Microsoft faults developers for cracked Windows Store apps

Rick

Posts: 4,512   +66

Microsoft says a crack which allows hackers to download paid-for Windows Store apps without spending a dime is the fault of insecure app code and not a Windows Store issue. Redmond is essentially placing the onus of protecting apps against this particular type of exploit is on developers.

In October, intrepid codesmiths discovered a way to transmogrify trial apps into their full-fledged, paid-for counterparts. The crack, which is also open source, exploits in-app purchase mechanics -- which rely on local Windows system files -- to unlock the full version of many trial apps. 

Any successful software distribution channel faces the challenge of being targeted by people wishing to circumvent the system for ill-gotten gains and we're committed to ongoing protection of both customer and developer interests. Just as they have with other platforms, hackers are proposing ways to compromise the integrity of apps, which can have lots of negative consequences to the system and the customer experience.

Source: engadget.com, Microsoft spokesperson

Incidentally, other app markets have suffered from similar issues, like Apple's Mac App Store and its iOS counterpart.

Just yesterday, we mentioned a Nokia engineer who who talked about the inherent issues responsible for piracy on the Windows Store. The crux of the matter, according to Justin Angel, is that the Windows Store allows important app data to be stored locally on the device instead of securely hosted on a remote server. Any locally stored data can easily be accessed and modified, making app hacking and cracking an always-possible affair.

When Apple suffered its own similar issues, it gave this advice to developers: follow the App Store's recommended security guidelines. Unsurprisingly, this is precisely the same recommendation prescribed by Microsoft, who thoroughly details this issue on its MSDN blog. According to the software maker, developers who make use of digital receipt verification and secure otherwise sensitive content on a remote server instead of locally inside the app, shouldn't be susceptible to these kinds of hacks.

Permalink to story.

 
Yeah, store all that licensing data in the cloud. And when Joe User doesn't have a connection, his apps won't work. That should be popular while traveling. Here's a thought: verify licensing each time the app gets updated. Mobile users aren't nearly as likely to go chasing after every new crack, and if they do then guess what? It just proves that the cloud is even more overrated than we thought it was.
 
This kind of issue is purely POOR software architecture (aka BAD design). If it's only associated with the Cloud - - hee hee hee - - you get what you pay for; another reason to not jump on the bandwagon.

When designing software, there's a concept that says
  • "the scope of control must be above the scope of influence".
Get that backwards and the H*** to pay for your mistake.
 
Back