iPhone app phones home to foil pirates

I really don't see why people are panicking over IP addresses and UUID's being given out. Two reasons

a) They can track to a computer yes, but unless you have an 802.3 cable jacked straight into your iPhone, they can't claim much

b) Mobile substrate plugins can be made to override the function which grabs your UUID and IP address and overwrite it with garbage anyways.

Once you are jailbroken, you have _complete_ _control_ over your device. While I don't agree with it, nothing can theoretically stop piracy.

Yeeeeeah.... nice try. If you know enough to set up a server for NAT, you would also understand that when someone asks you for your device's IP address, your IP address is NOT the external IP address of your NAT server. It's still the internal IP address of your phone. Most likely 192.168.x.x or some such address. But you bluffed and gave us your web server's address hoping that we wouldn't look at it. And your bluff failed.

I don't know of any attack to do with your ID. This is true. I never claimed there was an outstanding attack I could do with your ID. (Personally, I wouldn't attack someone's phone even if I could.) But that doesn't mean there won't be one in the future. And just as problematic as the threat of an ID-based attack is the fact that the author of this app is essentially logging every time you use your web browser. I have a hard enough time providing Tivo with zip code-specific marketing info, why would I want to supply this guy with information on when I use my browser?

No, I will still download a pirated copy of this app and continue to use it! I refuse to pay $ for this.

I think this is an ok idea but disclosure to the user is needed. I'm sure most will just click ok anyways, especially if you tell them how the ID is no biggie..ahem

@Kai, good points in all you comments but I really have to say you got Pank wrong. Your point would have been correct if, like Pank said, he didn't have to recode the forums every update. Vbulletin issues one for every security vulnerability they find, sometimes 10 a year. I've actually checked out and spoken to Pank on other forums/boards as a forum owner, he's the real deal and his prices cannot be beat. The thing about recoding is it could involve graphics, php AND SQL and it would be different obviously for each sites specific graphics. To offer that service for $30 a year is insane.

@Pank, haven't done the forum admin lately. Good to see you still kickin. Keep up the good work.

Hi, I'm the developer of a mastermind game (http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=306429221&mt=8).
It's not a business for me and never I'll use of this tip to detect a cracked version.
So I have build a lite version to discover it (http://itunes.apple.com/WebObjects/MZStore.woa/wa/viewSoftware?id=306657741&mt=8).

I think it's a part of the game... I think it's not a good solution. But many developer will include this tip. Especially if it is a real company that lives only for that.
ut for a small developer who does it on his spare time for pleasure, it's not a solution.

These people download things from crack sites because they can. They justify it with all kinds of excuses, but it boils down to this:

You don't have a right to download a file to use it if it's being sold. If you don't want to pay for it, don't use it.

Any other justification is just an excuse.

Well, now I know at least one app to never buy.

I'm sorry but I just have to speak up here. Those few people stating that piracy does not equal lost $$ IMO are dead wrong and most likely have never sold anything via the internet.

I'd estimate (with no exaggerations) that I've lost anywhere between $75,000 / $150,00 at least in theft at my extremepixels.com site. I don't sell app's, I sell skins/designs for the 3 major forum software makers. Yes, it is a digital downloadable item so it is easier to pirate or make rips, but nonetheless tell me that would not put a dent in your pocket.

Not to mention the lost time sending copyright infringement notices to the hosts to have the thieves sites shut down. Trust me... It adds up big time in lost income.

I developed Full Screen Web Browser and the reason that I'm using the device UDID is to identify unique devices in order to enforce the demo period for cracked copies of the app. All apps that use ad services send data, including the UDID, to the ad server when requesting ads for display. Where do you think Pinch Media got the data for their awesome report on app usage?

Here is the paragraph from Apple's standard EULA for all iPhone apps distributed through the app store (unless the author provides a different one):

b. Consent to Use of Data: You agree that Application Provider may collect and use technical data and related information, including but not limited to technical information about Your device, system and application software, and peripherals, that is gathered periodically to facilitate the provision of software updates, product support and other services to You (if any) related to the Licensed Application. Application Provider may use this information, as long as it is in a form that does not personally identify You, to improve its products or to provide services or technologies to You.

The UDID is largely meaningless, but it provides a standard way to tell one device using our app from another. We are only using it to count how many times a cracked version of our app has ben ran.

If you're still paranoid, here's UDID of my iPhone 3G: 82b5bc32c7c5c0a7b93eca6f3fbfb691cbd97ae8

As for logging IP addresses, every web server logs your IP address, including ours which is regulating the Full Screen Web Browser trial period. If you don't like your IP address being logged, stop browsing the web.

iCopilot also phones home.