Filed under: Software, Developer, iPhone, App Store, SDK, iPod touch, Jailbreak/pwnage
Ripdev launches anti-piracy service for iPhone developers
Last week, the iPhone cracking app-cracking tool, Crackulous, was released, igniting discussions amongst developers and users over App Store security, piracy and how to combat these threats within the confines of Apple's walled-garden. Because of the iPhone SDK, and Apple's Terms of Service for letting apps into the App Store, individual developers are severely limited in what they can actually do, code-wise, to address the issue. This doesn't mean developers are completely helpless; indeed, as the comments pointed out, there is stuff that can be done to thwart IPA cracking and even the use of Crackulous itself. But what if you are just struggling to find time to code your current iPhone projects and don't have the time or necessary skill-level to address iPhone piracy?
Enter Ripdev's new Kali Anti-Piracy service. I talked to Slava from Ripdev last week, and they really seem to be onto something. Essentially, Ripdev has figured out how to put an extra wrapper around iPhone apps, which not only prevents the app from launching or functioning properly if it has been cracked, but also prevents the current cracking tools from working on the app at all. Even better, this process only uses documented and allowed calls, making it SDK compliant. Oh -- and if the app is legitimately purchased, it can run on a jailbroken iPhone without a problem.
Slava showed me some screenshots of users in the cracking forums, complaining bitterly about the inability to crack Ripdev apps using the current tools.
Kali Anti-Piracy subscribers will have access to a developer login and an SDK. You submit your app to Ripdev's encryption server, which processes the app and spits back the protected file back to you, ready for submission to the App Store.
Kali Anti-Piracy is a service, and is available for a quarterly fee (which represents a percentage of the 70% cut developers get from the App Store, variable by units sold that quarter) and an initial set-up fee. For apps that are priced under $9.99, the set-up fee is $100. The set-up fee for apps over $9.99 is $300. You can get full pricing details here (PDF).
While I can imagine that some iPhone developers won't be interested in a service that has an upfront cost and a quarterly fee, the service will certainly be of value to lots and lots of developers.
To be clear: no solution, Kali Anti-Piracy or otherwise will ever completely combat piracy. What this does do is make the barrier to entry that much higher. Ripdev is also committed to keeping atop "the underground" as they put it, and will continue to beef up and augment their technique as necessary.
Kali Anti-Piracy is accepting sign-ups now.
Kali Anti-Piracy subscribers will have access to a developer login and an SDK. You submit your app to Ripdev's encryption server, which processes the app and spits back the protected file back to you, ready for submission to the App Store.
Kali Anti-Piracy is a service, and is available for a quarterly fee (which represents a percentage of the 70% cut developers get from the App Store, variable by units sold that quarter) and an initial set-up fee. For apps that are priced under $9.99, the set-up fee is $100. The set-up fee for apps over $9.99 is $300. You can get full pricing details here (PDF).
While I can imagine that some iPhone developers won't be interested in a service that has an upfront cost and a quarterly fee, the service will certainly be of value to lots and lots of developers.
To be clear: no solution, Kali Anti-Piracy or otherwise will ever completely combat piracy. What this does do is make the barrier to entry that much higher. Ripdev is also committed to keeping atop "the underground" as they put it, and will continue to beef up and augment their technique as necessary.
Kali Anti-Piracy is accepting sign-ups now.
Get a WordPress.com Blog
![TUAW [Cafepress]](http://www.blogsmithmedia.com/www.tuaw.com/media/tuaw-cafepress-promo.png)
Reader Comments (Page 1 of 2)
Jon said 7:04PM on 2-11-2009
And why is Apple not doing this?
Reply
Bootes said 12:23AM on 2-12-2009
Apple already basically does this. They provide built in DRM on every app sold in the app store. The thing is that, just like every form of DRM that has been released and will ever be released, people have found a way to crack it. The same thing will happen with this new "anti-piracy" service.
Darren said 7:10PM on 2-11-2009
I don't think there are many developers who would waste their time and money on such a thing. It's already trivially easy to prevent a script kiddie from cracking an app.
Reply
Master Sam said 7:11PM on 2-14-2009
There is currently no way to prevent an app from being cracked. Now anyone can crack them, too with crackulous
Darren said 7:35PM on 2-14-2009
No Sam,
It's very easy for an application to detect if it has been modified by one of the script-kiddie cracking tools, at which point the application will quit immediately or disable certain features. And there's nothing the script kiddie can do about it because they don't actually know anything about cracking software.
JD said 7:33PM on 2-11-2009
If their method is systematic and shared across a large number of much-desired apps, the hackers will develop an easy tool to crack it. Before investing in a short-term solution, developers should spend some time trying to figure out exactly how much revenue they are losing to pirated apps. It is certainly far less than the number of stolen copies, since most users, denied the pirated copy, would not actually pay even one dollar. It would be nice to see some real research on this (and not just the RIAA stupidity that assumes losses = stolen copies x product price). It may be galling to know hundreds of people are using your work for free, but that doesn't mean these sorts of services are cost-effective.
Reply
Greenie said 10:12PM on 2-11-2009
I agree that not all pirates would be paying customers. However, it's still important to thwart piracy because it can coat the developer money. What if you run an app that uses the developers server? All of a sudden you're maintaining the server and spending money for people that never paid you.
7egend said 7:17PM on 2-11-2009
Like Dareen said waste of time and money, plus just cause you add a "wrapper" to the App doesn't mean it can't be cracked as well. If protecting Apps was easy EA would have been doing it a long time ago, but crackers are still cranking them out within days, and sometimes same day as the release of the game.
Good Luck, but I don't see a prevention method for cracking, best way to keep it to a minimum is to not publicize it on popular blogs.
Reply
Arnan de Gans said 7:22PM on 2-11-2009
and this method is a onetime check? or does it keep slowing apps down after install also? I would hate to have the apps i pay for constantly being checked if theyre real or not... That sounds very microsoft like.
Reply
Glenda said 7:49PM on 2-11-2009
This is a very interesting subject, yet I'm still a little skeptical about how affective this will be I give it 3 months until hackers find a way around this "wrapper"
Reply
supersocialist said 8:17PM on 2-11-2009
Let the security theatre commence. As everywhere else, there needs to be an appearance of escalation to keep developers happy and keep casual pirates off the bleeding edge. (I wonmder if new DRM tech increases revenue for a certain period before it's cracked--I'd love to see stats on that.) But people who are really determined will penetrate the every new wrapper, it's just a matter of time.
Reply
drumthrasher109 said 8:58PM on 2-11-2009
It's not going to stop cracked apps.
Reply
vandil said 8:57PM on 2-11-2009
And so begins the cat & mouse game.
Reply
oZone said 10:08PM on 2-11-2009
Darren said it best: waste of time and money. And knowing how extremely determined to get their way "the underground" really is, this will be a huge clusterphucking failure.
Reply
Steve said 12:09AM on 2-12-2009
The problem here is that Ripdev is bound by SDK and other constraints while most crackers are free to use whatever means to get the app open.
Reply
Bootes said 12:30AM on 2-12-2009
The problem is that it's impossible to secure something from people that are supposed to actually be able to use it. The crackers legally have the program so they have to be able to run it, meaning that it's impossible to prevent them from cracking it.
Lee said 7:37AM on 2-12-2009
What do you mean "supposed to be able to use it"? If they bought the app, they won't have a problem using it. Plain and simple. There are no SecuROM-type reinstallation restrictions here, so there isn't a way to justify that cracking is fair use.
Still, this method is pointless. It'll be circumvented way before any developers have seen enough of an effect. On the bright side, it may keep every Average Joe from cracking as easily.
Lee said 7:40AM on 2-12-2009
After I posted, it dawned on me what you might have actually been trying to say.
You're right. If a cracker can run something, it is only a matter of time before they figure out a way to remove any type of protection they want. The only way to prevent people from figuring out how to break a wrapper like this would be to not let them run the app, which is impossible if they paid for it.
ryemac3 said 12:26AM on 2-12-2009
Holy crap! Did you look at the pricing? The ones getting rich are the folks at Ripdev. What's with the royalty fee? They are making money hand over fist, for what, the off chance your app might get ripped? It's bad enough Apple is scimming 30% off the top, now ripdev wants a cut.
Reply
colouroflight said 1:28AM on 2-12-2009
Lame. If you're a developer and your app is any good, it will be pirated.
Fact of life. Deal with it.
Reply