Are we banging our heads against a wall
Are we banging our heads against a wall
The Ovi Store team is not ignoring this issue but and official response is pending approval from legal the last I heard.
I know corporations sometimes (Always?) move way to slowly.
Not sure what good an official response does here... This hole which needs fixing otherwise publishers won't submit further paid content. The existing apps might already have been exposed for piracy.
With all the keygens and cracked versions and eager crackers and software pirates out there, everything is exposed anyway.
Not so easily.With all the keygens and cracked versions and eager crackers and software pirates out there, everything is exposed anyway.
Anyway we are not going to submit paid app until this issue is fixed at least.
Hi everyone, Eric here from the Ovi Store Team. Ovi Store was developed to be an open platform to encourage publishers to innovate, develop, distribute and monetize their media for supported Nokia devices. The Digital Rights Management (DRM) solution currently being used in Ovi Store is the widely adopted Open Mobile Alliance (OMA) Digital Rights Management (OMA DRM 1.0) specification which is designed to enable consumption of simple digital content. This allows content providers to define their own rules for distribution while preventing downloaded content from being illegally forwarded to other users.
Nokia is continuously engaging with Industry bodies such as the OMA, to enhance our digital rights management solutions. We are exploring additional solutions and will continue our dialogue with the community to provide systems that meet your needs while providing the best possible user experience.
We're investigating additional security measures beyond OMA DRM 1.0 while continuing to ensure a streamlined consumer purchase experience supporting both mobile and credit card billing and we will update the developer community regularly on our efforts.
In all cases, publishers should review the DRM capabilities of the devices they configure of distribution in Ovi Publish by going to the device profiles area at Forum Nokia.com http://www.forum.nokia.com/devices/matrix_all_1.html
Hi Eric and thank you for your reply, but the main question is still unanswered:
"How can we developer protect our software and avoid the FREE spreading of the software?"
Developers don't care about how much DRM is adopted, we just need to protect our software in an efficient way.
And currently, the only honest reply I can figure out to that question is:
sorry if it sounds rude, it's not my intention. I'm just disappointed due to this security flaw in the OviStore platform.
Last edited by ilsocio; 2009-06-06 at 16:17.
Marco has demonstrated that the current system (whatever its name and fame) used by Ovi Store does NOT "prevent downloaded content from being illegally forwarded to other users", contrary to what Eric says.
I would very much like to be wrong, but my conclusion is that developers should only use Ovi Store to distribute free demo versions of their applications. This looks like a big step BACKWARDS from the old Nokia Software Market, and a big disappointment.
Thanks for your response but your response is very disappointing to all publishers.
Problem is that the basic question is not yet answered. Publishers doesn't care which security strategy Ovi team chooses (OMA DRM or dynamic registration or any other), rather we care how our application is protected.
Infect my own protection mechanism (based on IMEI) is much stronger than this but that is not allowed on Ovi store becuse you do not accept trial only version and need fully unlocked application ( and fails to protect that)
As Kylom said this is really a big step backward.
Hope you will come up will come up with a solution instead of justifying the approach. This is a security hole and must be fixed.
All, We hear you and your feedback is greatly appreciated! We'll be in touch in the coming days. Best - Eric
The Symbian application developers have had a set of security measures, which have not always prevented cracking and piracy, but at least has made piracy laborious and has made pirates to sign the package for every individual phone prior install. The idea in this is not absolute security, but certain level of inconvenience, if the application is ever cracked.
Now with Ovi Store REQUIRING us to ditch our security measures and to expose plain .sisx packages... No signing needed just download from warez site and install to any phone. Not very inconvenient for the "end user". And no cracking needed.
I really appreciate the attention I'm receiving for my free application in Ovi Store, but as what comes for paid content, I would be very nervous submitting to Ovi.
Could you please provide some ballpark figure for timeline to solve the security hole. We can not submit paid application in the current environment and need to plan things accordingly.All, We hear you and your feedback is greatly appreciated! We'll be in touch in the coming days. Best - Eric
Please note that I've removed the three posts containing the detailed instructions on how the Ovi Store security can be compromised. The posts can be easily restored but I don't see the need for that, the discussion can continue without them being exposed to any random visitor.
If you are not yet a DVLUP member it is time to correct that mistake :) Click here to join: http://www.dvlup.com/lucian/Invite
I don't think hackers need "telling". Meaning no disrespect to the original poster, it had hardly taken him a work of hacking genius to bypass what ltomuta laughingly describes as "security".
The point the original poster made (very effectively) is that there is no security. Once applications are bought, they are freely distributable.
I think developers publishing their hard work to Ovi might have some kind of right to know what security measures Nokia have in place to protect their intellectual property, and exactly how easily "Ovi Store security" can be bypassed. (About five minutes of effort for anyone with a rudimentary understanding of HTTP.)