Quote:
Originally Posted by jsonli
Well I think the biggest advantage we have is that we just need to beat automated cracking tools rather than someone doing it manually.
I am not sure if you are right about touch, if a jailbroken phone can run programs as root, touch should be able to modify any timestamp. I'd be wary of the timestamp check, and to be safe I'd never use it alone at this point.
BTW regarding the encryption check, is it possible to check whether a phone is jailbroken or not? If so, we could just add that to the check.
i.e. jailbroken + not encrypted == pirated.
I'm assuming the Apple reviewers are not using jailbroken phones to test. 
I'll take a look at those sites. I tried googling a few, but they all asked me to enter a password before I could enter LOL. |
You're right, automatic tools are, in large part, the only thing we need to beat, unless your app is expecting hundreds of thousands in revenue.
The Time Stamp check is a good bet, only if you have other measures to circumvent automatic crackers. Meaning that this check will not stop the automated processes because they could change the programs to keep the timestamps the same, but might easily stop the manual crackers.
Regarding the encryption check, I think that's a great idea. However, checking if the user is jailbroken can be bypassed in many ways, especially if anyone reading this is not a legitimate iPhone Developer, and who's to say that the reviewers are not in fact jailbroken users? Instead, you could try layering other methods like the SignerIdentity method and the Encryption method, but the main problem with layering checks is that if one method is patched, then so are all the rest.
Good work though, I like the innovation!
