Given the recent hack on Preemptive's CEO's Windows Phone 7 App, what do other developers do to limit their application's chances of being ripped off?
http://apps-are-people-too.blogspot.com/2012/01/hoisted-by-my-own-petard-or-why-my-app_09.html
I am not just looking for "a solution" as nearly all of them will have flaws, but instead one that balances the wire between "slows down all the code your put through it" and "isn't really that effective in practice"
many thanks in advance
The app you mention hasn't been hacked. Only the media has been extracted and copied into a new app.
The only (semi)-reliable way to protect against this is to stream your media on-demand, after the user has authenticated. Fingerprint the media using one of the many cryptography/steganography methods out there with unique user ID signature. This way, if/when your media is eventually ripped off, you have at least some chance of identifying the user whose copy the media was ripped from. (Not that this is going to help you much, if you are sticking to only legal actions. Which I strongly recommend.)
Reality is - there is no way you can protect content using technology. The only thing you can do is follow up the legal procedures set by the app store.
Let each app download an ID and verifiy it against paid ones. Make this verification happen every so often, not all the time or else it wouldn't work without internet. Also make sure that the user can't use the app unless they are verified within a reasonable amount of time.
See this anti-piracy code, it works 100% with our apps too!!!
http://www.windowsphonegeek.com/tips/PROTECT-YOUR-Windows-Phone-APP-AGAINST--casual--PIRACY
Another option to use is MTIKS WP7 SDK. http://us2.campaign-archive1.com/?u=ef88cf9415282e762a33f866c&id=6cf2a86fb3 Here they state they can track piracy.
My opinion is currently using any anti-piracy check is bit stupid, because of current store model and certification process.
Related
I have an old Microsoft/Live account where I have submitted an app for Microsoft Teams. That account and directory is no longer in use, as we use our primary organization directory for app submissions now. So I would like to move the app submission from the old directory to another, and need tech support for that. I have tried all channels inside the Microsoft Partner Dashboard without luck.
This is called "reparenting" in the Microsoft store lingo, and it is a very very very (very) frustrating process (at least my experience was). They also seem to change whether they're allowing it or not, over time, so you might need to raise several service requests. I hope the process goes smoothly for you.
I have made a simple desktop app that I want to sell through the AppStore. Of course I want to be protected against piracy. Does AppStore give any protection? How does that process work?
For instance, what prevents a dishonest person from buying my app and then upload it on a torrent and share it with others. If these other people download my app, will they automatically be asked for their identity check (Apple ID and password), the first time they try to use my app, thus preventing them from using it if they have not bought it legally.
If this identity check does not happen automatically, then do I need to add some code in my app that will ask for the identity check. If so, where can I find info about how to do that?
I'm not entirely sure how this process works. Could somebody shed some light on it?
Mac App Store slips a receipt each time it is downloaded into the bundle. The receipt contains information about the computer used (the so called GUID) and the user logged into the App Store.
See here how you should validate the receipt:
https://developer.apple.com/library/mac/releasenotes/General/ValidateAppStoreReceipt/Introduction.html#//apple_ref/doc/uid/TP40010573
If you implement the GUID validation as described in the document, the app will not run on any other computer.
Also check the signature of your code to make sure it has not been tampered:
Verifying app's signature by code
Your application, when downloaded from the App Store, contains a receipt. The receipt contains proof that it was downloaded onto this computer from the App Store, and the ID of the application. There are instructions somewhere on Apple's website that tell you how to verify the receipt and what to do if the verification fails.
That said, you are much better off concentrating on writing an app that people actually want to buy. People who pirate your app wouldn't hand over money if it couldn't be pirated. They would do without it, pick some free app, or pick a different app that they can pirate.
And I'm quite sure that any copy protection you build into your app yourself will get it rejected from the App Store.
Even though the answers I've got were helpful, they didn't quite provide the answer I needed. Looking around I found a software called Receigen from Laurent Etiemble, and the FAQ on his site (http://receigen.etiemble.com/faq.html) gave many answers for what I was looking for. For instance
What is an App Store receipt validation ? Why is it needed ?
Basically, an App Store receipt is what an application must check to ensure that the copy is genuine and can be run.
What happens if I don't check the App Store receipt ?
Well, anybody with a copy of your application can run it, with or without proper authorization.
Is the code receipt validation easy to write?
No because it requires deep understanding of cryptography and secure coding techniques.
It didn't hurt either that Receigen generated code that freed me from dealing with receipt validation code. Receigen takes care of this part so I can focus on what is really important for me: my application.
Yes, it costs money but personally I am more than glad to pay it, because I find this part of the development tedious, boring and complex.
TPInAppReceipt is a great package for this.
I was able to easily add local receipt validation after trying many others solutions less successfully:
https://github.com/tikhop/TPInAppReceipt
I am currently experimenting with programming for my Nokia 5800 XpressMusic (running Symbian 9.4). Setting up the development environment (Carbide C++) was already a huge pain, but now that I am actually able to build something the pain doesn't stop! It seems there is an incredible overhead involved when you actually want to test an application on the phone. But I really hope somebody more experienced than me knows some easy way to do it.
If I understood right every application has to be signed. I can sign applications myself, so this is not a problem and it seems to work fairly well. But then it seems not all capabilities are available if I do this, and the one I need is amongst them. So now I have the option to buy a publisher ID to get a developer certificate (current cost: 200$ - no thanks) or I have to upload the application every time to symbiansigned! Every time I change the code and want to test on the phone I have to upload the thing using a stupid web form!
But now I was excited to find that you can do some remote debugging stuff with a thing called TRK (maybe this spares me the signing?). I hoped that I could use this to connect Carbide and my phone. But this doesn't quite work. My phone doesn't show the application required for this connection although it installed properly. I had a look at the supported Symbian version number and it seems to be 9.2, so not mine :( Stuck again?
And the emulator is no option because it doesn't support sensors and cameras :(
So what am I doing wrong (and sure there must be something)? Is the only way to test my app on the phone to actually upload it every time, wait for it to getting signed, download it again, install it and test - just to see it didn't work and that I have to repeat this process over and over again?? PLEASE no...
follow the instructions here http://www.forum.nokia.com/Distribute/Packaging_and_signing.xhtml to get yourself a free certificate for 5 testing devices, then you can use this certificate to sign your applications directly without using open sign.
When you use TRK, your application is still installed on the phone (in background, with so called silent installation API - by the way, you can use it too, but it's offtopic), because the only eligible way for a binary to get into the phone is the Installer Service. So you still need some certificate. All three options to get certificate mentioned here are ok, though the last, free one (from Mahdi Hijazi), I suppose, is the preferred. :)
Please go to
http://www.opda.net.cn/register.php
then apply for a OPDA Developer Certificate and download signer tool from the site and use it to sign your symbian applications.
Is there any Remote wipe application which will be working on deleting the data in Emulator by sending an SMS from other emulator?? I found some of the free applications in android market on Remote Wipe.. But they are not working..
Please let me know if any of the application is working on Emulator
Thanks in advance
Uday
There is just one remote wipe application I have come across.
I have been trying to write one such application myself but I believe the permissions required are 2nd level and 3rd level permissions (check this link and this link). Thats is the reason I am unsuccessful as yet. I believe that you basically need to sign the package with the same signature as the OEM manufacturer to be able to grant those packages to your device.
If by an stroke of luck you do happen to make one successfully, please let us know the permission you have used to make such a thing possible! =)
Regards
Shouvik
EDIT: Okay I supposed I am wrong. I believe in android 2.2 it is possible to remote wipe your. I have not completely understood how to implement the function or the class yet, I plan to work on it as soon as I can spare some time. :)
Reply:
Well I have been looking at the SDK for some time now, and I can confidently tell you below 2.2, I am pretty sure there is no way I know of to remote wipe your data. I have although read on the mailers list that there is a function that enables a third party client to create a remote wipe application as you may have seen in my post above. I have actually use my own port of android on a device and have just used the brick, but if I do come across any reference that can show how you could achieve what you desire, I would be happy to leave a post here. Regards Shouvik.
Links
http://developer.android.com/reference/android/app/admin/DevicePolicyManager.html#wipeData%28int%
also for formatting the SD card I came across a permission that you can request, I guess you follow that you end up at the method.
http://developer.android.com/reference/android/Manifest.permission.html#MOUNT_FORMAT_FILESYSTEMS
I'm looking into writing a small custom app for a small business that can utilize a voice modem on Windows to pick up a phone call and play a customized voice message based on time of call.
The API on Windows that controls modems is TAPI, but it seems complex and low level that I'm not sure I can complete the app in time.
Any higher level API or software component I can use to accomplish what I need?
Thx
I think you'll need to look at 3rd party libraries for this. A quick google search turned this one up (though I've never used it).
I'm not sure what programming language you need, but I found many projects that may have elements you are looking for on CodeProject.com and SourceForge.net. I could make suggestions from the sites, but perhaps it would be better to leave it to you, as you know what project would best meet your needs. Doing a search on TAPI or telephony gave a lot of results, but I didn’t seen an already made project doing what you described above.
I hope these suggestions help you make your deadline, good luck.