I'm wondering if there are some ways to check if my application is hacked?
I mean, I don't really want to prevent my application from hacking, but I would like to list all iPhone (UUID) that use my hacked application.
Check out mtiks. They do free piracy monitoring, but you'll have to re-release your app to the appstore. If you don't have anything setup currently, you're not going to be able to tell who's using it.
Check to see if encryption was removed from you app bundle or any other changes were made.
If you don't prevent your app from being cracked by any different behavior, such as not working, this makes your detection code much harder to find.
Related
I have a simple iPhone app, mostly table views, map views and other standard stuff. When I change the project settings to make it universal, everything works fine after a few small tweaks. So the iPad version looks just as a big iPhone app.
Definitely, the app will look better if I use some split views, pop-ups and generally rework the UI to look better on the iPad. But I wonder - will Apple review team accept a universal app that is basically just an enlarged version of the iPhone app?
As long as you explain what's changed when you do an update submission (e.g. "now with an iPad-friendly User Interface!"), Apple should accept your update no problem.
What are you afraid of? That Apple would give you a reason for rejection? Just do it, and if you get feedback make the necessary changes. Even if Apple is control freak #1 and a humbling power monster megacorp, I'd be much more worried about it being published and USERS not approving it. :)
iPad users can download and run your iPhone app just the way it is and get the same results either way. From any non-marketing point of view, what would be the advantage to calling it 'Universal' with no changes?
Btw, I've submitted the app without any changes, and it was accepted without any problems.
I was wondering if anyone has any experience with uploading applications.
At the moment we have an application without any leaks, and how hard we even try to create a crash, in both the simulator and the actual device it just wont let us crash it.
Now we're curious if there are any other developers out there that has been in the same situation and sent their applications to the app store and what the actual outcome was. As we're very cautious and dont want to waste our company's resources we'd like to get as much feedback as possible and cover everything before submitting to the app store.
Please feel free to share.
Thanks in advance!
Ensure you don't use any undocumented API's immediate fail.
Follow the Apple criteria and make sure your app fits their restrictions....
Check my post App Store Approval which contains a link to the criteria....
Good work having a thoroughly tested app and I admire your desire to ensure your submission is pain-free. Good luck!
If it does want you want, and you are happy with the amount of testing you've put in it..and it follows Apple's app store guidelines, I'd say its ready for the app store. Quite a large number of apps have huge glaring bugs, so if yours never crashes (doubt this), you are one of the very few.
Also, the process only takes about a week, so I wouldn't say its the end of the world if it somehow gets rejected or you find a bug later.
You can create an ad hoc build and send the application to some iPhone users and ask them for feedback on application. And if app crashes just get the application logs from itunes.
Apart from running a private beta or adding a crash reporter, there isn't much more to do than checking the App Store Review Guidelines and send your first version.
One issue I ran into is that the plural of a word counts as a whole different keyword. Example, looking up snippet won't return applications tagged snippets so be sure to include both of them.
I am an iPhone developer, I am doing a project. For security reasons, I must make sure my app run on a no jailbreak iPhone. I want to know how to check it use public API.
Thanks very much!
No API exists to perform such a check.
Jailbreaking a device (using any of the various forms of jailbreaking) only needs to touch files which are outside an application's sandbox. Attempting to inspect them therefore carries a risk that your app will be rejected. Even if you can inspect them you have no way to differentiate a change due to jailbreaking from a change due to an OS update.
Finally please be aware that a jailbroken device does not necessarily mean the user has pirated your app. Users of jailbroken devices are free to purchase and install apps via iTunes just like anyone else and are likely to be rightly unhappy if your app refuses to run.
also, Apple removed the API for detecting jailbreaking. Read here on ars
If that would be possible using a public API, there wouldn't be any problem using jailbreaked iPhones, would there. Every app (including the OS) could just use that API...
It's impossible to verify that your app is running only on a non-jailbroken device. Unfortunately there's nothing you can check.
There are a few tricks you can use to determine programmatically if your app has been pirated, but they're far from foolproof; the most you can really do is determine if your app was pirated using the most common automated pirating techniques. Anyone really determined to pirate it can ensure your app doesn't know it's been pirated even if you use the techniques.
I wouldn't invest time in such things cause sooner or later "they" will find a way to run your App on a jailbreaked iOS device.
Instead take this time and develop more unique feature. Feature people are glad to have and even they pirated your App they will pay for it.
Yeah I know this sounds ridiculous but I think quality software will find honest buyers.
I know this answer doesn't answer your question and I want to add that iOS doesn't have a API to check if the device is jailbroken.
I hope I could help.
As the other answers say, there's no full-proof way of blocking piracy on your apps. I have a couple of apps that have been pirated and, truth be told, I was kind of happy to see that. Unless these people hack every single app on the App Store, it made me feel a little proud that someone had decided my apps were worth pirating. Almost a "yup, I've made it" kind of feeling. :)
This link shows a video where an app upgrade is "forced" from within the app itself:
http://buzzworks.de/blog/update-ios-beta-apps-from-within-the-app
The App Store is not called in and it's said to work only for AdHoc
apps.
Anyone knows how is this possible?
edit: please give a look to the video before answering. AdHoc apps are signed by the developer and they do not come from the App Store. This sort of forced update is useful when doing beta testing and in enterprise applications.
I've found that it's all explained here:
http://developer.apple.com/iphone/library/featuredarticles/FA_Wireless_Enterprise_App_Distribution/Introduction/Introduction.html
The developer should create an .ipa with the app and a manifest in plist format with the URL to the .ipa and a few other things.
The app can optionally implement its own way to find if an update is available and open
the URL to the manifest.
I didn't it's really possible because the app has to somehow sign itself. The best I can think of right now is that the app is not signed?
You can always force people to go to the app store when a new version is out. Simply make the app connect to a webservice first. Other solutions are not accepted by Apple, or will quite simply not work because of other issues (signing is one of many).
You could also design your app in such a way that forced updates are never a requirement. You can load your user interfaces from the web (Apple has presented some valuable information about that during the previous WWDC), your data can come from the web, and if there is any other correction to do just ensure your app is backwards compatible.
That's how the app store works. And it never requires a 'forced update' ... Well, almost never ;-)
I am going to ask users on public forums to take part in my app beta testing using ad-hoc method. So if user interested in testing/reviewing he sends me UUID and I send him app binary.
The main question: is it safe to give anyone app binary file? I heard some terrible stories on Apple iphone developer forums that some guy found his app published someone else using another company name and different icon. So the app was absolutely the same except company name and graphics. He told that someone else got his app binary, cracked it and post it on appstore for profit.
So is it possible to steal my app and publish it on appstore if I give my app binary using ad-hoc?
thx
Yes, as it is possible for the same to occur for apps that are in the app store.
There are tools that can unpack the signed binaries which can then be repacked.
In the same light, someone could crack Visual Studio to show a different company name and then release it as their own.
In both cases, there are serious legal ramifications, and in both cases it is actually very rare to occur.
In the case of iPhone apps, it is very unlikely someone would want to bother stealing your app. If you really think there is a risk, I wouldn't recommend sending ad-hoc copies to random people you don't know.
While it is technically possible, (IANAL) I believe such an act is a violation of the DMCA, giving you legal ground to go after them, any and all profits they make off of what they stole, etc.
If you feel that threatened, you can add an "expiration system" to your app. Check if the date is later that, say November 2009 and kill it. I don't think someone will go into the trouble of removing your code signing, signing it with his own identity after he has cracked the expiration failsafe. You app should be pretty awesome.
I've never heard of code that can't be decompiled/disassembled. I guess this applies to iPhone as well. So yes.
Yes, technically they can take the binary and resign it using their keys. They could do that either to install it on their device, or submit it to the store.
They won't have the source, so making any sort of fixes or changes (including to deal with a submission rejection) would be remarkably difficult, and it should not be to hard to prove a copyright violation and get it taken down (though you might need to pay some lawyers).
At the end of the day I wouldn't worry about it... this sort of thing just doesn't happen in practice.