Monday, May 4, 2009

Apple needs to play cat and mouse with pirates, not jailbreakers

Apple spends considerable engineering resources attempting to defeat jailbreakers, but historically, we have always been able to defeat anything they throw at us. In trying to defeat jailbreakers, Apple is fighting against a body of skilled volunteers who feel morally, ethically and legally justifiable in defeating such efforts, and would go so far as to feel a moral and ethical obligation to continue to do so. It's not only fun to try to work around such puzzles, but basic ethical common sense tells us that it is only right to be able to do whatever we want to devices we purchased as long as we're not hurting anyone else.

None of the people who work to defeat Apple's jailbreaking protections believe that pirating App Store applications is EVER justified. Nor do they believe that Apple should have a support burden for modified devices.

Yet Apple and many developers continue to equate jailbreaking with piracy, which is both unjust and unproductive toward their own interests. Piracy doesn't require jailbreaking. The one modification that jailbreaking makes to the iPhone, to allow applications to run unsigned code, is unnecessary for piracy because pirated apps are already signed!

Third-party app stores have successfully deployed copy protection for the applications they carry. These app stores run on jailbroken iPhones and their DRM remains uncracked. In contrast, official App Store applications carry no significant DRM. They are encrypted, but the encryption can be side-stepped with a method that has worked, and continues to work, completely unmodified, since day 1 of the App Store.

Whereas several new hurdles have cropped up against jailbreakers during this time, Apple has developed none for pirates. Developers concerned with piracy need to ask Apple why they have not spent any time protecting them against piracy, instead, focusing on playing cat and mouse games with skilled and motivated jailbreakers. A cat and mouse game that would not guarantee developers protection even if Apple succeeded.

A similar cat and mouse game with pirates is likely to be much easier for Apple to win. Instead of  fighting against people with the most knowledge and the most motivation, Apple would instead be contending against a group of people who are accustomed to using automated scripts (*cough* script kiddies *cough*), and for more complicated jobs using gdb (a debugger). Lord knows what they would do if Apple, say, disabled debugger attachment for encrypted applications, or obfuscated MobileInstallation, or put protections into the kernel. After all, you can't use gdb to attach to the iPhone kernel, can you?

Please, Apple. These suggestions are free. The first one, honestly, is TRIVIAL. Please for goodness' sake, use one of them! You've had a year to do SOMETHING. ANYTHING. I would have made my own anti-piracy patches, but building in DRM by machine language patching an operating system kernel is not fun, and it'd take me twenty times as long to make the same change as you.

Developers: Don't hate on jailbreaking because you think it "enables" App Store piracy. App Store piracy simply wouldn't exist if Apple actually did anything about it instead of being too busy losing games with jailbreakers instead.


Joshua said...

Great post! Really wish that Apple would listen to this and apply some of the more basic protections

Gareth said...

True so very true, hope someone at Apple reads this, more so does something once read.

cmoski said...

I do understand where you are coming from, but I'm not entirely convinced Apple should spend it's time on pirates more then jailbreakers.

There is a culture epically prevalent on PC platforms of enhanced security mechanisms to protect software. This type of obfuscation could come of hardware or software means, from a dongle to a virtual machine envrioment made for code obfuscation.

The point is, no matter how advanced software or hardware protections one puts into a product, one will always fall short and someone will always break it open. It's true for the iPhone, it's true for any given protection system developed on the Mac or PC.

Disabling debugger attachments for encrypted apps would be a start, but it only narrows the pool of applicants to 'crack' that application smaller and smaller. The best illustration of this is the PC Game cracking scene, where they are put up against some of the most advanced CD Rom protections such as Securom and Safe disc (both of which uses the VM technique mentioned earlier) and application crackers who write fake drivers which fake dongles being present in FlexLM type authentication schemes (or any other number of schemes out there). They have the skills, and those skills are far beyond your average script kiddy.

I agree in principal, however I'd take it a step further and say that reasonable protections should be applied to both cases, but once it's cracked it is time to be safe in the knowledge that you've prevented the 14 year old with the downloaded 'l33t toolz' from cracking your application, and the casual pirate from stealing it, too.

George Hotz said...

Haha, imagine we were evil...

Confucious said...

Good post - all we need now is for Apple to actually listen!

Sam B. said...

Great post. Couldn't have said it better myself.

Mr. Haklab said...

Well said.. This is Mr. Haklab and I'm the one doing the cat and mouse game instead of Apple but I think we developers will win.

<--insert shameless plug>

Check out my anti-apple piracy site at Haklab. I helped prevent lot of piracy.

And now.. presenting my other anti-piracy site:
Appulous (.org), and Hackulous.
<--/end shameless plug>

Mario Ciabarra said...
This comment has been removed by the author.
Mario said...

Well spoken. While I understand the not hurting anyone else comment, I also think it's more important to mention the many legal rights US citizens have to enable 3rd party application support and distribution outside of Apple (sorry non-US users - I'm sure you have rights too :).

But more to your point, as a developer of independent software, we have modified our licensing schemes a number of times to help prevent (we currently have 10's of thousands of pirators at this very moment). It's almost unbelievable, given Apple's vast resources and "dedication" to its developers, to not have a stronger DRM position. And with all of their work in 3.0 - wouldn't a large firmware upgrade and required iTunes update be the proper time to do so?

I guess it all boils down to who Apple's listening to - perhaps if AT&T or Trent Reznor spoke out, the problem would be solved in a day or two.

David said...

@Mario I liked the Trent Reznor comment. Rather fitting seeing the issues with NIN ACCESS seemed to have gotten resolved quickly.

apere006 said...

I think apple is more interested in stopping unlocks then pirates. Wasn't there a rumor that apple has to pay att back for every customer that leaves?

nintendude794 said...

Very good point. Excellent post