Home   >   News

Will in-app purchases actually increase iPhone piracy?

Dominique Bongard thinks so
Will in-app purchases actually increase iPhone piracy?

When Apple announced its new free-plus-paid business model, it included a line into the press release about piracy.

"Using In App Purchase in your app can also help combat some of the problems of software piracy by allowing you to verify In App Purchases," it stated.

Hardly a rock solid guarantee is it? 'Help combat some of the problems...'

Indeed, according to iPhone developer Dominique Bongard, who in a previous life worked in anti-piracy protection for pay-TV operators, Apple hasn't changed its security protection for normal paid apps, while enabling free-plus-paid apps might make the situation worse.

The arguments are technical but revolve around how the in-app purchase API works.

Bongard says that because there are no cryptographic challenges or verification steps when it comes to telling the app that there's been a successful in-app transaction, crackers could probably just return a 'fake successful' transaction to the app.

In this way, any jail-broken iPhone could unlock all the paid content from such free apps.

More worryingly, he speculates whether it would be possible to redistribute legitimate transaction logs with cracked applications as there doesn't appear to be a way of locking down in-app purchases to specific devices.

He even thinks it could be technically possible to activate in-app purchases on non-jailbroken devices by manipulating backups.

However, the main underlying issue he points to as being of concern, from a piracy point of view, is the general inexperience of iPhone developers.

"From what I have seen in the API, setting up in-app purchases is pretty complex. Therefore, it is hard for me to expect that most developers will make implementations that are secure. Keep in mind that many iPhone developers can barely put an app together," he explains.

Of course, this isn't helped by the fact that Apple doesn't offer any official methods to detect pirated applications on the iPhone or to securely verify transactions directly in the application.

You can read the full blog post - In-app purchase and the state of iPhone piracy - here.