Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

iOS What to do about Pirates?

PhoneyDeveloper

PhoneyDeveloper

macrumors 68040
Original poster
Sep 2, 2008
3,114
93
Hi All,

I've been ignoring the piracy issue for a long time but decided that I'd look into it. For the purposes of this discussion let's assume that we think app piracy is bad for us and we want to do something about it. There are plenty of sources on the web of how to detect piracy, so let's not get into that either.

Assuming that there are existing methods to detect if a copy of my app has been pirated what is the proximate goal of employing anti-piracy measures? Is the goal to prevent the app from being pirated completely or is the goal to make life unpleasant for the user who has downloaded a pirated version of the app? Or are there other goals?

Assuming the following code

Code: 
if (thisAppHasBeenPirated)
   doSomething();

What are the options for doSomething()? Do I want to post a nag screen or erase his hard drive, or something else?

Also, any real-life stories of your own apps and experiences with anti-piracy methods would be interesting.
 
What do you mean "in code"? You mean inside your app? That would be cool if you could detect something like that inside your app and lock up the screen or something. Maybe put up a fake piracy app in cydia that locks up the screen and does something to piss the person off when a they open it. I've never really faced piracy issues because my app is free, but that would be cool if you could do something like that
 
Have we already kinda covered this whole topic in this thread?
Click to expand...

No not really.

That thread mostly seems to cover the question of 'is it worth your time to put piracy-protection into your app.' My assumption is that it is.

Apps with no piracy-protection can be pirated in a few seconds by running a script. An app with a few more minutes of development can avoid being pirated by an automated script. Or can at least put up a nag screen or erase the pirate's hard drive.

Again, I'm wondering what the strategy should be with anti-piracy code. Cause the pirate pain? Cause the end-user pain if the app is pirated?
 
PhoneyDeveloper said:
Apps with no piracy-protection can be pirated in a few seconds by running a script. An app with a few more minutes of development can avoid being pirated by an automated script.
Click to expand...
Avoid being pirated totally? Doubtful. Pirates are sneaky; they will find a way.

PhoneyDeveloper said:
...or erase the pirate's hard drive.
Click to expand...
I don't think a iPhone app has anywhere near that kind of power.
 
I don't think a iPhone app has anywhere near that kind of power.
Click to expand...
Pirated apps run on jailbroken phones. Why can't they erase files outside their sandbox? Or erase themself?
 
Depends on why you think app piracy is bad.

If you think it's bad because it loads down your server, then don't let a pirated app connect to your server. (Have it try connecting to 127.0.0.1 instead.)
 
PhoneyDeveloper said:
Pirated apps run on jailbroken phones. Why can't they erase files outside their sandbox? Or erase themself?
Click to expand...

Because it would never get past Apple, so would never be in the App Store, so would never be downloaded and cracked by a pirate, so would never be distributed amongst jailbroken phones.

Unless: You put your normal app on the App Store, then intentionally released a 'cracked' version of your app with the 'special code' into the piracy circles. But that's just plain sneaky.
 
Because it would never get past Apple, so would never be in the App Store, so would never be downloaded and cracked by a pirate, so would never be distributed amongst jailbroken phones.
Click to expand...
You think that apple tests apps on jailbroken phones?

So what to do instead? Put up a nag screen?
 
PhoneyDeveloper said:
You think that apple tests apps on jailbroken phones?

So what to do instead? Put up a nag screen?
Click to expand...

I'm willing to bet they'd notice something out of the ordinary going on! It's hardly going to be one line of code that you just slip in there.
 
If the pirate cracker notices anything different, like a quick exit or a nag screen, they can disable that with a patch. If they don't notice something, then they won't patch it out before distributing the app. They may never notice something delayed and subtle, like the enemy creatures in a game gradually get nastier over time until the game is no longer fun to play. Or the broken app starts occasionally crashing randomly after entering the 300th inventory item. Anybody who downloads this type of broken app will come to really dislike your app, if that's what you want.
 
firewood said:
If the pirate cracker notices anything different, like a quick exit or a nag screen, they can disable that with a patch. If they don't notice something, then they won't patch it out before distributing the app. They may never notice something delayed and subtle, like the enemy creatures in a game gradually get nastier over time until the game is no longer fun to play. Or the broken app starts occasionally crashing randomly after entering the 300th inventory item. Anybody who downloads this type of broken app will come to really dislike your app, if that's what you want.
Click to expand...

but it could be equally damaging to his business if there are people going around saying the app is impossibly hard, or broken (even though they are using a cracked app)
 
Absolutely any code that you put in an app to either make it hard to crack or to make it an annoyance to a user who downloaded a cracked version can be removed by a dedicated cracker. That's a given.

Do the crackers give up if there are twenty different places in the code that put up a nag screen? I have no idea. What if they find some, release the cracked app, and then more appear because they didn't find them all?

If you don't put up a nag screen every time a cracked app is launched or you don't put it up every place in the code that it could be shown every time then it's likely that some of the anti-piracy code would sneak through.

Of course you could have some code that refuses to run (eg, puts up a modal window with no buttons on it) and other places where it's just a nag screen. Maybe after enough launches the app could try to erase itself from the hd.

In some sense nag screens turn an app into a kind of shareware. If the user likes the app enough they can buy it from the appstore, with no nag screens.

How many hours are the hackers willing to put into patching a given app? I gather that the automatic cracking that works on a naive app is done by a script and modification of the Info.plist file (it is incredible that such a security hole exists). While it's possible to insert code that prevents the automatic cracking from working that's the kind of code that can be easily patched.
 
i am interested in knowing if in-app purchasing could be a solution to this problem. i've read on different forums that it's impossible to hack modular apps supplied by in app purchases. while i have yet to study or produce an app using in app purchasing, i'm not convinced that it would be crack-proof.

thoughts?
 
PhoneyDeveloper said:
You think that apple tests apps on jailbroken phones?

So what to do instead? Put up a nag screen?
Click to expand...

There was an app (Police Scanner) that had this nag screen on it. It would display the nag screen then immediately close the app and then forward the user to iTunes to buy the app. A fix was available within minutes that disabled the nag screen.

Anything you do can be undone.
 
I think that inapp purchase has some ability to work against piracy but I haven't looked into it in detail. I think that it downloads a credential to the user's device and there's code that checks the credential and adds features to the app. In the end though there's code somewhere that can be patched to think that the credential exists or that its check turned out valid so it can be patched. Making the code difficult to patch is part of the process.

Regarding doing something severe, like erasing files or corrupting files would only make sense if the user can know that it's your app that has done this I think. They won't be inclined to buy the app if they don't know that an unpurchased copy is a bad actor. I guess if it erases itself that would be a big clue.
 
SpaceKitty said:
Anything you do can be undone.
Click to expand...
"SpaceKitty" is right any type of code that you could possibly think of to put in your app can be undone in some way shape of form. No matter what you do a hacker could so easily decompress the file change the code and put it on cydia or something.
 
Something like running ads in-app, so that you will still make money from impressions, even if the app is pirated?
 
I have a LITE version of my app, which is free.

The LITE version has a link to upgrade to the paid app.

My "do something" for the paid app is to turn it into the lite version.

if (piracy_detected) { version = LITE;}
 
PhoneyDeveloper said:
Pirated apps run on jailbroken phones. Why can't they erase files outside their sandbox? Or erase themself?
Click to expand...

The main problem with this is that you could really really get sued for millions of dollars if your app accidently harmed someone's device. The proof would be easy.

Also, if you put traps in your phone to go after pirates, your app will likely end up here:

http://hackulo.us/forums/index.php?/forum/61-self-aware-apps/

It seems that the more anti-piracy code you put in your app, the more interesting puzzle you make it. "Crackers" love a challenge -- it's more exciting to crack your app than the actual app it self.:p
 
Here's my current thinking on this:

There are several categories of apps: free apps, naive apps, and apps that have anti-piracy code. Free apps, by and large, don't need any hacking. Naive apps can be cracked by running a script or by one of the cracking apps the crackers have built that work by the same method as the script. Basically anyone can crack an app by tapping a few buttons in the cracking app. The third category of apps that have anti-piracy code can be modified by the script but will detect that they've been cracked and either quit or crash or send the user to a web site.

It only makes sense to me to convert my apps from the naive category to the anti-piracy category. It then becomes a numbers game. How many crackers are there? How desirable is it to crack my app? How hard is it to crack my app?

I don't have any numbers on these categories but there must be tens of thousands of naive apps. The crackers crack those apps merely by wanting to. Cracking an app that has anti-piracy code in it requires some effort. I'd bet that there are only dozens of crackers. There are certainly not thousands of people who have cracked non-naive apps.

What I've done is to add code to my app that detects if it's been cracked and then quits or sends the user to my app's web site. There are a few bits of code in the app to make it harder to crack and of course some of this code is implemented in an obscure manner. I have no doubt that it could be cracked but not by a script.

There's a limit to how much time I want to spend on this and there's always a risk that bugs in my anti-cracking code could cause problems for legitimate users.
 
PhoneyDeveloper said:
It only makes sense to me to convert my apps from the naive category to the anti-piracy category.
Click to expand...

If you think the ROI on time spent chasing pirates exceeds the ROI on time spent adding features that will make honest people want to buy your app...

... you are wrong.
 
You must log in or register to reply here.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom
Back