Protect iPhone app from hackers

Question

I'm developing some iPhone application and I'm very frustrated when some of my applications published on hacked app resources. And anyone can install those apps for free.

So my question is: How to protect application from dumping into memory, running in debug mode and making hacked ipsw bundle? Is there source examples for that?

possible duplicate of [Reducing piracy of iPhone applications](http://stackoverflow.com/questions/846309/reducing-piracy-of-iphone-applications) — Brad Larson, Jul 08 '10 at 12:44
@Brad Larson It is. I'm trying to collect some additional information about application protection. Not only "check size of your plist". — Evgen Bodunov, Jul 08 '10 at 15:24
Yes, it has been a frequently asked question. To be honest, I wouldn't worry about it. My one for-pay application has been available in a cracked version since launch and it hasn't hurt sales. In fact, I look at it as another form of advertising. Relatively few people jailbreak their phones, and those that do who have the cracked application can show it off to their friends, who might end up buying because they won't deal with the hassle of jailbreaking. Those are sales I would not otherwise have. — Brad Larson, Jul 08 '10 at 15:56
Given that the iPhone is not a very open platform, I'm surprised that piracy is much of a concern. Do you know whether the amount of piracy actually warrants putting development effort into piracy countermeasures? For instance, even if 1% of all customers pirate the app from Cydia, rather than purchasing it off the app store, is it really worth worrying about? — Tom, Dec 27 '10 at 21:25
I had a system in many of my apps that counted the number of pirate copies of my apps in circulation. Comparing that number to the official sales I discovered that there was 9 times more people using my apps that buying them and that was not the case of people installing to see if the app was good before buying because the mechanisms I had counted the uses overtime and 70% of people who downloaded the pirate app continue to use them continuously over months and months. Then I disable those mechanisms and tried not to think about it... but 90% of piracy is sad. — Duck, Jul 19 '11 at 00:44
Perhaps look here http://stackoverflow.com/questions/846309/reducing-piracy-of-iphone-applications — tonklon, Jul 08 '10 at 08:11

score 2 · Answer 1 · answered Jul 08 '10 at 14:58

I've used AntiCrack for all our products. Admittedly, I'm still using version 1: at the time it was free but were encouraged to make a donation (and I duly did). And to be honest it's great. Very easy to integrate.

Of course, it's a real battle, and nothing's perfect, but AntiCrack certainly helped to prevent a whole set of common cracking approaches. Of course, many are documented all over the web, it would have taken far longer for me to implement and test than just shell out a few dollars.

Version 2 looks like it's even better, although there is now a compulsory donation of at least $30, which is still a bargain.

Interesting part what exactly AntiCrack did to protect application. — Evgen Bodunov, Jul 08 '10 at 15:22

score 2 · Accepted Answer · answered Jul 09 '10 at 08:17

i found this source snippet as example of isCracked function

#if HEARTBEAT_CHECK_PIRACY
+ (BOOL)isCracked {
#if TARGET_IPHONE_SIMULATOR
    return NO;
#else
    static BOOL isCracked = NO;
    static BOOL didCheck = NO;
    if(didCheck) return isCracked;

#if HEARTBEAT_PIRACY_THRESHOLD >= 1
    if([[[NSBundle mainBundle] infoDictionary] objectForKey:@"SignerIdentity"] != nil) {
        #if HEARTBEAT_PIRACY_THRESHOLD >= 2
        NSString* infoPath = [[NSBundle mainBundle] pathForResource:@"Info" ofType:@"plist"];
        if([[NSString stringWithContentsOfFile:infoPath encoding:NSUTF8StringEncoding error:NULL] rangeOfString:@"</plist>"].location != NSNotFound) {
            #if HEARTBEAT_PIRACY_THRESHOLD >= 3
            NSDate* infoModifiedDate = [[[NSFileManager defaultManager] fileAttributesAtPath:infoPath traverseLink:YES] fileModificationDate];
            NSDate* pkgInfoModifiedDate = [[[NSFileManager defaultManager] fileAttributesAtPath:[[[NSBundle mainBundle] resourcePath] stringByAppendingPathComponent:@"PkgInfo"] traverseLink:YES] fileModificationDate];
            if([infoModifiedDate timeIntervalSinceReferenceDate] > [pkgInfoModifiedDate timeIntervalSinceReferenceDate]) {      
            #endif
        #endif
                isCracked = YES;
        #if HEARTBEAT_PIRACY_THRESHOLD >= 2
            #if HEARTBEAT_PIRACY_THRESHOLD >= 3
            }
            #endif
        }
        #endif
    }   
#endif

    didCheck = YES;

    return isCracked;
#endif
}
#endif

score 0 · Answer 3 · answered Jul 08 '10 at 08:05

0

If you don't want your application to be in a position where it can be dumped from memory, all you have to do is not ship it. Sorry, but any DRM is merely an obfuscation mechanism to protect content at rest; eventually the CPU needs to know what code it should run. The code can always be extracted at that point.

answered Jul 08 '10 at 08:05

There is solutions. For example http://kaliap.com/. But those guys ask to pay for app protection. So I know that it's possible. Just seeking a solution. And i want to add basic protection to my apps, not obsolete. – Evgen Bodunov Jul 08 '10 at 08:10
3

@mOlind: I see evidence that they take money, but no evidence that they stop applications from being stolen. – Jul 08 '10 at 08:23
Totally, sounds like a complete rip-off. I am sure they will tell you that they don't say how they stop pirates because it's a secret and if hackers find out, it's game over. – Igor Zevaka Jul 08 '10 at 08:31

score 0 · Answer 4 · answered Jul 08 '10 at 14:46

0

I understand the urge to want to do this, but since its not possible to stop, or hardly slow it down forget it and move on. Make your app better, add features, make additional apps. All of those things will help you make more $ then you would save by worrying about piracy. Remember just because 100 people pirate your software does not mean that you lost 100 sales. You may have lost 0 sales as those people only ran your software because they could for free, and would have 0 interest in actually paying. The MPAA & RIAA have been making this mistake for years and unless you are prepared to sue all the pirates nothing you do here will help you make more $.

answered Jul 08 '10 at 14:46

jamone

17,253
17
63
98

Think the point is putting minimal precautions without creating a fully functional framework. Your work being stolen and accepting that puts your app in harms way of consumers thinking your app is not safe, whether it's conscious decision or not. Putting a simple validation script and checking a server at startup is minimal and will keep people from using your app. I would recommend not killing the app, but disabling key features so the user gets frustrated and purchases the real app. Autodesk figured this one out already. Taking your advice is like giving candy to a baby. – Nick Turner Mar 14 '13 at 15:53

score -1 · Answer 5 · answered Jul 08 '10 at 08:30

-1

Simple. You set the pleaseDoNotPirateThisAppPrettyPlease flag to 1 in your plist.

I'm sorry if I sound offensive but noob developers asking for an easy way to protect their apps from piracy threads shit me something chronic.

If you are a noob developer, concentrate on your app not sucking first, then worry about piracy. Your energy will be far better spent on releasing a polished app rather than worrying about a handful of people that run cracked versions.

FFS, iPhone is hands down the best platform for getting paid for your apps. Not many people run Cydia, worrying about those is simply ridiculous.

This is not the answer you are looking for and I you could perceive that I called you a noob who writes sucky apps, whatever, but it is the right way to go about it. Concentrate on improving experience for people that are paying and forget about those who will never pay.

answered Jul 08 '10 at 08:30

Igor Zevaka

74,528
26
112
128

Thanks for your comment. :) There is a lot ugly apps with nonzero price, agreed. Only thing i want to do - make cracking my app a bit more complicated. Just for fun for both sides. – Evgen Bodunov Jul 08 '10 at 08:38
This is not a helpful answer, Igor. If you don't have something useful to contribute, don't bother responding. – Tom Dec 27 '10 at 21:21
@Tom It may well be a wrong answer to the right question, but it is the right answer to the wrong question. – Igor Zevaka Dec 30 '10 at 03:46
@Igor you're just upset no one buys your apps. Nice troll answer with an insult though. I laughed for half a second. – Nick Turner Mar 14 '13 at 15:56

Protect iPhone app from hackers

5 Answers5