With all of the success stories coming out of the App Store, it's been pretty easy to forget the problem of piracy for most developers. Not so for Fishlabs, who've posted over on the Touch Arcade forums that their latest game, Rally Master Pro 3D, is experiencing a 95% piracy rate. You read that right: supposedly 95% of the people playing the game on the iPhone haven't paid for it.

There's probably a multitude of reasons why that is -- the app is $7 with no trial version, it's not a super-popular app quite yet (so one pirated copy on a popular message board is probably traveling farther than the copies coming off of the official App Store), and there are probably at least a few other factors in the mix that we don't know yet. Still, 95% is obviously pretty darn high for a platform that's supposed to only deliver software through Apple's official store.

Now, fortunately Fishlabs doesn't sound litigious -- they're not pulling the old "piracy = lost sales" fallacy that many companies in this situation would do. They are lowering the price on the app -- they expected it to be worth more, but apparently their consumer base seems to disagree. They tell Mobile Entertainment that they'd entertain the idea of providing content only through Apple's in-app purchasing service (presumably, that would prevent piracy by locking down the extra content), but they also say that's a gamble they've tried and missed on other platforms before.

Of course, it'll take more than one post on one message board to make hay out of the problem of app piracy -- it definitely happens, but on the other hand, there certainly are apps selling well, and there are also apps not selling well that don't have this level of piracy going on. Apple already has lots of authentication and validation processes in place, but if app piracy is this big a problem for everyone, they may need to look at more.

Miguel Sanchez-Grice, creator of the iCombat app (a remake of the old Atari game), sent us these stats on piracy of his app after writing a blog post about the same thing, and I find them fascinating. Instead of building DRM into his app, he just detected if the player was using a copy that wasn't from the App Store, and then forwarded them onto a web page that he could track. It seems like he equates unique visitors to his Pinch Media site as users (though he doesn't go into detail about exactly where those "Pinch Media New Uniques" numbers come from), and then subtracts legit app sales from those numbers to get the number of pirates. And while he says the numbers are lower than he expected, they seem pretty high to me: there is a substantial number of people out there using cracked apps.

The tubes are ablaze today with news from CNN of the first ever latest malicious program to be found on the Mac. The trojan was first discovered in January but it did not receive wildfire-like popularity until recently when two experts at Symantec published a bulletin on the subject of the malware.

The trojan, named "iBotnet" (get it?), has only affected a few thousand Macs in the wild and it is currently not known to do any real harm. Should you be concerned? Well, the answer to that depends on whether you're a software pirate or not. The distribution method for this particular piece of malware is through the downloading of certain bootlegged copies of Apple's iWork.

Brian Krebs over at the Washington Post details some information about the actual first botnet specifically for the Mac. He points out that the current media storm is for a trojan that was actually discovered in January. He goes on to mention that the first botnet for the Mac was actually released in 2006 and targeted both Macs and PCs alike.

In other news, sales of Symantec's Norton AntiVirus shot up following the release of the security bulletin and subsequent frenzy of coverage. Actually, this is not true (at least to this humble blogger's knowledge); but it does pose an interesting question. Who profits most from the release of malware on any platform? One thing we know for sure, though, is that the end-user is definitely losing out in this game.

The moral of this story: stop all the downloading! Thanks G.I. Joe! In all seriousness, though, the majority of malware on the Mac (and on the PC) is distributed through nefarious chains of content acquisition. Be careful out there when clicking links and downloading files or programs from sites that you may not trust.

Thanks to everyone who sent this in!

App Store piracy is a growing concern for more and more developers, thanks to tools like Crackulous and various BitTorrent trackers. Although developers are fighting back, this is a problem that really isn't going away.

So how widespread is App Store piracy? Earlier this week, Wired's Brian X. Chen spoke with a number of developers and analysts about the issue, and right now, it looks like piracy is still relatively self-contained. According to Medialets, a mobile analytics and advertising company, approximately 5,000 of the 25,000 paid apps in the App Store have been cracked. The company also reports that some programs have as high as a 100-1 pirate-pay ratio -- dramatic, but not necessarily catastrophic.

It isn't all doom and gloom, however. As the Wired piece points out, some developers see the level of piracy as completely inconsequential. Others, like BeeJive have had to fight back against cracking, but have also used it as an indicator that the price of an app needs to decrease.

I take issue with Chen's citation of a 2008 Business Software Alliance study that claimed that the economic impact of software piracy is in the tens of billions of dollars each year. While software piracy undoubtedly has an economic impact, the figures that the BSA claims are just insane. Each pirated copy of a piece of software does not necessarily equal a lost sale and while software piracy, in any form, is certainly bad for the overall software ecosystem, distorting the truth doesn't help the situation.

Our own Michael Rose talked about App Store piracy with the CEO from Medialets on TechVi this morning and the conversation is pretty interesting.



Of course, the crackers may end up bringing themselves down, which is kind of cute.

[hat-tip Apple 2.0]

Like many iPhone developers, Ben Chatelain is frustrated to see cracked versions of his project, Full Screen Web Browser, showing up online. Following the usability suggestions of John Gruber, Ben has chosen to do something about it. The latest version of his app has detection capabilities for pirated instances, and reports the UUID of the device back to his server. After 10 days of running a cracked version, users are presented with a "trial over" dialog box and given the option to buy up to the legitimate version.

As antipiracy measures go, this is about as benign as you can get, and it's in good alignment with the stated 'we crack so we can try before buying' philosophy that the crack community espouses; the alternative approach from RipDev may block piracy altogether, but it also involves more work and more cost. There might be some legitimate purchasers who balk at any phone-home capabilitity that includes personally identifiable data, but Ben claims his implementation only pings back from cracked versions.

With the pingback code running, his preliminary stats show that about 10% of the users of his latest version are running unlicensed copies -- that's very low compared to some popular games, where whisper numbers estimate that more than half of all users never paid for the app. It's important to remember that pirated copies ≠ 'lost sales,' at least not at a 1:1 ratio, as most users of cracked copies would never have bought the app at retail. Ben's approach at least gives those users the opportunity to choose a legit copy over a cracked one.

[hat tip to Razorianfly]

Last week, the iPhone cracking app-cracking tool, Crackulous, was released, igniting discussions amongst developers and users over App Store security, piracy and how to combat these threats within the confines of Apple's walled-garden. Because of the iPhone SDK, and Apple's Terms of Service for letting apps into the App Store, individual developers are severely limited in what they can actually do, code-wise, to address the issue.

This doesn't mean developers are completely helpless; indeed, as the comments pointed out, there is stuff that can be done to thwart IPA cracking and even the use of Crackulous itself. But what if you are just struggling to find time to code your current iPhone projects and don't have the time or necessary skill-level to address iPhone piracy?

Enter Ripdev's new Kali Anti-Piracy service. I talked to Slava from Ripdev last week, and they really seem to be onto something. Essentially, Ripdev has figured out how to put an extra wrapper around iPhone apps, which not only prevents the app from launching or functioning properly if it has been cracked, but also prevents the current cracking tools from working on the app at all. Even better, this process only uses documented and allowed calls, making it SDK compliant. Oh -- and if the app is legitimately purchased, it can run on a jailbroken iPhone without a problem.

iPhone developers who already have to fight for app approval, exposure and marketing techniques now have a new hurdle to overcome: instantaneous app-cracking. Although cracking iPhone applications for use on a jailbroken iPhone or iPod touch is not new, the method has never been so easy or so accessible.

Crackulous, an application developed on the Hackulous forums (Hackulous is a community dedicated to cracking iPhone apps; back in my day we called these warez boards), makes it possible to "crack" any purchased App Store application. That app can then be transferred for use on other devices.

Although the larger discussion of intellectual property, DRM, peer-to-peer transfers and what constitutes "piracy" is filled with large gray areas, Crackulous strikes me as about as black and white as you can get. Any way you slice it, this is piracy. This isn't about fighting DRM or fighting what some see as a draconian application platform, this is theft.

Update: It is worth mentioning that there are applications with a free, ad-supported version available and yet the premium version is still cracked. One such example is The Iconfactory's excellent Twitter client, "Twitterrific."

Let's say you are a developer and want to have a go at this whole "iPhone" platform. Let's also say that you lay out the money to register with Apple, spend about 250 hours to develop an addictive and entertaining game, and manage to get it approved for sale in the App Store.

If you have made it this far, as James and Constance Bossert of Fairlady Media have, then you probably would be excited to see a sudden spike in application usage... but according to a post at TorrentFreak, that was only the beginning of the Bosserts' problems. When usage shot up for their app "Whack 'em all" (iTunes link) without a corresponding increase in revenue, James went to work figuring out why. The bad news: his app had been cracked and was being distributed, for free, for use on jailbroken devices.

At TUAW we've been following the DRM-free EMI track deal for some time. We're delighted to announce that these tracks will finally available for sale over at the iTunes Store later today (Apple announced they are available, but not in my copy of iTunes at the moment).

DRM-free tracks will cost you $1.29 each rather than the normal $0.99 per track you normally pay. The extra money buys you more audio quality than the standard DRM'ed tracks (256 kbps AAC versus 128 kbs AAC). Expect larger data downloads as your audio files expand to accommodate those extra bits.

iTunes Plus requires iTunes 7.2.

Does iTunes prevent piracy? That's what this report (registration required) from the UK's PC Pro seems to conclude. 36% of US teens bought music using online stores in 2006, up from 28% in 2005 and 20% in 2004. P2P network use for obtaining unlicensed music fell at the same time according to the article, although the numbers are based on unreliable surveys, and the reported number of p2p-using households actually increased last year.

You live in the UK. You buy a CD. You rip it to your iPod. All nice and legal, right? Apparently not, according to this article by Will Head of Web User. Head makes the case that UK law is hopelessly twisted when it comes to digital media. Only the creators of digital works have the right to transfer them to new formats. So when you buy a CD, you have only paid for the license to listen to the content as a CD. The article gives a good overview of the situation, noting that the chances of prosecution for ripping your own CDs are pretty much zip. And don't forget all those worries during the eighties that taping your record albums would kill the music industry... It didn't.

[Via BootlegTalk by Glenn Folkvord]

Remember Doug Morris? The Universal Music Group chief who claimed that iPods are repositories for stolen music? The guy who negotiated the dollar-per-Zune piracy-insurance scheme?

According to Australian IT, he's working on putting together an iPod royalty fee similar to the Zune fee during the next round of negotiations with Apple.

"It would be a nice idea. We have a negotiation coming up not too far. I don't see why we wouldn't do that... but maybe not in the same way," he reportedly told Reuters.