Tuesday, February 24, 2009

Time Bomb mentioned on CNET.com

Wow! This was unexpected. I was Googling for references to my recent Time Bomb app, curious if anyone has mentioned the game on any web sites, and I came across a blog entry on CNET.com, called "You Stole this (iPhone) Game!".

What do you know? It's an article talking about how my Time Bomb app pops up a message when users run a pirated version of the app. Specifically, if the app detects it is not a valid copy, it will display the message "You stole this game! Since this isn't a legal copy of the game, it is not going to function properly." And then, as promised, the app isn't going to function properly.

Sure, if someone wants to invest the time, they can by-pass these countermeasures (I wouldn't be surprised if they already have). And, then, in my next update, I can add more countermeasures which will take even more time for someone to bypass. But at some point, you have to wonder, why is someone spending so much time trying to crack an app that only costs 99 cents?

I decided to be obvious about the theft detection. Based on what I've read on some forums, other developers are taking a more stealthy approach and are silently gathering information from the offending iPhone or iPod Touch. Personally, I don't think the theft of my app gives me the right to violate the thief's privacy. It's the whole "two wrongs don't make a right" thing.

3 comments:

Anonymous said...

No one's commented on this in over a year? Seems odd, especially since I found this on Google fairly easily.

I guess you can't tell us how you're protecting your app, lest you give clues how to bypass the protection.

Can you give us a hint, maybe?

Mostly Torn said...

Hi,

The app detects piracy using two different techniques. There are known changes made to the info.plist file for an app when it is pirated.

First, the app looks for the tell-tale info.plist change, specifically looking for the known new entry added via the pirating process.

Second, it performs a checksum on the plist file and compares it to what was know to be the proper checksum when the app was built.

It's definitely not a fool-proff method - if someone wants to really invest the time with a disassembler they'll be able to counter these checks, but they are enough to foil casual pirates.

Mostly Torn said...

Also, these checks are done independently, in separate areas in the code, making it a little more difficult for someone to easily locate the checks and remove them.


All content copyright © 2009  Brian Stormont, unless otherwise noted.   All rights reserved.