Sunday, November 2, 2008

Strategies - An Introduction

In this posting we'll discuss some of the various strategies you, my intrepid and enterprising App Store developers, can utilize to protect your application.

So your application got cracked. Now what?

If you've been following along then you'll know there are several ways to detect a compromised application bundle. There are a few more ways that you can use but those are the aces in my sleeve and will be revealed at a later date.

Some of you might think, "okay so a 15 year old pizza face offspring of some yuppies just cracked my application... I'll just push out a new update and quit the application if Info.plist is modified!" Well, yeah, you could do that. But what's the first thing the cracker is going to do after he cracks your application? He's going to run it to test his handy work.

If your application bombs out on execution then it's a simple task for a kid with a hex editor to modify your decrypted application so that it doesn't crash.

Your knee jerk reaction has been thwarted and you've only slowed down ONE cracker and ZERO copiers.

Really, so NOW what?

If you remember the previous article (Prelude) then KNOWING is half the battle. The process for cracking an application is literally automated.

TAKE ADVANTAGE OF THAT FACT.

If copies of your pirated software are using resources on an external server, say, for tracking high scores, downloading new resources for your application (hello Tap Tap Revenge NIN edition!), a help or feedback screen, then use this to your advantage.

Be Subversive

If you're making an AJAX, SOAP, or HTTP request then just pass along a little more information in the query string to indicate the user doesn't own your software. On your server, alter your behaviour for these users.

You could forget the high score or triage the scores into a list of high scores for pirated users.

Instead of downloading new NIN songs, you could serve out RIAA/MPAA propaganda songs that tell users not to pirate.

Instead of providing a help screen with a list of troubleshooting advice, alter the list with a first step that says, "BUY MY SOFTWARE AND THEN I WILL HELP YOU".

But sir, this is just more work!

True, it is, in the short term.

There's the old software adage, "You can't fight piracy.. those zit faced virgins wouldn't have bought your software anyway."

Now consider a convenient store keeper. He doesn't say, "Those kids wouldn't have bought candy anyway.. let them just steal it!"

Stealing from a faceless corporation is one thing, but the App Store isn't a corporation. It's made up of software from people like you and me. Apple takes a sizable cut for being the proxy between sellers and buyers so this doesn't leave much of a margin for sellers.

In other words: Every penny counts.

If you can catch someone who has pirated your software, and willfully convert them into a buyer, then you've made some cash. If you ignore piracy then you've made nothing.

Homework

Re-read this article, re-read my previous articles. You now have the tools to catch a pirate and hopefully take his money.

Be sure to leave a comment here if these methods have worked for you.

I'll be presenting something really interesting within the coming week, so stay tuned!

1 comment:

Anonymous said...

I just launched an app that phones home. We wanted to phone home to track user usage so we could make the app better by enhancing features.

Little did we know that we would be able to compute the crack percentage by dividing the total number of UDIDs seen when phoning home by the units of sales.

We came up with about 30%, which seems to agree with numbers you've posted.

Keep up the good blog!