am a legitmate customer one has now lost.

Preventing someone from stealing a Ferrari does NOT make him go and buy one.

Comment from mk12 on 2009-10-03

2009-10-03T23:21:48Z

Justifying the piracy of an applications because its only 99 cents is idiotic. Would you shoplift a $1 pack of gum from a store? Don't be a loser, you can afford an iPhone, you can afford to pay 99¢ for an application that a developer has worked hard on. Or why don't you steal the groceries this week -- It'll be free that way. It doesn't matter if software all boils down to 0's and 1's, someone on the other end has spent a long time learning to become a developer and needs to earn a living just like everything else. You can not justify software piracy, and it will only make you look like an obnoxious jerk.

As for this situation, you can't get mad at someone who's trying to protect his hard work from theft. How about you decide to never walk into another store that uses security cameras?

Comment from therealmk12 on 2009-10-06

2009-10-07T04:30:40Z

piracy and jailbreaking an iphone are two different things. You should understand that since almost every new big "feature" thats come out in the latest iphone updates has been stolen from the jailbreak scene... people who want full control over their phone are different than people who want to steal apps. as with any device or technology there is always people trying to do no harm, and then those who come in and use that as a gateway to their own means.

2 cents.

Comment from mk12 on 2009-10-08

2009-10-09T04:26:08Z

Are you talking to me? If so, I know that jailbreaking an piracy are different. My iPod Touch is jailbroken, because I know what I'm doing and I want the full potential of my product. Piracy, well read my other comment - #27. And there's nothing wrong with a developer protecting against piracy, and there's no reason to think badly of people who just jailbreak.

Comment from Lol on 2009-10-19

2009-10-19T09:55:59Z

@Thomas walker

Lolz, you just don't get it do you? Apple has tried to fix jailbreak plenty of times, and failed. Every. Single. Time. And we would not cry about it, we would just go about fixing it. I lol'd at your fail post because you won't jailbreak your iphone/iPod.

Comment from Buzzy on 2009-11-12

2009-11-12T23:40:40Z

Wouldn't have been a problem if Apple had just adopted a similar approach that Q did with BREW