Apple's Mac App Store Already Being Plundered
Angry Birds namechecked as a popular pirated title.
Just hours after Apple's Mac App Store went live yesterday, hackers had discovered a way of easily pirating software from it.
Savvy computer users have discovered that if the receipt and info.plist data is copied from the resource documents of a free application and pasted into the package contents of a paid app (either from an already-purchased copy or via alternative sources, such as a trial version from the developer's website), one can get around having to pay for some software.
Apparently this circumvention is made possible by developers failing to perform any validation checks with Mac App Store receipts. Developer Sean Christmann has explained that he has managed to run a copy of a paid app on his system after it was originally purchased by a friend. "This is a massive failure in the implementation of Apples receipt system," he writes.
"Apple's current documentation on how to validate receipts is fairly complex, but the sample code and Apple own instructions ask developers to validate against data that is entirely external to the binary itself," Christmann notes. "Worse yet, it instructs developers to validate against plain text data easily editable with any text editor."
Meanwhile, a team has claimed (via MCV) it has cracked the Mac App Store but is declining to reveal details on its work until the service has been established, in order for Apple and developers to concentrate on a fix. Although it's not certain whether the workaround this group has discovered is in fact the same as the aforementioned copy-paste job.
Savvy computer users have discovered that if the receipt and info.plist data is copied from the resource documents of a free application and pasted into the package contents of a paid app (either from an already-purchased copy or via alternative sources, such as a trial version from the developer's website), one can get around having to pay for some software.
Apparently this circumvention is made possible by developers failing to perform any validation checks with Mac App Store receipts. Developer Sean Christmann has explained that he has managed to run a copy of a paid app on his system after it was originally purchased by a friend. "This is a massive failure in the implementation of Apples receipt system," he writes.
"Apple's current documentation on how to validate receipts is fairly complex, but the sample code and Apple own instructions ask developers to validate against data that is entirely external to the binary itself," Christmann notes. "Worse yet, it instructs developers to validate against plain text data easily editable with any text editor."
Meanwhile, a team has claimed (via MCV) it has cracked the Mac App Store but is declining to reveal details on its work until the service has been established, in order for Apple and developers to concentrate on a fix. Although it's not certain whether the workaround this group has discovered is in fact the same as the aforementioned copy-paste job.
Companies:
Apple
Read More Like This