Friday, October 31, 2008

Primer

A Very Brief Overview of a Cracked IPA

Basically a cracked IPA has the following:
  1. A modified Info.plist, usually converted to text from binary
  2. A decrypted image of your application binary
With these facts in hand you'll have enough knowledge to perform some rudimentary operations to verify that your application has or has not been compromised.

Hogwash

If you search around the various iPhone discussion blogs and forums you'll find threads about people asking how to prevent IPA cracks. Invariably someone will chime in saying, "You can... but not without using undocumented SDK API!"

This is hogwash.

Using an undocumented API usually leads the poster, or immediate repliers to chime in with, "... and using undocumented SDK API means a form rejection letter from Apple!"

This too is hogwash.

There are plenty of applications on the App Store that use undocumented API. Ever notice UISegmentedControls that don't toggle on tap? What about silent UIPickerViews?

The thread usually peters out with people saying,
  • "You should be proud 15 year olds think your stuff is good enough to steal!"
  • "Why do you care.. your app is $0.99 anyway!"
  • "Piracy is a victimless crime!"
  • "They'll just crack your software again so why bother!"
  • "Piracy is a socio-political issue and is much larger than one developer's $0.99!"
  • "Those kids wouldn't have bought it anyway... they're broke!"
These are very good points and are not worth debating on this blog unless you feel like wasting your time.

However in my opinion the points above are all complete hogwash.

Re-Value Your Time

Okay, so you spent a bunch of your spare time coding your application. You neglected your wife, your kids, your friends and your pets.

You gave Apple your $99 yearly developer fee. You managed to get XCode to build a distribution release of your application AND it got signed properly.

You successfully uploaded it to the App Store for $0.99 per download and now you're collecting your monthly stipend.

You Google around for your app just to see what kind of juice you have with the bourgeois. Maybe your cyber ego needs some stroking -- who knows? After clicking through three pages of search results, you find someone has posted your cracked IPA on RapidShare.

Some 15 year old kid with really nasty zits has marginalized the time you've spent writing this application.

I bet you're pissed. But now what?

Stay tuned for my next installment.

No comments: