249

Glitch spotted in Windows Phone Store, allows installation of Nokia exclusive apps on all phones [Updated]

Nokia Collection

At last count, Nokia had well over 50 exclusive apps or games in its Collection, giving Lumia owners a slight edge in features.

But that advantage may be no more, at least temporarily. According to Chinese site WPDang, there is a freshly spotted glitch in Windows Phone Store that could enable everyone to download exclusive apps from the Nokia Collection.

Yes. The picture above shows Nokia Glam Me being installed in a Huawei Ascend W1. Not photoshopped.

Basically, the server glitch is exploited like this:

  1. Someone sets up a proxy server which disguises itself as a Lumia phone.
  2. Users anywhere connect to the Windows Phone Store through said proxy, effectively disguising themselves as Lumia phones too.
  3. Users perform search via the proxy in the Store, searching for Nokia-exclusive apps by name. Normally a device model/brand check would be performed by the Store server, and refuse to offer any result upon finding model/brand mismatch. But since now those users are cloaked, the server will spill app descriptions and download links without a fuss.
  4. However, the proxy server is not able to pass file download streams to each user request, therefore non-Nokia users who just managed to get app download links are not able to really buy or download stuff.
  5. This is where the server glitch actually exists: in common sense of this universe, the Store should perform a model/brand check upon each search AND download request, to make sure what's supposed to be exclusive will stay exclusive, no matter how hard people try. However in Microsoft's case, download requests are NOT FILTERED AT ALL.
  6. Therefore if a user switches into WiFi setting, turn the proxy off, then switch back to the app description page and click the download button, he/she just gets the app. Microsoft is assume that if this button is displayed on your screen at all, your device must be well qualified, what could possibly go wrong? Just go ahead and make yourself comfortable.
  7. End of story: Nokia-exclusive apps ending up on non-Nokia phones.

Yes I agree with many of you in the comment thread, this is technically not a glitch. But no, I won't call it a hack, which emphasizes efforts on the client end. I'd say this is more a server-end problem, a design flaw, a loophole, and a rather naive one. It's like protecting confidential files in your computer by putting them into a hidden folder, instead of having them properly encrypted.

Unlike some are concerned about, I don't think this problem will cause Lumia phones to devalue for losing the advantage of exclusive apps. Because: 1) the loophole seems rather easy to patch up; 2) even if one manages to load a Nokia app to a HTC or Samsung phone, quite likely it just won't work, because most of these OEM-specific apps utilize special drivers, APIs, or even hardware modules to run.

And there's another effect of this loophole. If a user on a low end Lumia (like 520 or 720) connects to the Windows Phone Store through a proxy disguised as a top notch Lumia (920 or 925), he/she easily gains access to all apps that are originally hidden to them for not meeting RAM size requirement. That means being able to try out some of the most impressive apps and games on Windows Phone with merely an entry-level device. But again, there's no promising that blockbuster apps installed through this trick will actually run smoothly on low end phone, if they run at all. Microsoft decided to hide them for a good reason: those functions, features and graphic charms just do need more horsepower and RAM size to come into full life. Trying to force them onto weaker devices might result in hellish user experience, or even crash phones.

Update:

  1. Yes I saw the outcry in the comment field. Personally I don't think it's piracy, because all it does is to let the minority of the Windows Phone ecosystem get access to some free apps freely, in a more often than not very buggy way. Nothing is stolen, just a cluster of people having a bit geeky fun in endless trial and error. But thanks for the reminder, guys. I'm all ears.
  2. Still, after thinking better of it, I've basically rewritten this post. The tutorial for exploit is no longer there. Instead, I've decided to explain how exactly it works, and why Microsoft is to blame in this matter.
  3. If any of you still wants to try the trick out, click into the source link and puzzle the Chinese stuff out.
  4. I'm a proud Lumia 920 owner like many of you guys. But I'm kind of in support of this exploit. So often I want to show my wife how awesome Nokia's exclusive apps are, and why it's wise to ditch her HTC 8X for a 920 or the EOS, despite the bulky form factor. Nothing says the endorsement better than getting a few of Nokia's killer apps onto her own phone, and make her grown dependent on them.
  5. I'd suggest Nokia release a stripped down version for all of its key apps (panorama, music, Glam Me, etc) to all Windows Phones, like a free trial. Except that these trial apps won't remind users to buy the full function, but rather ask them to consider buying a Lumia. That would be very powerful advertising. Just pack all those apps into one, and name it "THE Lumia Experience" or something like that. Windows Phone makers differentiate themselves in apps and services instead of user interfaces, so let the apps and services do the talking. 

 

Source: WPDang, Sina Weibo

7
loading...
0
loading...
0
loading...
0
loading...

Reader comments

Glitch spotted in Windows Phone Store, allows installation of Nokia exclusive apps on all phones [Updated]

249 Comments

Wow sounds like a huge security risk, passing all of your traffic through some random proxy. Do not do this, even if you switch it back.

Exactly what I thought Tim, not advisable to connect to random proxy even if tempted by Nokia apps. I wonder how many peoples private data will be compromised by doing this.
 

And why are you advertising it?.. If there is a glitch then inform nokia or MS. Whya re you publishing it here so that other can install it ?... this is not a site for taking advantage of loop holes.. Am disappointed with this article

OS updates are inherent to the OS!  These are apps, that Nokia has paid for and subsidized for Nokia Lumia users - in other words, these apps are not inherent to HTC/Samsung, etc,. users.

Actually you're still breaking the rules because when you force an OS update, you're breaking the rules you agree to follow by using a carrier's network. Would you also not want them to talk about leaks and info that they get from 'reliable' sources because MS and other companies have NDAs? You have to take into account all of the types of news you get from sites like this. Not to mention other sites have this same info; WPCentral would miss out on revenue if people just go elsewhere and read it.

For the record, I'm not condoning either method; just trying to point out that Nokia did not intend for HTC and other oems to have access to Nokia apps/exclusive apps (at least until NOKIA says so).

Michael75 - True words, and spot on. 
 
I cannot believe this article is posted here - where's your integrity, Chassit?

I too would put this in the category of (light) piracy. People are getting apps for free that they would have/should have otherwise paid for. Disappointed.

Not all the nokia apps are free. I  also always thought you needed the Nokia drivers to run some of these programs.

They care more about advertising revenue from the extra traffic, than the fact that they are helping people steal from Nokia. Sure, you could argue that it's already being reported by other news sites, so the cat's out of the bag. But, integrity. It's not the first time, though, and probably won't be the last. Just remember guys, when someone finds a "glitch" to steal the paid version of your WPCentral app, I fully expect to see that proudly displayed on your front page.

I mean our app has been pirated in the past, and I sent take down notices to the sites hosting the content. As is the appropriate legal response, most of the sites complied. Chassit posting this information does not constitute piracy as the apps still require purchasing where appropriate.

Fully agreed, i was expecting just an informative article when i saw this on twitter. But a step-by-step how to? That could've surely been left out. I wonder how Dan would explain this.

Agreed, especially with the security risk of connecting through a proxy we have no info about. Many people trying this won't realise the risks.

You can most likely download the apps, but once installed some of them will error on loading saying 'Not compatible with this phone' or an error to that effect.
 
It's a nice way to take that smile off your face after thinking you're '0mg, s0 l33t'.

lets see when the update is rolling out. still waiting for nfc payment and data sense as confirmed wp8 features to arrive at uk

Nope. But side-load the TimeMe app. Works and looks just like the one on HTC. You can download from store, but that'll update only every 30 mins due to os limitation.

So WPCentral is now publishing articles on how to get round copy protection on Windows Phones.  How about taking it one step further and post links to the sites that have the cracked xaps on?  After all it not like us devs spend any time and effort writing the software in the first place.  Perhaps you could also start up a side line in illegal warez.  Call it WPBay perhaps?

Oh please stop, just stop it. You may be able to download these, but like a previous poster said they won't open up.

There are apps that Nokia users get for free or discounted. If you use this workaround to get them, then its theft/piracy, plain and simple. The fact that a dev comes on here and complains about it, and then for a week straight we will see comments and articles about "wah, why won't WhatsApp devs update? Why won't app X developers make a WP version?" is fucking hilarious.

Treat the devs like shit, then get pissed off when they don't support the platform. Fucking genius.

Sorry, my cat won that award this morning for his "OhMyGawd..I can see the bottom of the food dish!" performance.

You should also not read any rumors/speculation and info from inside sources since there are NDAs in place for it. Also, don't update your OS aside from official updates from your carrier and at the time its rolled out to you.

Its KINDA worked ...
After I started the download ( with a big happy smiley face ) I got stuck on installation, it takes me back to the start with "authentication required" note.

I own a Lumia and I am not bothered by this loophole. Good luck running those Lumia exclusive apps on a non-Lumia device. ;-)

This doesn't work, it gets downloaded and then when about to install it says attention required tap here.
 
EDIT: It works, but you have to download one by one.

Really?  Why are so angry to spout STFU to someone who doesn't agree that this method or practice is illegal?

STFU.
You have no right to ask about STFU to whom said STFU to you. In this situation, you can only reply GOAN.
 Then you wait for the "GOAN what?". And then, and only then you can enjoy a trully intelligent reply:
"GOAN and FU"
My job is done.

This isn't a glitch, it's a hack. Someone has set up a proxy to spoof being a Nokia phone. That's intentional, so not a glitch. Title should reflect the truth.

Definitely not a glitch. Somebody found an exploit in the security setup and created a hack to take advantage of it. Nokia likely paid a premium to have the apps made as exclusives for them and WP Central is posting a way to get around that. I'm not sure about legality issues, but it does feel wrong.

Could you please explain how that's bad form? I dont think you've thought it through, is what im getting at, so im trying to get you to actually think about what you've said.

You kidding? This is something for certain phones only as stated by the publisher. Telling people how to work around this and thus ignore the desires of the publisher is poor form. If you would have thought about it you might have figured it out. Then people have a sense of entitlement about things these days

I was curious to see if this works. I have Bejeweled Live + on my 920 & it's now now on my 8X running just fine. I will point out before anyone has a hissy fit it has been deleted because I can wait for the official release & I have paid for the Lumia exclusive.

Man, I just wish these apps were available for all Windows Phones (and my 8x)...Nokia may think it will push me to buy their products next time but it just means I'll go back to Android.

And how ethical is it for this site to publish the exploit in detail? Would they do this so paid apps of their fav devs can be downloaded for free? Pretty poor form.

Your reading comprehension is top notch. I like how your morals are set in stone though. I'll expect a similar condemnation when the next WP update is released and they post a workaround to install it. Im sure i wont be disappointed. Good talk.

Again, OS updates are inherent to the OS - Microsoft releases it for all WP devices, even if the oem/carrier blocks it.
 
These apps are paid for by Nokia for Nokia Lumia devices only.
 
 

1) I'd bet the number of people who actually utilized the hack was insignificant (minimal loss in income).
2) People now know that there is a whole world of Nokia-exclusive apps that they are missing out on, if they hadn't heard before. (I was surprised at hearing some of the exclusives myself. Lumia is looking better than ever.)
3) Everyone who has used that proxy (definitely wasn't one of them) has given their data to an unknown 3rd party with unknown intentions. That's very bad.

To be honest, I don't think this is the end of the world, and I don't think WPCentral should have done anything differently. I bet Nokia had some choice four-letter words for the WPC staff, but if anything they are in a stronger position because now it's more evident than ever that Lumias have exclusive apps that people *actually want*. I'd bet some people at Nokia have realized how good this is for their brand (assuming that they can and will block this sort of thing from happening again).

@seanles- you are not weakening his arguement.....theefman has a valid point here....WP OS update provided by Msft is meant for all WP irrespective of oems...workaround is for the users who will receive update at a later date due to carriers/oems thus it is not illegal/unetheical to force the update.....but apps in nokia collection are meant for the people with nokia products not all wp users......so by hacking/workaround you are illegally downloading these apps hampering nokia's business.....hope you got my point :)

Actually your point about those two situations being dissimilar is misguided. MS updates the kernel, then sends it to the various OEMs and carriers. Circumventing the due process always leaves some party in the dark. With the nokia circumvention is may be the publishers, or may be nokia, depending on how you look at it. With OS updates, it's likely your carrier, which may have to deal with customers bricking their phones due to their use of as-yet-untested software on their phone, or an increase in support calls because of bugs which wouldn't happen if the customer waited for the carrier to push the update officially.

Just because you *want* the situations to be different, it doesn't mean they *are* different.

Theoretically yes. But first someone must knows how to set up a HTC proxy, and actually goes forward to do it. This I believe isn't very likely, because given the tiny number of HTC exclusive apps, few would bother doing so. Then even if you managed to download and install the app, there's no guarantee it runs on your 920 at all, since it might need HTC specific driver. So...

Chassit, do you not want to respond to the posts regarding WPCentral promoting piracy? Or are you just going to continue to ignore everyone?
 
This applies to the rest of the WPCentral team too.

If you developer unlock your phone you can side load the Time:Me app. Essentially it is the HTC clock app and updates every minute. Or just develop your own app and keep it for yourself. ;)

You really didn't think that through, did you?
Different codebase, so even if you could download them they wouldn't even install!!!!!

So what is the purpose of this so called 'glitch', if nobody can install any of the apps? Does this mean it is possible to get a virus on your phone?

Sorry if my question sounds dumb, but could this be possible if you are going through another server. Or have I totally got it mixed up?

According to responses here and in Chinese, it looks like people could download basically all of the *free* Lumia apps, but only a portion of them will actually work. So I guess the best purpose of this loophole is to give non-Nokia users a taste of how great it is to be a Lumia owner, and maybe stimulate them to convert in the near future...

And the trick above apparently bypasses the 512MB RAM limitation as well, allowing low end devices to download and install apps that should normally be invisible to them (but again, can't promise they will actually run). Somebody up there mentioned installing Temple Run Brave on Lumia 720.

And yes, theoretically it's quite easy to contact virus through a proxy server. But the lucky thing is that Windows Phone itself is a pretty sturdy OS which is basically immune to all viruses and malware (thanks to the sandboxing some have been complaining about all along). Thus even if any virus streams itself into a Windows Phone via a proxy, it won't lodge. Of course, it will be a very different story if the Windows Phone is jailbroken...

Thankyou for explaining Chassit -- I'm so glad I chose L920, as I don't need to use this 'glitch'....!

Sounds like something that could potentially be accomplished through Fiddler.  Might give that a go later.

Just buy a Lumia ppl, best WPs anyway.... China...unsecure proxy ahh no thanks... Have 920 & 925 so I'm happy... Wonder if this works for Samsung and HTC apps on Lumias, anyone tried?

Sorry bud but no my 925 does not have a notification light, my n9 and n8 do so I understand the frustration that a 2013 phone does not have it, have heard rumors of a future update enabling the windows logo as one but just rumours.

My 720 is starting to melt as i type, i came on WPcentral to find out why and now i know, thank for leaking this and turning my phone into warm liquid goo *phone dies* :P

I'm not against writing an article about this, it's news after all, but clearly endorsing it (it is a hack) by posting a step by step, it's a bit too punk rock. Or something.

i was able to get man of steel app on my phone but nothing else for my samsung ativ s, i really realy want the nokia panorama app but it just wont complete installing

Man, just consider this a free tiral (albeit a buggy one) before buying a Lumia phone. Nokia has done a lot for its firstborns, and this is the time for the world to feel it. :)

While I agree with this, I really like the Nokia panorama app for a quick and simple "side to side" panorama because it handles it so well. But otherwise I use photosynth for all other panoramas.

The exclusives from Nokia will soon stop if websites such as WP Central from illegal downloading on other devices.

Nokia has done a lot for its customers. If HTC or Samsung users want good apps, they should ask the phone maker to invest in making those apps. Nokia has invested who knows how much money and manpower into these exclusives to draw people to their devices. It's not right to give away their work like this.
I'm glad the proxy went down, but now the idea has been put into countless minds that they should try the same thing.
Not cool to backstab Nokia like this.

We'll hear a story in a few months that outlook.com identities have been compromised and won't remember why ... ;)

Anyone managed to install Nokia music app ??
Got cinemagraph and creative studio now but can't really install Nokia music which will be great to have.

I don't understand all the whining. It's not like you can get all the apps anyway and for paid apps you'll still need to buy them. And really, do you honestly think enough people will go through with this that it'll make a difference in terms of overall downloads? The majority of WP users are Lumia owners anyway (according to the latest breakdown that was posted here), so this is more like giving others a taste of which Lumia exclusive apps are available and what they're like. I feel like the majority of people complaining are Lumia owners that hate the idea of losing their "exclusivity" because they won't feel as "special".

(this is coming from a Lumia 920 owner)

In my opinion, it is not even the hack that is the issue. It's just the fact that it is a bit of low quality reporting(in my opinion) from wpcentral. That's my only issue with this. It's basically saying here let me show you how to get apps you aren't suppsoed to get from a company who is single-handedly more or less the backbone of wp.

Not sure about non-Nokia phones. As a 720 owner, and for those of you who've been screwed by Nokia by the HERE DRIVE+ BETA scandal...good news is...with this you can install and run HERE DRIVE + BETA!!
Well, now we're level Nokia!!! 

Nice! Successfully installed App Highlights, Cinemagraph, Creative Studio, HERE Drive+ Beta, HERE Maps, HERE Transit, Lumia storage check, PhotoBeamer, and Ringtone Maker.
HERE Drive+ Beta and Lumia storage check don't work though.

You might be able to go through WP Central app updates link, to get storage check -- that's how I got Facebook Beta

Can't seem to get it to work on 7.8 and it doesn't say in the article if its WP8 only or not.
Enabled proxy with that address and port
Opened Marketplace
Searched Nokia Music and Cinemagraph and neither came up.

I think it's assumed that this is WP8 only. Nokia's app collection for 7.x isn't really growing or desired by others.

proxy stopped working for my lumia 720 for 1 gb ram apps......could download temple run and faceswap only.....any other free app with 1 gb requirement ?

I find it very strange that you guys put this online instead of just warning Nokia about it.
You guys always praise Nokia with just about everything and then you put this online?
Weird decision.

Well I don't think its a security risk seeing as you can see them but not install. After about half an hour I could no longer even find any of the Nokia exclusives by name.

Yayy. This glitch let me install TEMPLE RUN on my Lumia 720. TEMPLE RUN BRAVE showed up in wpstore app search. So this proxy kind of lets users bypass the device specific check. But unfortunately it worked only once. When tried twice, wp store doesnt connect through proxy.

This is just like finding someone's pin code and publishing it and the instructions on how to take money out of the guys account. If everyone doesn't see that, I feel sorry for you.

I see that wmpoweruser(the other windows phone blog) also has it on their site. I expect slightly lower quality from them but it is a bit disappointing to see that wpcentral is essentially stooping to such low quality reporting and this is supposed to be the premier windows phone community.

The apps were made by Nokia exclusively for their customers. It's like downloading Halo 4 and playing it on a PC.

It's definitely violating the terms of service on the app. Again, it would be like ripping Halo 4 from a disc you bought and playing it on a PC. That's not the intended use, and it's against the license agreement you made when purchasing the software.

Now you're graping at straws. Buy it when you get your Lumia device. It's not like these apps are going to go away in the next six months.

I am a bit surprised at wpcentral. I mean this theoretically could hurt Nokia or whatever and I'm a nit surprised at the fact they would post something like this and instruct ppl how to do it. It's way below their usual standards of writing.

Seems to me both risky and very likely a serious violation of some term of service or another. Probably won't put you in jail, but if something goes wrong, support will hardly be overly supportive, I guess.

And 'glitch' seems a nice euphemism for a hack. If I wanted news like that, I'd check more dubious blogs. I come here for serious news and quality blogging.

Given how many people clearly feel let down by WPCentral for publishing this, I wonder if they'll be man enough to apologise?

No, if that was their motive then they need only have reported the existence of the "glitch" and not how to exploit it. The article ends by encouraging readers to try out the glitch. It's clear from the comments that some people consider this unethical and lacking in integrity. The question is, do WPC care? I'd like to think they do but fear they don't.

What if this was a controlled glitch to lure other customers to Nokia xD haha just kiddin'. At least they'll know what they're missing though ;)

I would have downloaded Drive+ beta for my 720, but 30 mins too late, I guess.
Maybe I should just throw this phone away since it apparently takes Nokia forever to make a purchase-able version. Yes Nokia, I want to PAY FOR YOUR APP!
The reason why Drive in Europe is totally useless is that Nokia don't understand how their so-called "regions" don't coincide with how the traffic patterns at all. Why would a German want to know all about Luxembourg, but a Dane would be lost in Germany. Apparently, Danes do have the pleasure of navigation in Finland, Norway or Sweden in the rare case one brings his own car there.
Hooray for utter failure!

Pages