11-29-2011 05:15 PM
I noticed a user from a different country post the cod file of an app they purchased on App World on their website for illegal distribution along with the license key they used to activate the app. What steps does a developer take to get the site owner to remove the file and also to prevent this from happening? I've heard someone mention that you can send the offending user a "cease and desist" letter, but what happens if that user is another country that speaks another language?
Does RIM's legal department do anything for developers in this type of situation or is the developer on their own?
12-01-2011 08:28 PM
You can try contacting the owner of the server with a cease and desist letter too. Some web hosters do not allow piracy.
Other than that, take it as a compliment . Piracy sucks, but it may not be worth being concerned about if the website is small.
12-01-2011 10:16 PM
If it's a public site like a forum, you send them a Digital Millenium Copyright form. Google "DMCA". If it's a reputable site, they will remove it.
Then you file a similar complaint with Google and get the infringing pages removed from the index. Google is very good about this.
I managed to have an entire pirate site with thousands of apps taken down from wordpress, plus all of the pages removed from Google's index. Cool!
If you are cancerned about piracy... you should be using "dynamic licensing". This way each key is tied to a single device. Generic keys are not safe.
The way they crack dynamic licensing is they load your app into a simulator and install a bogus key. THen they use WinHex to scan the PC's memory and look for that bogus key. In the memory near there, there will be a copy of the real key used for comparison. So they copy it from there.
Best ways to prevent this are:
1) harder: make sure your key comparison algorithm does not work with strings. Break the key down to components and do non-string tests on it. i.e. prevent the valid comparison key from appearing in a string at any point in your app.
2) easier: in your app, test to see if it is running on a simulator and do not perform a license check on the simulator. i.e. do not even calculate the key. That way it can not be found in memory. You can either allow or not allow the app to run on a simulator. It doesn't matter. Just don't calculate the valid key...
3) easiest: imagine how many pirates are potential customers. If the answer is anywhere close to zero, then forget the whole thing and stay with easy licensing.
Creating a pirate proof licensing model is a lot of work. Ask yourself: Is it really worth it?