I think there is a major flaw in your logic. Here's how it goes (I think):
* The first person that wants to hack your app actually BUYS your app.
* They then crack it (on their computer, not iPhone) and make it available at many websites.
* 1000's of people download and install the cracked app.
* Your code now treats all of these users as the original hacker.
* The original hacker has a legitimate copy of your app and they are NOT punished by your code.
Don't you think the hacker would first run the cracked version to verify that the crack indeed works?
Don't you think the hacker would first run the cracked version to verify that the crack indeed works?
That was my (unwritten) logic.
But Rick, your logic may be even better.
I don't know how a hacker thinks... a developer would test the app first.
But if he/she doesn't I'd treat 'innocent' people. (They downloaded and installed the cracked app!)
The string thing:
You could easily use the app name and use some algorithm to transform that to "SignerIdentity" by runtime.
I'm not going to add this to any of my apps.
I just call [[UIApplication sharedApplication]terminate] after displaying an alert.
If a hacker is a more genius one... what can I do?
I don't have to live on the money I get from the apps, so that isn't the problem.
But these ******* damn pirates are driving me crazy... why do people have to do this?
Maybe. That new tool Crackulous (or whatever it's called) it literally a one-click-and-it's-cracked tool. What's there to test?
Here's a good example. My app fails to run properly if it detects it's been cracked yet my app can be found posted on cracked app sites. Go figure.
Perhaps that's the sad state of a hacker's life? They don't really care to check if the hacked version works or not -- they just crack it and make it available to others for the sick satisfaction of having done it.
You are forgetting that there are simulators. So the original hacker can test the app on their simulator. no need to endanger a perfectly healthy system.
Alternatively you could just hardcode a check for the size of the info.plist file. This shouldn't change from when you build your binary and such a check would be nearly impossible to detect without detailed examination of the assembly code.
You are forgetting that there are simulators. So the original hacker can test the app on their simulator. no need to endanger a perfectly healthy system.
Simulator != emulator. They can't run ARM binaries (which is what they have) in the simulator.
Perhaps that's the sad state of a hacker's life? They don't really care to check if the hacked version works or not -- they just crack it and make it available to others for the sick satisfaction of having done it.
Hacking like anything else has ego and reputation attached to it. If you release a bunch of stuff that doesn't work people will stop trusting you and won't download your stuff. That's why they at least make sure it works for them before releasing.
there are several approaches here , here are some, if anyone has an "out of the box" idea please post:
1. do nothing
2. covertly send info
3. do something harmless
4. do something minor but offensive
5. delete person's data at some level
6. make a web site with details of the offending users
7. submit report to apple
8. ask apple to fix this
There *must* be something better here!
I think that the first on foremost problem is that using software, the program can be led to think anything - that the HW is legit, that the user paid, etc. etc. so nothing you can code at software level will be likely to help for a long time (even covert sending of information can be stopped easily).
There should be some kind of a merge between social engineering , HW and SW...
+ don't forget that some people hack their phones simply because there is no other way, they want to use them in their countries.
An interesting thought... can a lawyer draft out an end user agreement that states that if the software has been stolen the user is responsible for everything that might ensue?
+ don't forget that some people hack their phones simply because there is no other way, they want to use them in their countries.
No one is objecting to that. You purchased a piece of hardware, if you want to glue it to the wall that's your right. We're objecting to people stealing our software.
I don't have any apps in the store yet (I'm in review) but here's my take. I think it's a futile waste of time to battle app crackers. They are not in it for the apps, they are in it for the pleasure of cracking and the pleasure of building "collections," in many cases they'll never even use the apps but once or twice, if that. Building in phone-home routines, kill-switches and other weapons have a far likelier chance of tripping a false positive and pissing off a legit user than deterring a cracker.
Copy-protection (aka DRM) has NEVER worked long-term and it always ends up making legitimate users angry.
I don't have any apps in the store yet (I'm in review) but here's my take. I think it's a futile waste of time to battle app crackers. They are not in it for the apps, they are in it for the pleasure of cracking and the pleasure of building "collections," in many cases they'll never even use the apps but once or twice, if that. Building in phone-home routines, kill-switches and other weapons have a far likelier chance of tripping a false positive and pissing off a legit user than deterring a cracker.
Copy-protection (aka DRM) has NEVER worked long-term and it always ends up making legitimate users angry.
You don't get it.
Nobody (at least not me) is saying it makes business sense to fight the cracks. Actually, I don't think it will have any impact on the sales at all.
However, for the same reason that "they are in it for the pleasure of cracking", at least there should be a case that some developers are in it for the pleasure of screwing up cracking. It is a game of cat and mouse, and it is a fun game if you are into it.
Nobody (at least not me) is saying it makes business sense to fight the cracks. Actually, I don't think it will have any impact on the sales at all.
I'm not saying that there is sense in it, but on the other hand, not doing anything will impact sales. See software and music industries. The easier it is to copy the more people will do it for free.
I don't have any apps in the store yet (I'm in review) but here's my take. I think it's a futile waste of time to battle app crackers. They are not in it for the apps, they are in it for the pleasure of cracking and the pleasure of building "collections," in many cases they'll never even use the apps but once or twice, if that. Building in phone-home routines, kill-switches and other weapons have a far likelier chance of tripping a false positive and pissing off a legit user than deterring a cracker.
Copy-protection (aka DRM) has NEVER worked long-term and it always ends up making legitimate users angry.
It's not about deterring the dozens (maybe hundreds?) of crackers, it's about the hundreds or thousands of sales you will miss because anyone wanting your application can find the cracked version and download and run it, rather than paying for your AppStore version. Crackers aren't cracking the applications to just share with each other. They're posting the cracks on websites and torrents where anyone can come along and grab it.
I still have not decided what I want to do. Maybe use the GPS function and say that we are coming for them. Since it is on a jailbroken device, they do not have to be prompted Need better ideas though. My first idea is to delete some system files, but I am afraid of the 1 in a million chance of a false-positive on a jailbroken device. If the false-positive was on a regular phone, the file system would not allow the deletion of system files. The other case, oops.
Here's the approach I'm about to take with an update I just sent to Apple. If I detect a cracked app I simply launch Safari taking the user to a special page on my website. The page states they are using an unauthorized copy of my app. It states it's not fair for them to be stealing my hard work (trying to appeal to their better self). It states I have a free Lite version that they can try risk free. I have easy links to the rest of my website to see app details and easy links to see the app in the App Store.
Nice an benign. Why **** off a potential customer?
Will this stop the hackers? Of course not. Will I get more sales? Maybe. Did I waste my time writing the code to check for a cracked app and author another page on my website? Definitely not. It was interesting. I learned something. How could that be a waste of time?
Oh, and I do pass their device id to the URL so it's logged in the server logs
I think a warning would suffice. I will also alert them that using a jailbroken device leaves their filesystem unprotected. Since developers are catching on, they could be potentially harmful to their phone. Maybe scare them enough to think twice about downloading cracked apps.
However, I really want to do something /*slightly*/ malicious. Maybe corrupt my app so it will not start up. Maybe corrupt the phone app Probably no to the latter.
There are nearly limitless "fun" ideas that could be implemented, considering their phones are vulnerable. Create a bot from the phone. Could use undocumented frameworks. Maybe turn it into a spam server, for their own email. Receive hundreds of new emails every minute from themselves. Maybe even state that piracy is bad. This thread has turned into a day dreaming thread about what we would like to do to the pirates :P
I'm all for trying to turn the people that downloaded a cracked a copy of an app into a paying customer. I used to just put up an endless activity view that could only be ended by pressing the Home button.
But it occurred to me that this was silly. Making your app act badly will just annoy the person and they will delete your app and never look back.
Why not make some effort to appeal to the person's better side and get them to try your app. Maybe you'll get a new (paying) customer instead of a pissed off user.
Who knows. There is a lot to be said for screwing with someone that first stole from you.
Need better ideas though. My first idea is to delete some system files, but I am afraid of the 1 in a million chance of a false-positive on a jailbroken device. If the false-positive was on a regular phone, the file system would not allow the deletion of system files. The other case, oops.
Linear Mode
