How can I determine if DRM was removed from iPhone application bundle (to protect it from piracy)?
I have an iPhone app which integrates with a third party web service. I use the technique described in this question to find pirates and then have the app "phone home" with the user's device ID and user ID for the web service (I haven't done anything with this information yet, but I was thinking about contacting them and asking them nicely to purchase my app).
In addition, once a user has used my app for a certain amount of usage, I limit functionality and direct the pirates to the App Store for full functionality.
To my knowledge, there's only one way to remove DRM: Crackulous.
So to find out what to look for in a cracked application, I would run Crackulous on your app and compare the app bundles. It should be fairly easy to determine what's been changed by looking at filesizes and running a diff on the files in the bundle.
Once you know what the changes are and to what file(s), just look for those changes in your application to determine if the application has been cracked.
If you find out exactly which files should be checked, please post your findings here so others can benefit from your research.
My previous Stack Overflow question may help you out: Reducing piracy of iPhone applications
Its probably worth pointing out that there are no casual "pirates". Casual users cannot download your app from the app store without buying it. All the DRM-removal schemes require to be run on a legitimately purchased copy.
As to looking at the bundle for changes, as I recall all you need to do is step through the link-loader commands and ensure that the code bundle is still tagged as encrypted. No need to compare it with anything. You'll need to read about Mach-O file format to do this, but thats not difficult, its all documented on developer.apple.com
Related
I was wondering if anyone has any experience with uploading applications.
At the moment we have an application without any leaks, and how hard we even try to create a crash, in both the simulator and the actual device it just wont let us crash it.
Now we're curious if there are any other developers out there that has been in the same situation and sent their applications to the app store and what the actual outcome was. As we're very cautious and dont want to waste our company's resources we'd like to get as much feedback as possible and cover everything before submitting to the app store.
Please feel free to share.
Thanks in advance!
Ensure you don't use any undocumented API's immediate fail.
Follow the Apple criteria and make sure your app fits their restrictions....
Check my post App Store Approval which contains a link to the criteria....
Good work having a thoroughly tested app and I admire your desire to ensure your submission is pain-free. Good luck!
If it does want you want, and you are happy with the amount of testing you've put in it..and it follows Apple's app store guidelines, I'd say its ready for the app store. Quite a large number of apps have huge glaring bugs, so if yours never crashes (doubt this), you are one of the very few.
Also, the process only takes about a week, so I wouldn't say its the end of the world if it somehow gets rejected or you find a bug later.
You can create an ad hoc build and send the application to some iPhone users and ask them for feedback on application. And if app crashes just get the application logs from itunes.
Apart from running a private beta or adding a crash reporter, there isn't much more to do than checking the App Store Review Guidelines and send your first version.
One issue I ran into is that the plural of a word counts as a whole different keyword. Example, looking up snippet won't return applications tagged snippets so be sure to include both of them.
Sir i had developed an iphone application and released on cydia, which i seen it to be cracked in with in a day, later i came to know about the DRM , can any one please help me how to intehgrate DRM with my application
Thanks in advance
I agree with BoltClock, its semi-pointless to have app protection in your app, I have several in Cydia. With my largest app, I do have my own implementation of "security". I wont give away my secret, but there's a way you can check against the Cydia Store API to see if your app has been legitimately purchased. Get with Jay Freeman (saurik) on how to obtain the API for this. He has written up a few guides on his backend API for Developers to check if the app has been purchased.
Alternatively, you can provide a "Free" version of your app, or a "Trial" to allow users to try your app, and if they like it, they can buy it.
A time-sensitive feature may be useful too, that is something you can look into.
This link shows a video where an app upgrade is "forced" from within the app itself:
http://buzzworks.de/blog/update-ios-beta-apps-from-within-the-app
The App Store is not called in and it's said to work only for AdHoc
apps.
Anyone knows how is this possible?
edit: please give a look to the video before answering. AdHoc apps are signed by the developer and they do not come from the App Store. This sort of forced update is useful when doing beta testing and in enterprise applications.
I've found that it's all explained here:
http://developer.apple.com/iphone/library/featuredarticles/FA_Wireless_Enterprise_App_Distribution/Introduction/Introduction.html
The developer should create an .ipa with the app and a manifest in plist format with the URL to the .ipa and a few other things.
The app can optionally implement its own way to find if an update is available and open
the URL to the manifest.
I didn't it's really possible because the app has to somehow sign itself. The best I can think of right now is that the app is not signed?
You can always force people to go to the app store when a new version is out. Simply make the app connect to a webservice first. Other solutions are not accepted by Apple, or will quite simply not work because of other issues (signing is one of many).
You could also design your app in such a way that forced updates are never a requirement. You can load your user interfaces from the web (Apple has presented some valuable information about that during the previous WWDC), your data can come from the web, and if there is any other correction to do just ensure your app is backwards compatible.
That's how the app store works. And it never requires a 'forced update' ... Well, almost never ;-)
Is there a way to confirm (programmatically) that the application was purchased from AppStore?
Or, maybe, there is a way to get a list of devices IDs from AppStore that purchased my app?
The reason is the willing to determine if the application was legally purchased or not...
I know that there is a way to know that the in-app purchase took place.
Maybe I can check for a paid app purchase too?
The solution may be inside the iPhone app or some check in server side.
The application that I develop is about to get a content from the web server.
Usually (by browsing my client's site) this content is not free and he wants to be sure that users that get the content by using an iPhone app (that I develop) did pay for the app.
Check out these related questions:
Iphone App store - Verifying paid customer
How to programmatically determine if DRM was removed from iPhone application?
Determining if an iPhone is Jail broken Programmatically
My previous Stack Overflow question may help you out: Reducing piracy of iPhone applications
No, but see this related question for information on how to potentially detect that your app has been tampered with in order to allow it to run as a bootleg.
The in-app-purchase-style verification has struck me as a good way to do this, but Apple doesn't currently support it. It might be worth a bug report.
I don't know of anyway of "confirming that the application was purchased from the appStore". I don't think there's any bit that's flipped or "thing" you can check to see.
Sorry.
But if you do learn of such a thing, let me know.
I want my application to be unsearchable from the App Store. I would like that only those users who sign in to my web site and then click the link of my iPhone application on app store, can install and use my application.
Is there any way to do that?
To hide your application you have to remove all the App Store countries in iTunes Connect:
Go in Manage your Applications > [Your Application Name] > Rights and Pricing
Click on "Deselect All" App Stores and "Save". The Application will change state to "Developer Removed".
To get it back on the App Store, choose the countries where you want it publish.
PS: it might take more than some hours for changes to be reflected on the App Stores.
Your application will be found when they search for the name of the app or your name. There's no special option in iTunes Connect to hide your app.
While your application will be found when searched for, as long as it's not installed in large numbers, it won't show up in the top 50 lists. Which kind of is the same.
Tip: don't specify any keywords when registering your app, as these will improve the "searchability".
Edit: you might want to implement some kind of authentication in your app, so users who do have installed your app need to register first, before they can actually use it. Relying on your app not being found, isn't very "clean".
I think, without meaningful keywords your app should vanish amongst the 99.999 other apps.
As an alternative you could let everyone (search and) download the app and disable it until the user signed in.
You can also use in-house-distribution with the enterprise program (see here).
Apple sells special developer licenses if you want to control the installation. They are meant for Enterprises to develop and deploy applications for only their use. Here's an article about it:
http://www.infoworld.com/t/platforms/new-iphone-enterprise-developer-program-299-musings-about-iphone-app-licensing-648
Since iTunes Connect has been redesigned a bit, go to My Apps > Select your app > Pricing and Availability > Availability (2nd section) > Select Remove from sale.
The best bet is to use obscure keywords on submission along with an obscure app name.
Not sure if this is going to work, but it may be worth a try:
You can set the release date of the application to the future. This removes the app from the catalog, which is a common way to remove an app temporarily (e.g. when it has problems) until an update appears.
However (this is possibly the catch) I don't know if the app will then be still available for sale via link or if the link will become unusable too.
if i were you i'd implement a "key generator", which will produce a serial that will be used to activate your application. this key generator would be free to access on your site, so whoever downloads your application through your site, would know what to do.
for those who access the application through itunes, i would also place a small text which basically says that you need to visit your site to generate a key. this way, you'd ensure that anyone who has access to your site has access to your app, and whoever finds your app will access your site.
this is i think hack proof by definition as well because noone would bother hacking it, would they? you basically give away your own serial generator for free, so it defeats the whole purpose of hacking. im assuming your concern is site traffic though.