Microsoft faults developers for cracked Windows Store apps

By on December 12, 2012, 2:30 PM

Microsoft says a crack which allows hackers to download paid-for Windows Store apps without spending a dime is the fault of insecure app code and not a Windows Store issue. Redmond is essentially placing the onus of protecting apps against this particular type of exploit is on developers.

In October, intrepid codesmiths discovered a way to transmogrify trial apps into their full-fledged, paid-for counterparts. The crack, which is also open source, exploits in-app purchase mechanics -- which rely on local Windows system files -- to unlock the full version of many trial apps. 

Any successful software distribution channel faces the challenge of being targeted by people wishing to circumvent the system for ill-gotten gains and we're committed to ongoing protection of both customer and developer interests. Just as they have with other platforms, hackers are proposing ways to compromise the integrity of apps, which can have lots of negative consequences to the system and the customer experience.

Source: engadget.com, Microsoft spokesperson

Incidentally, other app markets have suffered from similar issues, like Apple's Mac App Store and its iOS counterpart.

Just yesterday, we mentioned a Nokia engineer who who talked about the inherent issues responsible for piracy on the Windows Store. The crux of the matter, according to Justin Angel, is that the Windows Store allows important app data to be stored locally on the device instead of securely hosted on a remote server. Any locally stored data can easily be accessed and modified, making app hacking and cracking an always-possible affair.

When Apple suffered its own similar issues, it gave this advice to developers: follow the App Store's recommended security guidelines. Unsurprisingly, this is precisely the same recommendation prescribed by Microsoft, who thoroughly details this issue on its MSDN blog. According to the software maker, developers who make use of digital receipt verification and secure otherwise sensitive content on a remote server instead of locally inside the app, shouldn't be susceptible to these kinds of hacks.




User Comments: 5

Got something to say? Post a comment
1 person liked this | psycros psycros said:

Yeah, store all that licensing data in the cloud. And when Joe User doesn't have a connection, his apps won't work. That should be popular while traveling. Here's a thought: verify licensing each time the app gets updated. Mobile users aren't nearly as likely to go chasing after every new crack, and if they do then guess what? It just proves that the cloud is even more overrated than we thought it was.

Guest said:

Here's a thought: verify licensing each time the app gets updated.

Sorry, but Apple has a patent on that.

jobeard jobeard, TS Ambassador, said:

This kind of issue is purely POOR software architecture (aka BAD design). If it's only associated with the Cloud - - hee hee hee - - you get what you pay for; another reason to not jump on the bandwagon.

When designing software, there's a concept that says

  • "the scope of control must be above the scope of influence".

Get that backwards and the H*** to pay for your mistake.

jobeard jobeard, TS Ambassador, said:

Sorry, but Apple has a patent on that.

Can't copyright a concept - - just the specific implementation

captaincranky captaincranky, TechSpot Addict, said:

Can't copyright a concept - - just the specific implementation
Like you'd be able to float that by a pack of hungry Apple lawyers...:eek:

Load all comments...

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.