I am going to ask users on public forums to take part in my app beta testing using ad-hoc method. So if user interested in testing/reviewing he sends me UUID and I send him app binary.
The main question: is it safe to give anyone app binary file? I heard some terrible stories on Apple iphone developer forums that some guy found his app published someone else using another company name and different icon. So the app was absolutely the same except company name and graphics. He told that someone else got his app binary, cracked it and post it on appstore for profit.
So is it possible to steal my app and publish it on appstore if I give my app binary using ad-hoc?
thx
Yes, as it is possible for the same to occur for apps that are in the app store.
There are tools that can unpack the signed binaries which can then be repacked.
In the same light, someone could crack Visual Studio to show a different company name and then release it as their own.
In both cases, there are serious legal ramifications, and in both cases it is actually very rare to occur.
In the case of iPhone apps, it is very unlikely someone would want to bother stealing your app. If you really think there is a risk, I wouldn't recommend sending ad-hoc copies to random people you don't know.
While it is technically possible, (IANAL) I believe such an act is a violation of the DMCA, giving you legal ground to go after them, any and all profits they make off of what they stole, etc.
If you feel that threatened, you can add an "expiration system" to your app. Check if the date is later that, say November 2009 and kill it. I don't think someone will go into the trouble of removing your code signing, signing it with his own identity after he has cracked the expiration failsafe. You app should be pretty awesome.
I've never heard of code that can't be decompiled/disassembled. I guess this applies to iPhone as well. So yes.
Yes, technically they can take the binary and resign it using their keys. They could do that either to install it on their device, or submit it to the store.
They won't have the source, so making any sort of fixes or changes (including to deal with a submission rejection) would be remarkably difficult, and it should not be to hard to prove a copyright violation and get it taken down (though you might need to pay some lawyers).
At the end of the day I wouldn't worry about it... this sort of thing just doesn't happen in practice.
Related
After making an update to an iPad app I released some time ago, I've been getting reports that people are unable to actually update the app without deleting and re-installing. However, as far as I know, nothing in the update should be causing this. (All the update deals with is letting people email PDF documents, nothing major.) When people attempt to update, they're asked for their iTunes password, but after entering it, it merely goes back to the update screen and nothing happens. Additionally, it would seem that this only happens with my app, the people in question aren't having any issues with the other various apps on the App Store. Does anyone know what might be causing this and how I could fix it?
Thanks in advance!
(Also, if it matters, the app is a custom B2B app, the general public can't purchase it.)
I'm removing the text of my answer because it's so inaccurate it's embarrassing. I mistook "B2B" for "Enterprise" and answered based off of that. To make up for it, I'll look into the problem a bit more and if I find anything I will edit this answer accordingly.
Edit:
Okay, I can see why you put a bounty for this question on SO; there's not really any data on a problem like this anywhere. Frankly, there's not much available information on B2B in general. I'll post what I found anyway, in case it can be of any help to you.
I found the details reason behind Maggie's question, there. Per Editing and Updating App Information:
Updates keep the same Apple ID and bundle ID, which means they are
associated with your first version and free to your customers
Also, apparently, "You can't change the CFBundleIdentifier of a released app if you want to release updates for it, the App Store will automatically reject it when you upload." which is something I can vouch for, having experienced this with a normal app. I do know that for a B2B app you do have to submit it to Apple for review, but I can't tell from the documentation I found if you need to actually submit it to the App Store, so it may not go through the various checks that normal apps go through, so this could be your problem.
Aside from that, according to the VPP guide, if your customers are installing the apps on the devices with Apple Configurator (broken right now, per app store reviews) the updates also have to be done with the Configurator. You haven't said that Configurator was involved, but I did find this tidbit.
• Use Apple Configurator to install apps on new or supervised devices.
Apple Configurator on a Mac makes it easy to mass configure and deploy
devices that are centrally controlled. Redemption code spreadsheets
acquired through the Volume Purchase Program can be imported by Apple
Configurator, tracking the number of apps installed on each device. To
update deployed apps using Apple Configurator, you must reconnect to
the same Mac from which the apps were installed. Learn more at
itunes.apple.com/us/app/apple-configurator
Anyway, good luck. Wish I could be more help.
What you are describing (assuming that it is accurate) would certainly be a bug on Apple's side. If users are trying to update the app and the update is not being processed, then in one way or another that is a bug that Apple needs to address. Nothing that you do as a developer should be able to cause that situation to happen. I would suggest contacting Apple and possibly filing a bug report.
It seems that apple wants you to develop the Iphone apps in the latest build. Sometimes this cause issues between realeases (diferent versions of Itunes, OSX, IOS, etc) when you try to update your apps.
Try to publish the app in the latest version of xcode.
That happens a lot in iphone development testing.
Hope this help.
When updating an app, iOS looks for the bundleId and if there is another app with the same bundleId, it updates the app with the highest version number. Maybe the version number is not set correctly or maybe people have issues because an other app (from the AppStore or an other B2B app) have the same bundleID but a higher version number.
I'm by far not an iPhone expert, but it seems something related might have been fixed in iOS 6.0.1.
Fixes a bug that prevents iPhone 5 from installing software updates
wirelessly over the air
I was wondering if anyone has any experience with uploading applications.
At the moment we have an application without any leaks, and how hard we even try to create a crash, in both the simulator and the actual device it just wont let us crash it.
Now we're curious if there are any other developers out there that has been in the same situation and sent their applications to the app store and what the actual outcome was. As we're very cautious and dont want to waste our company's resources we'd like to get as much feedback as possible and cover everything before submitting to the app store.
Please feel free to share.
Thanks in advance!
Ensure you don't use any undocumented API's immediate fail.
Follow the Apple criteria and make sure your app fits their restrictions....
Check my post App Store Approval which contains a link to the criteria....
Good work having a thoroughly tested app and I admire your desire to ensure your submission is pain-free. Good luck!
If it does want you want, and you are happy with the amount of testing you've put in it..and it follows Apple's app store guidelines, I'd say its ready for the app store. Quite a large number of apps have huge glaring bugs, so if yours never crashes (doubt this), you are one of the very few.
Also, the process only takes about a week, so I wouldn't say its the end of the world if it somehow gets rejected or you find a bug later.
You can create an ad hoc build and send the application to some iPhone users and ask them for feedback on application. And if app crashes just get the application logs from itunes.
Apart from running a private beta or adding a crash reporter, there isn't much more to do than checking the App Store Review Guidelines and send your first version.
One issue I ran into is that the plural of a word counts as a whole different keyword. Example, looking up snippet won't return applications tagged snippets so be sure to include both of them.
I am an iPhone developer, I am doing a project. For security reasons, I must make sure my app run on a no jailbreak iPhone. I want to know how to check it use public API.
Thanks very much!
No API exists to perform such a check.
Jailbreaking a device (using any of the various forms of jailbreaking) only needs to touch files which are outside an application's sandbox. Attempting to inspect them therefore carries a risk that your app will be rejected. Even if you can inspect them you have no way to differentiate a change due to jailbreaking from a change due to an OS update.
Finally please be aware that a jailbroken device does not necessarily mean the user has pirated your app. Users of jailbroken devices are free to purchase and install apps via iTunes just like anyone else and are likely to be rightly unhappy if your app refuses to run.
also, Apple removed the API for detecting jailbreaking. Read here on ars
If that would be possible using a public API, there wouldn't be any problem using jailbreaked iPhones, would there. Every app (including the OS) could just use that API...
It's impossible to verify that your app is running only on a non-jailbroken device. Unfortunately there's nothing you can check.
There are a few tricks you can use to determine programmatically if your app has been pirated, but they're far from foolproof; the most you can really do is determine if your app was pirated using the most common automated pirating techniques. Anyone really determined to pirate it can ensure your app doesn't know it's been pirated even if you use the techniques.
I wouldn't invest time in such things cause sooner or later "they" will find a way to run your App on a jailbreaked iOS device.
Instead take this time and develop more unique feature. Feature people are glad to have and even they pirated your App they will pay for it.
Yeah I know this sounds ridiculous but I think quality software will find honest buyers.
I know this answer doesn't answer your question and I want to add that iOS doesn't have a API to check if the device is jailbroken.
I hope I could help.
As the other answers say, there's no full-proof way of blocking piracy on your apps. I have a couple of apps that have been pirated and, truth be told, I was kind of happy to see that. Unless these people hack every single app on the App Store, it made me feel a little proud that someone had decided my apps were worth pirating. Almost a "yup, I've made it" kind of feeling. :)
The background story:
I work for a company that develops and manufactures a commercial product which can have up to 100+ dedicated PC's in a farm.
We only get a handful of new customers per year.
We developed an iPod/iPhone app that lets us send commands to the farm and pull data. Our parent company has major concerns about putting this app on the AppStore. (I really dont know the details of the paranoia, but I know its probably not a winnable battle).
We planned to distribute the App via Ad Hoc using ONE or TWO new iPods each time we sell a "farm". I have just learned that the Ad Hoc distribution expires after 90 days.
The Question:
Are there any alternatives for permanently loading our app onto an iPod Touch or iPhone without going through the App Store?
Our app has absolutely no use to anyone without our other product. We only plan to load this app on a handful of iPods a year. I doubt this matters, but maybe somebody has another solution?
Apple has an an enterprise distribution program, which might allow what you're trying to do. There's also jailbreaking the iPods. That would let you run unsigned code, so you could build your apps without ad-hoc certs.
I know this post has been marked as answered but i am in the same situation so i though i should share what i have experienced.
There is NO legal solution for this. You can't have an app distributed with out the annoying expiry dates.
I have been onto the ADC support and you can't get an extension on the certificates, you can renew for more than 1 year at a time and they have no interest in helping you.
I have clients who will not let the content of their apps hit the app store. There for they are stuck with sending all the devices back to renew certificates (i know you don't need to xcode etc.. to install the certs but try getting end users to do it...).
I am in the luck situation that i can try send the shell of an app to the appstore and then once verified (i.e. once off login - ssl to our server with the device id and a guid password) the app will download all the sensitive content to the phone.
I don't know if this will work for all apps - i.e. loading classes or libraries dynamically but for me it is only the content that is sensitive.
if anyone would like more info i am happy to talk it over, but i haven't tried getting the app through the store yet. I will try soon, so i can keep you posted if you are interested.
cheers
kle
As of September 2010, Apple has removed the 500-employee requirement. Go nuts!
See my post about setting up an Enterprise Program account (which moderators keep trying to close!):
https://stackoverflow.com/questions/1876333/how-long-does-it-take-to-get-an-iphone-app-into-the-app-store-closed
Issues with getting an Enterprise Program account:
-You need 500 employees.
-You can only provide the app to employees.
Make sure you check the detailed terms and conditions of using Ad Hoc distributions to be sure you are allowed to distribute them as you are doing. On the face of it you are probably okay (Apple link here), but worth checking the fine print. I know the Enterprise Program had a lot of fussy fine print, e.g. needing procedures to recover apps from employees when they leave the company, etc.
If you jailbreak the iTouch/iPhone then you can easily disable Apple's code signing checks. You can then build your app and load it onto the device as normal without worrying about expiry or anything else.
The only problem is that jailbreaking on newer batches of the 3GS is not particularly end-user friendly. For something to give to a client I think you would need to stick with the iTouch.
Can you show me how to deploy/debug and iphone application using xcode but without having to pay 99$. I'm doing this for the study purpose.
I've seen a guide which help to deploy iphone application to iPhone device(e.g: http://www.vinodlive.com/2009/01/16/how-to-deploy-an-iphone-application-without-an-idp-membership/). However this guide doesn't help me to run/debug the application using Xcode, so it's quite inconvenient.
Some of my friends said that it's possible to run/debug iphone app to iPhone device using XCode and without IDP membership.
Thanks in advance.
If you intend on developing for the app store ever, I would pay the fee. If you can write, and get accepted, a halfway decent app, you'll have little trouble earning back that 99 bones of initial investment.
I wouldn't wait ~two weeks to have an app reviewed for the store if it had only been tested on a jailbroken iphone using some hack. Too risky...
Apple designed the system the way they did to protect developers from piracy. It's inconvenient because you're not supposed to do it.
I'm not trying to say that you're doing something wrong or illegal, but you're just trying to bypass something that is in place to stop app-theft :)
While not really a good thing, your best bet may be to jailbreak your phone. This will void your warranty and I'm pretty sure a kitten somewhere will die because another iPhone has been jailbroken.
Your stated goal is to debug on a device using XCode without paying $99 to Apple:
Assuming it's for quasi-official study purposes and you can find a cooperative university instructor to sponsor you or undertake some kind of directed study, you could try the iPhone Developer University Program.
It's 'free,' but my guess is that the required hoops and time would make the $99/year for the regular program seem pretty reasonable. (I think the same goes for any jailbreaking solution, but I do remember what it was like to have neither a salary nor any competing demands on my time).