I am an iPhone developer, I am doing a project. For security reasons, I must make sure my app run on a no jailbreak iPhone. I want to know how to check it use public API.
Thanks very much!
No API exists to perform such a check.
Jailbreaking a device (using any of the various forms of jailbreaking) only needs to touch files which are outside an application's sandbox. Attempting to inspect them therefore carries a risk that your app will be rejected. Even if you can inspect them you have no way to differentiate a change due to jailbreaking from a change due to an OS update.
Finally please be aware that a jailbroken device does not necessarily mean the user has pirated your app. Users of jailbroken devices are free to purchase and install apps via iTunes just like anyone else and are likely to be rightly unhappy if your app refuses to run.
also, Apple removed the API for detecting jailbreaking. Read here on ars
If that would be possible using a public API, there wouldn't be any problem using jailbreaked iPhones, would there. Every app (including the OS) could just use that API...
It's impossible to verify that your app is running only on a non-jailbroken device. Unfortunately there's nothing you can check.
There are a few tricks you can use to determine programmatically if your app has been pirated, but they're far from foolproof; the most you can really do is determine if your app was pirated using the most common automated pirating techniques. Anyone really determined to pirate it can ensure your app doesn't know it's been pirated even if you use the techniques.
I wouldn't invest time in such things cause sooner or later "they" will find a way to run your App on a jailbreaked iOS device.
Instead take this time and develop more unique feature. Feature people are glad to have and even they pirated your App they will pay for it.
Yeah I know this sounds ridiculous but I think quality software will find honest buyers.
I know this answer doesn't answer your question and I want to add that iOS doesn't have a API to check if the device is jailbroken.
I hope I could help.
As the other answers say, there's no full-proof way of blocking piracy on your apps. I have a couple of apps that have been pirated and, truth be told, I was kind of happy to see that. Unless these people hack every single app on the App Store, it made me feel a little proud that someone had decided my apps were worth pirating. Almost a "yup, I've made it" kind of feeling. :)
Related
After making an update to an iPad app I released some time ago, I've been getting reports that people are unable to actually update the app without deleting and re-installing. However, as far as I know, nothing in the update should be causing this. (All the update deals with is letting people email PDF documents, nothing major.) When people attempt to update, they're asked for their iTunes password, but after entering it, it merely goes back to the update screen and nothing happens. Additionally, it would seem that this only happens with my app, the people in question aren't having any issues with the other various apps on the App Store. Does anyone know what might be causing this and how I could fix it?
Thanks in advance!
(Also, if it matters, the app is a custom B2B app, the general public can't purchase it.)
I'm removing the text of my answer because it's so inaccurate it's embarrassing. I mistook "B2B" for "Enterprise" and answered based off of that. To make up for it, I'll look into the problem a bit more and if I find anything I will edit this answer accordingly.
Edit:
Okay, I can see why you put a bounty for this question on SO; there's not really any data on a problem like this anywhere. Frankly, there's not much available information on B2B in general. I'll post what I found anyway, in case it can be of any help to you.
I found the details reason behind Maggie's question, there. Per Editing and Updating App Information:
Updates keep the same Apple ID and bundle ID, which means they are
associated with your first version and free to your customers
Also, apparently, "You can't change the CFBundleIdentifier of a released app if you want to release updates for it, the App Store will automatically reject it when you upload." which is something I can vouch for, having experienced this with a normal app. I do know that for a B2B app you do have to submit it to Apple for review, but I can't tell from the documentation I found if you need to actually submit it to the App Store, so it may not go through the various checks that normal apps go through, so this could be your problem.
Aside from that, according to the VPP guide, if your customers are installing the apps on the devices with Apple Configurator (broken right now, per app store reviews) the updates also have to be done with the Configurator. You haven't said that Configurator was involved, but I did find this tidbit.
• Use Apple Configurator to install apps on new or supervised devices.
Apple Configurator on a Mac makes it easy to mass configure and deploy
devices that are centrally controlled. Redemption code spreadsheets
acquired through the Volume Purchase Program can be imported by Apple
Configurator, tracking the number of apps installed on each device. To
update deployed apps using Apple Configurator, you must reconnect to
the same Mac from which the apps were installed. Learn more at
itunes.apple.com/us/app/apple-configurator
Anyway, good luck. Wish I could be more help.
What you are describing (assuming that it is accurate) would certainly be a bug on Apple's side. If users are trying to update the app and the update is not being processed, then in one way or another that is a bug that Apple needs to address. Nothing that you do as a developer should be able to cause that situation to happen. I would suggest contacting Apple and possibly filing a bug report.
It seems that apple wants you to develop the Iphone apps in the latest build. Sometimes this cause issues between realeases (diferent versions of Itunes, OSX, IOS, etc) when you try to update your apps.
Try to publish the app in the latest version of xcode.
That happens a lot in iphone development testing.
Hope this help.
When updating an app, iOS looks for the bundleId and if there is another app with the same bundleId, it updates the app with the highest version number. Maybe the version number is not set correctly or maybe people have issues because an other app (from the AppStore or an other B2B app) have the same bundleID but a higher version number.
I'm by far not an iPhone expert, but it seems something related might have been fixed in iOS 6.0.1.
Fixes a bug that prevents iPhone 5 from installing software updates
wirelessly over the air
I'm wondering if there are some ways to check if my application is hacked?
I mean, I don't really want to prevent my application from hacking, but I would like to list all iPhone (UUID) that use my hacked application.
Check out mtiks. They do free piracy monitoring, but you'll have to re-release your app to the appstore. If you don't have anything setup currently, you're not going to be able to tell who's using it.
Check to see if encryption was removed from you app bundle or any other changes were made.
If you don't prevent your app from being cracked by any different behavior, such as not working, this makes your detection code much harder to find.
If you wanted to avoid the agreement to use the iPhone SDK, you'd have to not use it.
If you don't want to jailbreak, you have one option:
Web app
I'm not sure what the toolchain is on the jailbreak side, but I suspect you may be able to avoid the official SDK that way, but, obviously, you've cut your potential market by at least 90%.
Even if you would successfully avoid the SDK and the agreements that come along with it, you'd have to agree to the app store terms of use once you'd like to submit something. Same goes for development certificates, mobile provision profiles,...
So, the best answer to your question propably would be: I wouldn't, and you shouldn't.
I am going to ask users on public forums to take part in my app beta testing using ad-hoc method. So if user interested in testing/reviewing he sends me UUID and I send him app binary.
The main question: is it safe to give anyone app binary file? I heard some terrible stories on Apple iphone developer forums that some guy found his app published someone else using another company name and different icon. So the app was absolutely the same except company name and graphics. He told that someone else got his app binary, cracked it and post it on appstore for profit.
So is it possible to steal my app and publish it on appstore if I give my app binary using ad-hoc?
thx
Yes, as it is possible for the same to occur for apps that are in the app store.
There are tools that can unpack the signed binaries which can then be repacked.
In the same light, someone could crack Visual Studio to show a different company name and then release it as their own.
In both cases, there are serious legal ramifications, and in both cases it is actually very rare to occur.
In the case of iPhone apps, it is very unlikely someone would want to bother stealing your app. If you really think there is a risk, I wouldn't recommend sending ad-hoc copies to random people you don't know.
While it is technically possible, (IANAL) I believe such an act is a violation of the DMCA, giving you legal ground to go after them, any and all profits they make off of what they stole, etc.
If you feel that threatened, you can add an "expiration system" to your app. Check if the date is later that, say November 2009 and kill it. I don't think someone will go into the trouble of removing your code signing, signing it with his own identity after he has cracked the expiration failsafe. You app should be pretty awesome.
I've never heard of code that can't be decompiled/disassembled. I guess this applies to iPhone as well. So yes.
Yes, technically they can take the binary and resign it using their keys. They could do that either to install it on their device, or submit it to the store.
They won't have the source, so making any sort of fixes or changes (including to deal with a submission rejection) would be remarkably difficult, and it should not be to hard to prove a copyright violation and get it taken down (though you might need to pay some lawyers).
At the end of the day I wouldn't worry about it... this sort of thing just doesn't happen in practice.
Can you show me how to deploy/debug and iphone application using xcode but without having to pay 99$. I'm doing this for the study purpose.
I've seen a guide which help to deploy iphone application to iPhone device(e.g: http://www.vinodlive.com/2009/01/16/how-to-deploy-an-iphone-application-without-an-idp-membership/). However this guide doesn't help me to run/debug the application using Xcode, so it's quite inconvenient.
Some of my friends said that it's possible to run/debug iphone app to iPhone device using XCode and without IDP membership.
Thanks in advance.
If you intend on developing for the app store ever, I would pay the fee. If you can write, and get accepted, a halfway decent app, you'll have little trouble earning back that 99 bones of initial investment.
I wouldn't wait ~two weeks to have an app reviewed for the store if it had only been tested on a jailbroken iphone using some hack. Too risky...
Apple designed the system the way they did to protect developers from piracy. It's inconvenient because you're not supposed to do it.
I'm not trying to say that you're doing something wrong or illegal, but you're just trying to bypass something that is in place to stop app-theft :)
While not really a good thing, your best bet may be to jailbreak your phone. This will void your warranty and I'm pretty sure a kitten somewhere will die because another iPhone has been jailbroken.
Your stated goal is to debug on a device using XCode without paying $99 to Apple:
Assuming it's for quasi-official study purposes and you can find a cooperative university instructor to sponsor you or undertake some kind of directed study, you could try the iPhone Developer University Program.
It's 'free,' but my guess is that the required hoops and time would make the $99/year for the regular program seem pretty reasonable. (I think the same goes for any jailbreaking solution, but I do remember what it was like to have neither a salary nor any competing demands on my time).