Yesterday the news fell that Apple was finally allowing free iPhone apps to include in-app purchases. Until then, developers who wanted to offer a free trial of their applications had to create 2 versions: a full-featured paid version, and a “lite” stripped-down version with very basic features.

The news was very well welcome, especially by developers who see in this new system a chance to reduce application piracy. Two articles got my attention yesterday as they were insinuating that in-app purchase for free apps was the end of piracy.

From MobileCrunch:

Here’s the trick: while you can crack an iPhone application and throw it up for all to download in a matter of seconds, you can’t fake an In-App purchase receipt. A pretty notable chunk of the In-App purchase process is actually handled on the developer’s server, in addition to Apple’s – so unlike the initial purchase (which devs actually get to know very, very little about), developers know pretty damn well exactly which iPhones should be running which In-App Purchase. Developers have a specific receipt for each in-app purchase, which resides on their server. Faking this would be like tricking Amazon into shipping you a TV that you didn’t pay for.

From TUAW:

Will this help in anti-piracy measures?” Definitely. StoreKit allows developers to validate receipts, ensuring that unlock codes are only sent to paying customers. Add a hash-check algorithm for the current device and developers have better control over who gets to use their applications.

I am not much of a technical person (“StoreKit” and “hash-check algorithm” sound like Chinese to me) but I really doubt that in-app purchase is the end of piracy. If anything, it’s going to start a new era of iPhone app piracy.

To crack an application, you first have to download it. So let’s say I’m a cracker, I download the app, I pay for the in-app purchase that “unlocks” the full-featured app. Now that I have everything, I just need to crack the application and make it available to the general public.

Nothing changes. Maybe the way I crack the application changes. Maybe I have to bypass a few new protections like the StoreKit thing, but in the end, if I have the full application to work on, there will always be a way to trick the app into thinking it is legit.

So to me, in-app purchase will not kill iPhone apps piracy. At best, it will slow it down and instead of getting the cracked version of XYZgame in 2 hours after the release, I’ll get it in 3 hours. At the end of the day, you still get your cracked app.

As I said above, I’m not technical at all and I might be missing something here. I’m interested in hearing what you have to say about it. Do you think in-app purchase will put an end to iPhone app piracy? Why? How? Leave a comment to share your views.

  • Even if you had to be connected to the internet to validate your app every time you ran it, it would still be crackable by an experienced hacker, who could simply remove the parts of the program that check if it was purchased or not. Just the same as they do with copy protection algorithms found on PC games.

    It’s definitely not the end of iphone apps piracy, this will only make it a little bit trickier, that’s all.

  • I think in-app purchase _will_ make life a lot harder for pirates. Because now, you can generate an unlock code specific to the device that actually bought the item. So, what a cracker will get when he purchases the in-app article, is a code that has been generated by my server for this single device. He can’t just move this unlock code onto another device and hope it will still work there. He would have to either write a keygen (very hard if some encryption is added to the unlock code generation) or explicitly hack the app to disable the check for the unlock code, e.g. by disassembling and patching it. This at least involves getting very close to the metal which always needs some effort to be put into.

  • Koma

    Of course it’ll still be possible but I doubt it will be easy enough for any to enjoy.

    The hackers needed like forever to hack iPhone OS 3.1 and they didn’t even manage to unlock it.

    I have paid for all my apps (although I “try them out” in advance) but I can’t even use my latest purchase because it asks for OS 3.1 which I can’t use because I need to unlock the phone.
    Together with the epic appuloha1l fail I think people are losing their nerves with the whole jailbreak scene.

    I know I’ll sell my iPhone 3Gs 32GB soon and get one from Hong Kong instead. As I see it, more people are considering the same.

    • Eric

      The jailbreak for 4.1 was released less than a week after the initial release. The same can be said for 4.2. You just need to know where to look. The team’s grown. Also, JailBreaking is not cracking and not even illegal, so please don’t bring it up.

      • Macro

        That’s right! Jailbreaking is not illegal and the courts said so.

        No one wants to have Apple telling you what you have to pay for. I already shelled out money for they device, how dare they tell me I can’t have all the apps I want.

        Cracking allows us to get the content we want without paying some greedy developer something they should be thanking us for using instead of charging us for.

        It’s the same with cable companies that get mad when I modify my cable box so I can watch all the channels I want. It doesn’t cost them anything yet they want to try to make me pay for something that should be free. Movies where made to be watched.

        Jailbreaking and Cracking cannot be stopped.

  • Michael

    It won’t stop piracy. But it will make it harder.

    Right now, to crack an app, you just have to beat whatever protections Apple has done. So you only have to beat them once and it works for every iPhone app (and I believe there are simple tools out there to let anybody just crack an app with a click.)

    With the in app-purchase, now every developer can do things slightly different. Each app has to be cracked individually. Still of course it’s possible…but much harder and more time consuming if the developers do different tricks.

  • If big giants like microsoft can stop piracy, yes remember each windows license is unique , and windows 7 is now jacked/patched, apple doesnot stand a chance , these hackers will laugh in there faces!

  • I agree with Adesh, apple doesn’t stand a chance, the hackers will find a way around it!

  • Juan

    It will help deter it. It will not eliminate piracy completely. That’s just not possible.

    @Adesh: Microsoft *has not* stopped piracy. I don’t know where you get that idea.

  • Juan

    @Adesh: Oops. Looks like you have a type so I misunderstood your post.

  • Trent

    I think customers are going to become very tired very fast with in-app purchases. I know for one, if I download an app, only to get prompted repeatedly for more money to access more functionality, I’m throwing that app out fast. I think developers that take the approach of releasing bare minimum apps, with additional functionality only available through in app purchase, are going to find people deserting their apps in droves. People want to buy something and know it’s theirs. They don’t want a subscription model. Those developers releasing fully functional apps will win out over the bare minimum/in app developers.

  • Fábio Oliveira

    Hmmm, until now we had only one anti-piracy protection so crackers only had to apply the same method for all applications on the App Store.
    Now, with potentially thousands of different anti-piracy protections will take much more time for crackers to crack an app. In a few steps:
    1. an app is launched in the App Store;
    2. the cracker buys the app;
    3. it checks for a known anti-piracy protection;
    4. if the protection can be broken he cracks the app.

    I don’t know about piracy itself but it seems to me that piracy could be driving some sales for iPhone (even with the millions of purchases on the App Store) as I was seeing myself lately telling my friends how jailbreaking an iPhone could let it open like an Android mobile device.

  • Fábio Oliveira

    Just to leave some additional thoughts on the subject.

    Maybe one could disable in app purchases for every app in his/her iPhone just to avoid any checking.
    We’ll see how this goes.

  • >>>”StoreKit” and “hash-check algorithm” sound like Chinese to me

    Well Chinese is my native language (sort of). Just kidding.

  • How hackable it will be depends a lot on the app.

    If in app purchase ‘unlocks’ a feature in the game then decompiling the app, finding that locking mechanism and bypassing that mechanism will be a viable approach.

    If however your application is strongly server reliant. That is your purchase requires sending something to the server to accomplish something for you that will not run your device. It will be quite easy for the server to verify all of the audit related information for the purchase and can simply choose to ignore to complete the request for the app if it doesn’t have a valid purchase. No amount of modifying the app will force the server to complete the request.

    And example might be poker game where your chips are stored on the server. If the in app purchase increases the number of chips you have, assuming this is all server side, a hacked version could request more chips, but if the server can’t verify the purchase it simply ignores it.

    But clearly this is very app dependent.

  • In-App purchasing increases the complexity of cracking an application, because at present, cracking the app is probably the same process for each app – remove/alter the code-signing, so that any iPhone can run the app. In-App purchase means that in the first instance all the code and data is there, but having cracked the app so anyone can install it, you then need to discover what means and lengths the developer has gone to, in order to prevent the pirate from hacking the app.

    Naturally I’ll not be discovering what means I will be using myself, but what Boro said is right; even if you have to validate all the time, this just makes it harder. That, like with the prevention of all crime, is all that can be done. Essentially the means to protect the application from running full out are provided with the application.

    So, from my own perspective as a developer, I welcome in-app purchase, because it does mean that instead of a two-hour task a hacker has done a thousand times before, it becomes a 2hr+ task, but be assured it’s unlikely to be a 3hr task, so we might see more of a trend of app comes out, cracked app appears two weeks later, instead of app comes out, cracked app appears 2 hrs later.

    What I find annoying, is that a person who has paid, probably £300 plus for a device, cannot be bothered to support the people who are trying to create content for the device, by parting with a measily £2.99 now and then.

  • Well, IMO the way things are going for the App Store (piracy), the app store will be left with only the crappy stupid games. Smart developers of quality games will have to move on the more secure pastures, and this could spell an abrupt doom for the app store…

  • richeasy

    already true… surviving HS app wont let you download new episodes that are free upgrades if the app is cracked!

  • none

    Depends on the in-app purchase. If the in-app purchase is to enable a service, and that service needs to ping an online server (i.e. to retrieve dynamic contents,) then hacking this will be nearly impossible. Since each ping can verify the validity of your in-app purchase.

    But if the in-app purchase is purely just a new functionality to the app, then it is possible to hack the application without ever pinging the server.

  • Tyler

    I’ve already found a way that I’m keeping to my self, it isn’t rocket science, I have a bunch of free houses in graal online thanks to my algorithm…. All I’ll say is that it’s VERY simple. It could’ve only been that game but I think it works.

  • Craig

    Tyler can you please tell me?

  • Jeff R.

    Ultimately, this will be the end of most mainstream piracy. From now on, only experienced pirates will be able to crack apps (unless the developer is stupid and makes getting the content as easy as changing a number and blocking the app’s internet access with FirewallIP), and chances are, they’ll target popular, mainstream ones. Regardless, developers now have more control over app protection; if I wanted to, I could add different hash checks etc. to my app in really weird spots, and that would be a real pain for crackers.

  • FJiqfbo`

    Come on. People only get cracked apps because their poor and can’t afford it, like me, or they have no credit card, also like me. And a bunch of apps in the app store should be free anyway, like “Animal Photos”, that app is $99.99 and I got the crack from Installous. All it is is about 60 pictures of animals, and that’s it. Shoot, I need to get myself an Apple Developer account if you can do that! I mean, Apple, really? Really? Sure. Okay. And the best part is, THE PHOTOS WERE TAKEN DIRECTLY OFF OF GOOGLE IMAGES.

  • iAd adds another development in this fight against the freloaders who steal food off my table.

    iAd won’t serve ads to cracked apps. Neither does in app purchase work on cracked apps. Before, with Google/AdMob I could at least make money on the people who steal my app if they click on the ads.

    But if I can’t make money with either ads or in app purchase, I’ll probably just turn off server access within a few hours of detecting a jailbroken device.

  • D2

    NO, it’s just as easy as it was before. I released Rock Band with all of the downloadable content to a few people to beta test my release about a week ago…thus far STILL no issues.

    So I bought the Rock Band app & ALL DLC and will be releasing it shortly.

    It didn’t make my life really any harder at all except for who to host the app because it’s almost 500mb now

    D2

  • Vijay Shankar

    I had created an in app purchase app with 10 products. I submitted the 10 products binary into the itunes store and it is still in the review. The apple review team reviewed my in app purchase app and tested and they got the successful purchase thank you alert message, but still they say the product is not installed into the device and it ask to buy again. Is it the reason for those 10 products are not approved by the apple? If so why doesn’t apple review team doesn’t know about it or there any other code to ask the product to be downloaded from itunes and installed into the device?
    Please help me in this regard with some samples..

    Thanks,
    Vijay

  • Bryant

    This seems like a question better suited for the apple developer forum.

    http://developer.apple.com/devcenter/ios/index.action

  • Dadabana

    Piracy are impossible to be stopped, mainly because… they want to crack apps. They could ‘trick’ the servers / apps into giving / accepting genuine or fake receipts if they wanted to.

    It will slow down piracy, because after cracking once, they need to crack it again for more content 😛

  • Syie

    Even Xbox 360 games are cracked. After a new technology it takes a while, but there will always be hackers that will find a way.

  • Subconscious

    (just use iPhone explorer!)

  • xfbbxfvb

    i see great app (game), which is developed by famous company NAMCO, the app is in free section on itunes.

    soon after the consumer know, its only a trial, with limitation, and the customer have to buy in-app to continue levels, they got really angry, i saw most of people rate that app 1 star.

    dont worry.., this system isnt well accepted by customers… yet

    both apple and developers, will gain painfull critics, if they continuing this system, in the future.

    its obvious lie, and misleading, to say something is free, which actually is not.

    tell everyone to rate 1 star to any free app, which actually is not.

    • CocoaNation

      I don’t see anything wrong with letting people have one level for free so they can adequately use the game and get a feel for if they want to buy it.

      ‘this system isnt well accepted by customers’

      The freemium model is the most customer friendly approach there is. Instead of making you judge your purchase on a few screen shots you actually get to play the initial levels, then if you actually like the game you can choose to buy it to play the remaining levels.

      What is the alternative you suggest? You prefer to go back to you have to buy it before playing it at all?

  • Anonymous

    Haha, hell no. It is just easier luke this way.. I can make inapp purchases crackable

    • CocoaNation

      You can’t do anything of the sort. But nice bluff.

  • try the usage of iap cracker.. runs through most of inapp buys 😛 aint really that hard to get inapp puchases freely.. only a few games got the online directly to apple’s buy server.. but a little interfeering with packeges sent/recived does the trick there 😛

    • Bryant

      Iap cracker was a bit of a yawn when it first started appearing. Took me about 2 hours to compensate for it and expel all the thieves using it.

    • Iap cracker was a bit of a yawn when it first started appearing. It definitly would be a problem fir lazy developers, but it took me about 2 hours to compensate for it on the servers and expel all the thieves using it.

  • Tristan Bills

    They have a very nice tweak in Cydia called iAP Cracker that gets free in-app purchases for almost any App Store app, so worry about this problem no more 😉