×

Discussion Board

Results 1 to 11 of 11
  1. #1
    Regular Contributor
    Join Date
    Apr 2012
    Location
    malaysia
    Posts
    262

    Angry Pirated apps every in forum

    Just a week ago my app update passed qa and is published in nokia store but few days later i found my latest updated app everywhere in forum.Somehow some guy manage to extract the sis file from nokia store even when i already applied OMA DRM 1.0 .So who is to blame,nokia or the pirate.Why there are no mechanism in nokia store to prevent piracy.What is the point to tick OMA DRM 1.0 when someone can just pirate it in a just a matter of days.This is REALLY REALLY make me fuming.

  2. #2
    Super Contributor
    Join Date
    Mar 2003
    Location
    Finland
    Posts
    9,563

    Re: Pirated apps every in forum

    OMA DRM v1.0 is/was never intended for application/game copy protection (piracy prevention) purposes. Its original purpose was to be a relatively simple content licensing mechanism for very cheap stuff like ringtones and wallpapers and not much more than that.

    OMA DRM v2.0 is somewhat better, but like most any DRM technology, it is also breakable, and has been broken or circumvented. And these days, I would not expect Nokia to invest in making the Nokia Store content or old platforms like Series 40 any more secure than they are now; Nokia's focus and investments go to other things than Nokia Store content protection, I'm afraid.

    Best you can do is to live with this fact, or add in-app purchase features or ad support to free apps.

  3. #3
    Regular Contributor
    Join Date
    Apr 2012
    Location
    malaysia
    Posts
    262

    Re: Pirated apps every in forum

    I know.Now all nokia investment just go to microsoft.I wonder if microsoft already bought or own nokia and just keep silent.Why nokia keep investing in something that they didn't even own or have a say in first place.Nokia now only seem to be only device oem and navigation applications developer.Don't forget nokia still take 30% of total revenue
    so they still have obligation to do something.

  4. #4
    Nokia Developer Champion
    Join Date
    Mar 2013
    Posts
    686

    Re: Pirated apps every in forum

    Piracy is not anything new and its available on any digital content there is (apps, music, movies etc) also for every app store.
    Not Nokia nor you can fight it and fully stop it, you have 2 options the way i see it.
    1. track down every site that uploaded your pirated app and send them a DMCA request to remove it (most will comply if not the site that links to it then the site that host the actual file)
    2. think of a way to change your app so you can offer premium content in it for In-App purchase in it or a way to track who is a pirated user and who isnt and disable their features.

  5. #5
    Regular Contributor
    Join Date
    Apr 2012
    Location
    malaysia
    Posts
    262

    Re: Pirated apps every in forum

    There are at least a dozen(s) site not to mention some that still not discovered.DMCA only cover that particular link only so have to search all the forum and report it one by one.Also not all apps are suitable for iap for or using Ads.Bold beast recorder app have the greatest encryption of all app i know,just never their secret though i read they use some kind of encryption to deliver and activate the license.Currently gonna focus on how to make the app secure than think about update later.

  6. #6
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,697

    Re: Pirated apps every in forum

    I checked what it is, and I do not see the magic.
    First hit I checked: http://www.nokia-call-recorder.com/ talks about downloading a 7-day trial, and purchasing registration then. Based on that, I would say it is using IAP.
    Second hit I checked: http://store.ovi.com/content/257644 says it is free and uses IAP. Based on that, I would say it is using IAP.
    Should I check others?
    Actually I tend to remember that we discussed the very same thing 2 weeks ago in http://www.developer.nokia.com/Commu...ses-on-symbian, though that discussion started from discovering some possible bug or mis-use of IAP.

  7. #7
    Regular Contributor
    Join Date
    Apr 2012
    Location
    malaysia
    Posts
    262

    Re: Pirated apps every in forum

    Actually I tend to remember that we discussed the very same thing 2 weeks ago in http://www.developer.nokia.com/Commu...ses-on-symbian, though that discussion started from discovering some possible bug or mis-use of IAP.
    That topic is about how to protect qml files only not whole app.I manage to find this wiki but there is little explanation.I already manage to build the library into qt symbian sdk but the code,am i suppose to implement it on c++ ?.The original editor should provide a demo project.Now i'm stuck at how to implement it.


    I checked what it is, and I do not see the magic.
    First hit I checked: http://www.nokia-call-recorder.com/ talks about downloading a 7-day trial, and purchasing registration then. Based on that, I would say it is using IAP.
    Second hit I checked: http://store.ovi.com/content/257644 says it is free and uses IAP. Based on that, I would say it is using IAP.
    Should I check others?
    What i remember that is before IAP.Before IAP it use registration code like ramblow.But it is the way the license is delivered that i read is heavily encrypted.No hacker can manage to create a keygen for that app.


    Can anyone give another alternative way idea to protect the application ?

    I guess i'll just give drm2 a shot
    Last edited by babylongreece; 2013-05-16 at 15:28.

  8. #8
    Nokia Developer Moderator
    Join Date
    Feb 2006
    Location
    Oslo, Norway
    Posts
    28,697

    Re: Pirated apps every in forum

    Quote Originally Posted by babylongreece View Post
    What i remember that is before IAP.Before IAP it use registration code like ramblow.But it is the way the license is delivered that i read is heavily encrypted.No hacker can manage to create a keygen for that app.
    Yes, that could be a use case for OMA DRM 2.0.
    I guess i'll just give drm2 a shot
    Note that they probably switched to IAP because it is simpler to use. http://www.developer.nokia.com/Community/Wiki/OMA_DRM contains a simple image for explanation, as you can see it requires a licensing service operated by you. IAP works in a similar way, just the licensing service is operated by Nokia.

    Side note: Ashraf's method is about detecting if someone repacked the application (e.g. modified it in some way, like removed/altered your name, copyright notice, etc.). It does not protect against getting the original installation package in an illegitimate way. DRM and IAP addresses this later issue, as the original package can be free anyway, and unlocking the full functionality is done via IAP/DRM.

  9. #9
    Registered User
    Join Date
    May 2008
    Location
    Surat Thani
    Posts
    260

    Re: Pirated apps every in forum

    Quote Originally Posted by babylongreece View Post
    Just a week ago my app update passed qa and is published in nokia store but few days later i found my latest updated app everywhere in forum.Somehow some guy manage to extract the sis file from nokia store even when i already applied OMA DRM 1.0 .So who is to blame,nokia or the pirate.Why there are no mechanism in nokia store to prevent piracy.What is the point to tick OMA DRM 1.0 when someone can just pirate it in a just a matter of days.This is REALLY REALLY make me fuming.
    Worrying too much about piracy doesn't do any good - there's no way to prevent it, if the platform allows users to easily install apps outside the official store. When installs from other sources are possible, any protections you add can and will be removed if the application is interesting enough. Better concentrate all effort on app development, instead of thinking about (ineffective) protections, or writing DMCA requests

    You will surely lose some sales due to downloads from the forums, but I would guess that most of the people who use a pirated version of a 1 or 2 euro app (that can be paid in a few seconds via phone bill, and you get automatic application version updates after paying) probably wouldn't be wouldn't have paid for it even if there's no pirated version available. Also, the other side is that some potential users, who wouldn't have known about your application otherwise, might discover the app in the forums and actually end up paying for it.
    Last edited by TongMuan; 2013-05-18 at 07:50.

  10. #10
    Regular Contributor
    Join Date
    Apr 2012
    Location
    malaysia
    Posts
    262

    Re: Pirated apps every in forum

    Tongmuan,do you mean OMA DRM 2 won't protect our apps.I do have a doubt how it can protect our apps since it works by encrypt the app data in the phone but since those that install unsigned apps usually use hacked phone,the hacker can still extract the content and repack it.Encryption could be not useful at all since the phone security have been disable when the phone is hacked.Still it is better to have protection then none.From what i see Ashraf's method is still more effective since it is about detecting app sis data and most hacker like to modify the app name with "retail by".Just it is implemented in symbian c++ so kind of hard.

    You will surely lose some sales due to downloads from the forums, but I would guess that most of the people who use a pirated version of a 1 or 2 euro app (that can be paid in a few seconds via phone bill, and you get automatic application version updates after paying) probably wouldn't be wouldn't have paid for it even if there's no pirated version available. Also, the other side is that some potential users, who wouldn't have known about your application otherwise, might discover the app in the forums and actually end up paying for it.
    Some users specifically search for pirated apps based on google search result keyword "xxxx mobile9","xxxx unsigned".

    Side note: Ashraf's method is about detecting if someone repacked the application (e.g. modified it in some way, like removed/altered your name, copyright notice, etc.). It does not protect against getting the original installation package in an illegitimate way. DRM and IAP addresses this later issue, as the original package can be free anyway, and unlocking the full functionality is done via IAP/DRM.
    temp1.png

  11. #11
    Registered User
    Join Date
    May 2008
    Location
    Surat Thani
    Posts
    260

    Re: Pirated apps every in forum

    Quote Originally Posted by babylongreece View Post
    Tongmuan,do you mean OMA DRM 2 won't protect our apps.I do have a doubt how it can protect our apps since it works by encrypt the app data in the phone but since those that install unsigned apps usually use hacked phone,the hacker can still extract the content and repack it.Encryption could be not useful at all since the phone security have been disable when the phone is hacked.Still it is better to have protection then none.
    OMA DRM 2 is not really an option (at least in my case), because it's only supported for Symbian 3 phones. But if you're fine with that, it probably works in preventing unauthorized use of the original signed SIS files ripped from Nokia Store. However, if the SIS contents can be modified, with enough effort any protection can be broken - of course, in that case, the modified app can only be installed to a device if the user has a devcert for it or the device has been hacked.

    Haven't really looked into how OMA DRM 2 works before, but checked out the following document:
    https://projects.developer.nokia.com...QuickStart.pdf

    It seems that when using OMA DRM 2, some of the application's resources are stored encrypted, and the device receives the decryption key for them during app purchase. Without going too much into details, it looks like a bad guy who purchased the app could easily take the encrypted resources from the app's private folder, decrypt them, wrap them with a new DRM wrapper without encryption and repack the app with the unencrypted resource files instead of the original ones.


    Quote Originally Posted by babylongreece View Post
    From what i see Ashraf's method is still more effective since it is about detecting app sis data and most hacker like to modify the app name with "retail by".Just it is implemented in symbian c++ so kind of hard.
    I don't really see the point in Ahsraf's method. If someone is going to repack the app in a new SIS file, they can also just remove any such protections from the application binary. Of course this requires a bit more than just editing the app resource files using a resource editor, but I bet there are more than enough people out there who can do this.

    The Nokia Developer wiki page describing this protection tells which API calls to look for in the disassembly...

    Quote Originally Posted by babylongreece View Post
    Some users specifically search for pirated apps based on google search result keyword "xxxx mobile9","xxxx unsigned".
    Yepp, those are the people, who probably wouldn't pay for an application anyway

Similar Threads

  1. (Nokia Smart Installer For Symbian) Sub Forum is missing in Qt Forum
    By rahulvala in forum Feedback on Forum Nokia's Renewal 2010
    Replies: 1
    Last Post: 2010-11-11, 13:38
  2. Replies: 0
    Last Post: 2008-02-12, 05:58

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
×