01-04-2010 07:13 PM - edited 01-04-2010 07:14 PM
I hope everyone uses the Dynamic Licensing model to protect their applications. I just released an app to my main 3, AppWorld, MobiHand, and Handango. I have a feature where the application can validate itself over the Internet by going to my website and checking to see if the PIN is in my database from an HTTP Post from a purchase. I log this action and 1 full day after I deployed the app, I got two devices trying to do this validation and they did NOT make a purchase.
So somehow someone is getting the files for our games and if you do not have Dynamic Licensing, they will probably be distributed for $Free...
I'm thinking someone is getting them from MobiHand (I always questioned MobiHand's test functionality which gives a direct link to your app--anyone can figure this out) or Handango because it's not even approved yet on AppWorld since this happened only 1 day after I submitted it.
01-05-2010 11:23 PM
Here is a site with thousands of free apps. People pay for an ap and then upload it there. In return they can download apps that other users have downloaded.
I browse the forums quite often to see if my apps are up there. It sucks but I guess it's a way of life when you're a developer.
01-06-2010 02:26 AM
I guess you are right..you can't do much about piracy. It's ashame, though... I do have their PIN and their email addresses. I guess I'm a better person since I won't create a website and list this info.
01-12-2010 03:17 AM
So I went and registered with the site, downloaded the Berryable decryption system and read the manual. So here is how I think it works and ways to avoid it.
They attach a debugger to the running simulator and do a string search from the dump. Of course we would do the string comparision for the keys to match - and the actual key would appear in the dump.
There are some ways I can think of to avoid this:
1. Do not use alpha-numeric keys. Use numeric keys, parse the entered key into int and then do the integer comparision with actual key.
2. If the device is a simulator - assume it is registered. This way, there would be no check for keys. Do not show the enter key screen or menu items.
01-12-2010 09:54 AM
..Wow...so they are actually providing keys too? Do you think they are only capturing this via the simulator? If so, then everyone can just prevent their program from running in the simulator before for the final release. I never thought about doing this but I don't see a need for my applications to run in a simulator.
01-12-2010 10:36 AM
We used to have apps that did not run on simulators.
However, it caused unnecessary delays in approval process on appworld so we have discountinued the process. :-)
01-12-2010 10:57 AM
Yeah, but RIM never asked me or tried to make an HTTP post to get a dynamic license so they can actually run the app in my previous submissions so maybe after the license check, we can make our application stop functioning if it is running in a simulator.
So we can show a few screens of the application (so it can get approved by AppWorld) and then once you try to get to the heart of the application, ask for the license key, and after the valid key check, check to see if it's running in the simulator. How does this approach sound?
01-12-2010 07:01 PM
Just an update - I sent a DMCA takedown letter to bbsgame.mobi's ISP, and the postings for my app were removed within one day. I know it will probably show up at some point, but at least their ISP got the message that their client was involved in this.
01-12-2010 07:10 PM
Thats good news, sreid55!!
Just wondering...did you implement dynamic licensing? Trying to see how much trouble that site will go through in order to get a free mobile app.