Piracy !!!

This is one of the biggest issues that we face today. To be honest, everyone has at some point, knowingly or unknowingly indulged in this activity, not the sword swishing high seas buckling types but the one that involves duplications of a media electronically.

This will not teach you how to Pirate software, but is more of an article for Developers on a major concern, area that they might not be aware of.

First things first, Piracy is illegal and a crime in most of the countries. There are strict penalties on individuals that do so. I can recollect at Universities, it used to be called the underground LAN, this was a peer to peer network of computers sharing tv rips of most TV shows, movies, and softwares, however this was on a private network usually not even the 192.168.x.x types but the 10.0.x.x type to accommodate the university wide users. I am not sure if this was really that harmful as most of the shows were off a DVR from TV broadcast and these days the TV stations themselves host the episodes for users to catch up on what they might have missed.

The issue that still remains is the larger issue software piracy. However Apple created a new ecosystem, the App store first for the Mobile devices, then for the Mac OSX based Apps, which incidentally have celebrated a year of existence and millions of dollars worth of transactions. Most developers and testers know how difficult it is to have their software installed on to a device and they struggle with the provisioning profile. I must admit, since I never had to really look at the dark side of things, I did not know that if an iOS device was jailbroken, the provisions did not matter anymore. Someone could just install an app to the jailbroken device.

I had seen a few developers on a few development forums talk about the spikes they noticed in their app usage but the payments did not quite match that spike, so either they were being short changed or... the app was being pirated, installed on a Jailbroken device.

I had an article a couple of days/weeks ago that spoke about how you can share your apps with other developers without having to recreate provisioning profiles with those device UIDs. This is a legit way since developers would want to retain those 99 seats that they get for other client projects and there are times when they would want to take on board several more developers for testing, but do not have enough seats to accommodate them. So the app that I created would allow the developers to sign the app with their signature thereby making it valid for them to install on their devices. Saving the app developer from issuing out a license to a testing developer.

However this was fine as it would not allow for piracy, it did not change the distribution signatures, but I was made aware of two such apps that exist that would allow users to install a *stolen* app onto their devices by changing the certificate to one of yours. thereby authorizing your device that is NOT jailbroken to install and use that app.

I could not help but have a look at this, I found that the two apps that help with this activity are iResign and iModSign plus there was a service that would provide a certificate based off the UDID of your device that could be used to generate the certificates for a fee of I think it was $15.

My point, as a developer, if you have an app on the store, you are definitely aware of the number of hours that you put in making the app, the apps can have bugs, and fixing those takes more of your time, some do this after hours as a second job/hobby some do this for a living, all in all the bottom line is that this is a substantial investment on the part of the developer. Now it goes online and some person takes the effort to buy your app, mostly, you as a developer are a person that many would not have heard of or known, had Bubble Ball not sold those many copies, no one would ever have known or would be interested in Robert Nay. Following suit, other people start to buy the app, some like it or hate it and leave a rating, some out of spite, some genuinely, some developers (you can start to see this pattern soon) write their own 5* rating, generally the first of the second positive comment. Others read this and decide that his is worth a try. So the app starts to sell, that is how you cold get some of your investment back from the App store. Now there are a whole lot of people that hear about your app and are interested in getting a copy of your app. I must say that unless you have a lot of money to spare, it is difficult to have many apps (thank god for the sites that offer an app for free either daily, weekly or monthly) And also because I run a site called ReviewMe, I do get promo codes for the apps, at least one of which we try to give to the readers, i.e. you.

So how these other users get their apps are off a site, I do not think it is wise to provide you with the name of the site here) that offers the complete package of the app ready for download. This package (.ipa file) is what you would upload as a developer to the iTunes store, this ips file is extracted, mangled and resigned and then repackaged into a ipa for uploading to a non jailbroken iOS device.

It is sad to see such an activity taking place specially since it affects the developers that put everything into making an app, they spend countless hours after work, or away from family for that one ray of light/hope that they can reach the top, maybe make the next angry birds.

Now for those that do not make apps for the app store but rely on developing apps for a living be aware that if your client is getting an internal app made for their organisation, they can use these *illegal* methods, and get the apps working on their devices, so while you might have given them a copy for testing that will work on only a single device, they can effectively (of course using the wrong and illegal means) start to use the app.

To which my closing thoughts are, if you were to reach somewhere at 9:00 and reach there at 9:01, you are NOT late by a minute but you are simply late. Similarly, if you pirate an app, it doesn't matter what the reasons were, even if you wanted to test it before purchasing it and then forgot, it is still piracy and illegal. In terms of development contracts, I thought this would add my two bits, if you have had any such experiences of know of such incidents, please share it with the others.

Here in Australia there is a scheme called Layby or Rainchecks, what it means is that you can (if the store allows) put aside a product (book it) for your and keep paying for it in smaller installments, when the full amount is reached, you can collect the same. So even though you are paying for it periodically, you are not the rightful owner of the product and can only collect it and gain ownership when the full payment has been made. So when you are contracting, you own the product as the client is paying you in bits and pieces and they get the right of ownership only when the full payment is made. However in contracting there is one more thing that is in play which is that the client gets ample opportunity to test the product and request for changes/bug fixes if they find any. Now if the client tries to stiff you by not wanting to pay and steals the product by using such methods as described above, it is indeed a criminal offense that they are committing, it is similar to breaking into the store to pick up the layby item just because they have put some money against it. This is still not such a common occurrence as there are very few such clients that would swoop to such lows.

The idea was that developers beware, be it that sole kid/player that wants to pirate your game or the client that does not want to pay anymore and have the app for free, though you might rely on the wonderful protection scheme from Apple to protect your apps, they are still open to abuse and misuse. The only question that arises is at what point does this be looked at as a harmless activity and when does it become a crime? And should someone that steals your work be treated as a hacker/cracker and a fun user or a criminal akin to one that breaks into a store to steal the stuff because they want it and cannot or do not want to pay for it?


I recollect the earlier methods in the late 80's and the early to mid 90's the methods that people employed to bypass the protections was to change the dates on the devices, that way the system would rely on comparing the current date with the date on the software or the last run date. It has definitely come a long way from exploiting those little things, however I was surprised to read that the Camera on the iPhone works on a similar test, so if you set the date on your iOS device to an earlier date and then go to the camera from the lock screen, you can view all the images which otherwise are protected by the iOS device based on the dates the pictures were taken and the system date.

your comments are most welcome on this topic. And if you have seen your app being pirated or have had some incidents of clients stiffing you and would like to share with others, please do so here. Lastly if anyone has found a way to prevent this from happening, I am sure the community would like to hear how you can prevent this piracy of your apps.

Comments

Popular Posts