Welcome!

Welcome to the official BlackBerry Support Community Forums.

This is your resource to discuss support topics with your peers, and learn from each other.

inside custom component

BlackBerry® World™ Development

Reply
Developer
Posts: 343
Registered: ‎02-23-2009
My Device: 8700 | 8310 | BOLD | STORM

Dynamic License Web Server Request Spoofs!

It looks like the first wave of spoofing is happening.  I'm getting 3 times as many request as normal.  At first, I thought I hit the jack pot but reconciling with the reports from the Vendor portal for both downloads and purchases, it seems as though something/someone is making illegal request to my dynamic web server to obtain license keys.

 

The request looks as though it's coming from App World.  It  has all the parameters and they are coming from the same IP but that is easy to spoof.

 

Is anyone else noticing this problem?

Developer
Posts: 484
Registered: ‎07-17-2008
My Device: Not Specified

Re: Dynamic License Web Server Request Spoofs!

Developer
Posts: 343
Registered: ‎02-23-2009
My Device: 8700 | 8310 | BOLD | STORM

Re: Dynamic License Web Server Request Spoofs!

Thanks for the link.  However, I authored some of the posts in that topic -- this problem is slightly different.  I am not getting duplicate requests but I am getting a bunch of them from customers who already purchased the application months ago as the transaction id's are the same.

 

Yes, I know people get new phones and refresh the license keys but I never saw so many of these refresh requests before a week ago.  I think App World has a bug where it is refreshing the app list automatically without the user knowing.  This could be the only explanation.  It can be that all of a sudden everybody and their momma gets a new phone and/or refreshes their applications.

Developer
Posts: 122
Registered: ‎07-26-2008
My Device: 8320, 9500, 9700
My Carrier: Vodafone

Re: Dynamic License Web Server Request Spoofs!

I'm seeing particular users repeated every day, for instance I have had multiple requests for one user every day since Jan 24, same decimal PIN, same transaction id.  I'm also seeing lots of repeat transactions for old versions going all the way back to July 2010, all have the decimal PIN.  

 

I suspect the problem must be in various builds of the App World application on the device as I can't imagine why a problem like this could not be fixed in a few hours on a server (and yes I have developed enterprise-level server code).

 

The whole thing stinks of an outsourcing disaster with incompetent and complacent management to me.

 

Compare RIM's inability to run a basic App Store, produce quality OS builds or developer tools with the awesome progress being made month to month on Android, not to mention iOS and iTunes.  

 

It's just sad.

 

 

 

 

 

 

 

 

Developer
Posts: 498
Registered: ‎06-24-2008
My Device: Not Specified

Re: Dynamic License Web Server Request Spoofs!

"The whole thing stinks of an outsourcing disaster with incompetent and complacent management to me"

 

Sounds about the size of it.

 

Given that we get reports from Digital River my guess is much of the blame lies with DR.

 

The fact RIM tolerates such pathetic service is surprising. 

 

Perhaps it has something to do with the fact RIM's CIO is AT&T deadwood. Useless App World and anything else IT related, but I'll bet they have great Six Sigma. :smileywink:

 

 

 

Developer
Posts: 109
Registered: ‎12-04-2008
My Device: Playbook, Torch 9800, Storm 9530, Tour 9630
My Carrier: Telus

Re: Dynamic License Web Server Request Spoofs!

Hi All,

I noticed this exact behaviour beginning last week. Has anyone else noticed it recently?

Specifically: license requests to our Sudoku Pro app began pouring in mid-last week and, after a few days, when I checked Distimo, I was surprised that the sales didn't show up. A quick check of the Download and Purchase reports in the Vendor Portal revealed the same results: nada.

The quick conclusion I drew was that someone was spoofing the request so I immediately changed the server URL and the email text that the server sends to me when it generates a license and updated the URL in the vendor portal. I submitted the change (after being forced to add some sort of HUGE new logo image) and very shortly after began to receive the same sort of requests from the new server URL.

What's going on?

 

B

PlayBook Apps: Sudoku Pro
Smartphone Apps: Compass | MultiClock
Developer
Posts: 109
Registered: ‎12-04-2008
My Device: Playbook, Torch 9800, Storm 9530, Tour 9630
My Carrier: Telus

Re: Dynamic License Web Server Request Spoofs!

Is it just me? Is no one else seeing this?

B

PlayBook Apps: Sudoku Pro
Smartphone Apps: Compass | MultiClock