Cellular security

T-Mobile quietly upgrades 2G network security

We teach you

How Microsoft Account two-step verification works

Here we go again

Dropbox accounts hacked, service not to blame for leak

Hypothetical threat watch

New malware exploits USB, but isn't really that scary

Microsoft News

Microsoft issues security advisory affecting all versions of Windows, Windows Phone

General News

9 of 10 emergency wireless calls lack accurate location data in D.C. area

General News

UK government set to rush through emergency surveillance legislation

General News

UK officials follow US counterparts by banning electronics that have no charge from boarding flights

Microsoft News

Microsoft restores control of seized domains to No-IP

Windows Apps

1Password for Windows gets much needed 4.0 update

Editorials

Using strong passwords and keeping your online self secure

General News

First smartphone 'kill switch' bill in the US passed by… Minnesota

Windows Phone Apps

Secure your passwords and critical information with Enpass Password Manager

General News

Bitly alerts users of widespread account compromises, claims no accounts have been accessed

Windows Phone Apps

John McAfee's Chadder aims to keep your messages private, lands on Windows Phone before iOS

Windows

Microsoft issues security patch for Internet Explorer

Microsoft News

Microsoft issues warning about limited, targeted attack vulnerability in Internet Explorer

Developers

Windows Phone 8.1 reportedly closes ‘Fiddler loophole’ for installed OEM exclusive apps

Windows Phone News

New images reveal an overhauled Store for Windows Phone 8.1, includes automatic app updates and more

Developers

Microsoft revokes Windows Phone app that undermined developers’ paychecks

< >
46

Windows Phone Marketplace works...pirated software promptly removed

Arrggggh!

An interesting thing happened yesterday which we chose to not cover in detail. In short, someone published an app to the Windows Phone Marketplace that was pirated. Specifically it was a popular GPS navigation app which cost a good amount of money.  The person responsible presumably ripped the original XAP from the Marketplace and simply re-submitted it, pawning it off as their own.

Did they try to make money from it? Nope, they did something possibly worse--they offered it for free.

Word spread in certain forums and especially on some foreign Windows Phone sites, resulting in lots of folks downloading the app, confirming it was a real-working version, un-crippled. Many were ecstatic saving so much money, many of us were appalled. How does app security break down so badly for this to happen? The good news, as you can infer from the title, was the Microsoft was on top of the problem from early on. We contacted Microsoft's Brandon Watson on the matter and he responded:

"We identified this situation, through our normal monitoring processes, earlier today and both removed (unpublished) the app from the catalog and revoked the app from users who downloaded it. Since cache refresh times vary by country and handset, this may not be immediately visible but will be within the next 24-48 hours."

Sure enough, just a few hours later the app disappeared from the Marketplace, the uploader's account presumably was terminated (we can't find it anymore) and anyone who has the app installed, will have it revoked very soon, if not already. That last part is always interesting: Microsoft can and evidently will prevent you from running any illegal app on your phone. So keep that in mind next time you think you can sneak away with your bounty (should you be tempted).

Now, it still seems odd and unfortunate that people can pirate things and just re-upload them to the Marketplace and certainly that is something that can be improved upon. But at least when these things do happen, Microsoft seems to have a quick response (~24 hours) and technically, no one got away with anything, including all of those who downloaded it. Could things be better? Sure, they always can. Perhaps a more streamlined method to report piracy in the future could be instantiated, but at this point it really seems like a rare thing to happen--lets hope it stays that way.

0
loading...
0
loading...
0
loading...
0
loading...

Reader comments

Windows Phone Marketplace works...pirated software promptly removed

46 Comments

It was Turn by Turn Italy, I stumbled upon it when I was simply browsing for new apps. The moment I noticed it was free I was like "lol, they're stupid, they forgot to imput the proper price", but then I noticed the publisher's account name, then looked up "navigation italy" which actually resulted in 2 hits, the official one and the one for free.

To me this story is a dark tale, indeed.  I have no problem with MS pulling the app from the marketplace -- but the fact that they revoked it from people who had downloaded it is appalling, and should probably result in a lawsuit.  What's on my phone is my business alone.  Once I downloaded it, they should not even have the capability of doing anything about it.  Can MS remove my homebrew?
 
This is the future for Windows on the desktop, too, by the way.  The PC truely is dead.
 
I would note that I don't even know what app is being discussed.  And I don't care.

No, your attitude is appalling.  If you steal property, it's not your business alone.  If you accept property that you know, or should know is stolen, then it's not your business alone.  It is called being an accessory after the fact.  It is truly incredible that people believe reaping the benefits of someone's efforts, without paying for it, is morally correct.  It's morally contemptible.  You are not entitled to free navigation or any software for that matter.
 

I think those people who knowingly receive stolen goods should be subject to criminal prosecution.  In this situation, MS knows who received the goods and could report them to the local authorities, if owner of the content asks them to.  Mind you, it is quite reasonable to assume that some number of people who downloaded the app may have done so innocently, without knowing it was pirated.
 
I am not one of those hippie-dippies who thinks all software should be free.  I am, on the other hand, one of those freedom loving people who think that the phone I hold in my hand that I bought and paid for with my own money belongs to me.   Sorry, but once something is in my hands, it is out of Microsoft's.  I regect the idea that they should even have the capability to reach onto my device and pull things off of it.  There are other, better ways to deal with piracy.

I agree for homebrew, but for something from the Marketplace? No, they have the right to pull something from your phone if your download wasn't legitimate (innocently or not), especially if it was free and you didn't lose anything at all. The same way as a developer can send an update for their app to limit features or add ads.

 Well, in that it is in the EULA I imagine that they probably do have the right.  That said, I don't think it should be in the EULA, and may in fact be illegal, and I think lawsuits may be the only way to change this situation.  The simple fact of the matter is that all the smatphone platforms with the exception of the now defunct Symbian (underrated, BTW), work this way.  It is a business model developed by Apple that is, to my mind, unconscionable.

There is nothing "illegal" about this.  If your friend "gives" you a stolen TV and the autorities find out about it...You lose your TV.  Even if your friend "sells" you that stolen TV and the autorities find out about it...You still lose that TV.  Its stolen property and its not yours, no matter how you came to be in posession.  Just because it happens to be software doesn't magically make it exempt from this.

So you condone piracy then!!
Ripping off a program that someone else created and put the time into and calling it your own IS stealing.
How would you know what the future of Windows on the Desktop is, no one else does. Unless you work for MS.

People who condone this stuff obviously never took an economics class.  It's the "freerider problem."  If everyone does it, then nobody bothers to publish anymore because the authors/developers/publishers can't make money.  Innovation dies.  It's also one of the hallmarks of communist societies.

Agreed, every single app I have with the exception of one, is downloaded legally. The one that isn't I'm a beta tester for anyway.
I always think that if it's to good to be true, it probably is!!

It is people who took economics classes that advocate for DRM, which is a way for big companies to punish loyal paying users without preventing piracy in the slightest.

When one enters into a transaction with full knowledge of the limitations and consquences, one is not "punished."  We can both agree that DRM reduces the value of goods without a commensurate discount in the price, but to say anyone is "punished" is a bit hyperbolic.  That kind of description follows from the idea that people are "entitled" to own a particular luxury item.

Um, how does thinking my device belongs to me mean I condone piracy?  I think anyone who knowingly downloaded the pirated app is a thief and douchebag. 
 
This kind of crap is an extension of the same fallacious mindset that leads to DRM.  It means MS owns what is on my phone, not me.  I reject this way of doing business.  We all should.
 
Although I recognize this as an attempt to deal with piracy, I think it opens a Pandora’s box that is far, far more dangerous than the issue it tackles.
 

So if you unwittingly download illegally pirated goods, you should be permitted to keep it because your heart is in the right place.  Finders Keepers, and all.  I got it.
The DRM argument is not applicable.  DRM is bad because the product you purchase with DRM simultaneously costs the same as the non-DRM product (old iTunes model for selling MP3s vs. a CD, for example) and it is worth less.
Also, the slippery slope argument is not a good one.  We can deal with other scenarios as they come up, and a parade of horribles is not instructive on this particular problem where software is illegally ripped, gets past safeguards to prevent it, and is distributed to people who unwittingly downloaded pirated software, people who should know it is prirated, and people who actually do know it is pirated.  Among the participants/victims to the transaction, the developer and rightful publisher is the least blameworthy.  Deleting the data from the phones of even innocent downloaders is less hurtful than imposing the burden on the innocent developer.
But if you want to go down the slippery slope, I'll follow:  suppose 1 million people unwittingly downloaded an illegally ripped piece of software.  Suppose only 2 percent would have purchased the software normally costing $30.  Assume the developer/publisher get half of this price.  That's 20,000 x 30 x.5 = $300,000 in lost revenues.
Now compare that to the minor hurt imposed upon each individual innocent downloader by Microsoft deleting the offending software from their phone in accordance with the TOS that each agreed to when they downloaded the app.
And before you protest that 1 million downloads is unrealistic, remember that in a slippery slope argument, you needn't deal with reality.
Finally, we need to remember that nobody but the developer/publisher owns software.  You may have purchased the discs and the box and the other tangibles that come with it, but you are merely a licensee of software.  When you download an illegally distributed app, whether you are innocent or culpable, you never received a license to use the software.   The remedy is for Microsoft (in this case) to keep track of the valid license-holders and revoke rights by removing the software from unlicensed devices.

once agian u have not read the EULA " It means MS owns what is on my phone,"
yes it does MS does and always has "rented" the software to you , you never ever ever own any MS software EVER!

Nonsense. While it is true that software has been licensed for a while, when I go to the store and buy the CD, I own the software.  I can reinstall it wherever I want, even if the company that provided me with the CD goes out of business.  With the new model, should MS decide to no longer sell an app, whether the developer wants me to be able to have it or not, I can't.  And should MS stop supporting Windows Phone (not terribly unlikely given its utter failure to gain traction), all our apps could vanish as they might stop providing security certificates.

 
Neigh, once I have it, it should be mine.  If I got it illegally, than law enforcement or civil litigation, not corporate police, is the way to resolve the issue.  We have police specifically because we don't trust companies to do that job.

 
Again, I do not condone piracy nor "finders keepers" nor any of the other stuff ignorant posters above have been spewing. These are straw men. I support my right to personal sovereignty over my possessions. MS sold me the phone, they should now get the heck out of it.

If an individual stole knowingly a vehicle and the police caught them you can be sure it would be taken away. If a person unknowingly ended up with a stolen car and the police caught them, again it would be revoked. They may not even get back what they paid for the stolen car.

Imagine for a moment you are the real car owner, or in this case the developer. Aren't you grateful to all involved who helped you "get your car back"? Don't you suppose this is a security for developers? If iOS and Android have these capabilities would it deter some from developing for MS if WinPhone didn't have it?

If any of these companies abuse the app removal ability then it is a bummer. But if its used properly then it could be useful and positive. We're all subject to what theses large corporations decide to do and we don't have much say. But hey losing a pirated app is much better than the majority of problems people face in the world.

I actually understand the "it is my phone" arguement, and 90% of the time would happily take the side of the device owner.  But, none of that applies to stolen property.  If you buy a stolen ring from a pawn shop and the Authroities trace it to you, you lose the ring.  The example from @skineejoe with the stolen car is the same.  You can not KEEP stolen goods due to it never actually being up for sale, or downloaded in this case, legally.  
Maybe a better analogy on this would be those access cards that used to be black marketed everywhere for you to get all the satellite channels for free.  When Dish Network, or whoever, zapped those cards and you lost all your free pay channels you were not paying for, could you call and complain "But it is my reciever and my TV, what right do you have to take it away from me?"  Again, I understand not everyone, or maybe most everyone, who downloaded this did it knowing it was pirated, but the analogy still holds true.  Microsoft didn't come and take your PHONE..... only the stolen goods.  Well within their right.

MATE ? Have u ever read  EULA? 
You know, that thing that says accept or decline? The one you obviosly ignore?
If you had you would know that you NEVER own the software . You are GRATED PERMISSSION to use it. It is not your GOD given right . AND if you break the rules of the EULA which you have done by downloading the counterfiet software they have the RIGHT to remove it

Illegal contracts cannot be enforced.  I believe the EULA may be illegal.  I would like to see litigation by serious people to get this sorted out.
 
Perhaps the EULA will hold up.  Perhaps not.

To be honest even Android does things like that and there surely is a backdoor in iOS as well.
I do not like that either. No one but me should be able to install or uninstall software from my device.

Article: " revoked the app from users who downloaded it"
ehmm so how now revoke means uninstall? well it doesnt mean the same.
so YOU can install or uninstall whatever you want. revoking access is way different and valid in this case.

REPLY TO holyfetzer:
Yes, Microsoft should be able to uninstall it, since they provided the means for you to obtain the illegal software in the first place.  Otherwise, they would be liable to the developer.  It is also in the TOS for Marketplace.  If you don't like it, don't use it.  Every distributor of electronic media has this cabapility.  It's in iOS.  Amazon can do it on your Kindle, too, and they have done it at least once in the case of a book that was published free of charge as a supposed "public domain" work.  Turns out, it was not public domain, and the files were deleted from the Kindle's of those who downloaded.

In Canadian Business Law*, the reasoning behind Microsoft's ability to take it away from people who downloaded the program is that although the people who downloaded it may not have known it was a fake version, it was still acquired because the person who put it up on the marketplace did it knowing that it was illegal. There was an intent to break the law. As a result, the app was still procured through illegal means even if the people who downloaded it did not intend to break the law.

Not sure if this would be the case in other parts of the world but it makes sense to me.

*I am not a lawyer, just took several law courses in my undergraduate studies.

Microsoft's actions are supported under US property law.*  In general, if you steal property, you have no title to pass along to an innocent purchaser.  The innocent purchaser for value has rights to the stolen property against all but the true owner.  In this case, there was no value given for the purchase of the stolen property; it was given away, so the downloaders can't even make the arugment that they have given value for the thing.
 
*I am a lawyer, and I took a lot of relevant classes in undergrad and in law school

I look at Microsofts ability to remove apps like this as a service, to me the end user as well as the orginal developer.
I am not a Dev, but I completely support the devs ability to protect their IP.
Think of it like this, a company spends a considerable amount to develop an app and the back end service that powers that App. They have every right to protect their investments, while I have zero right to get those services for free just because I unknowingly downloaded a ripped off app.
Now, all that said, if that said company themselves screw up and posts the app for free accidently and I get it before they figure it out. Then I have to say school yard rules apply, "Finders keepers, losers weepers!"

I see that there are a lot of people who don't understand the method by which the app was revoked, and what it means for their security.  I saw a comment above that said something along the lines of "Microsoft has control of our phones and you're worried about an app???" 
No, Microsoft does not have control of our phones.  I have had this discussion with one of the phone developer evangelists, and the way it works is this: You publish an app, and Microsoft assigns it a security certificate.  In the phone, apps are checked against the server for security certificates.  If an app has no certificate, it is uninstalled.  This is why those who had pre-nodo (or was it pre-mango?) Chevron-unlocked phones found apps uninstalling when the phone's unlocked status changed back to locked.
All Microsoft has to do is revoke the security certificate, and the app will uninstall.  We are not carrying around a bunch of zombie phones waiting to hear from the mothership before they take over our lives.  IMHO, this is really a great model for security, and it is one of the things that I point out when I am trying to convince an Android user that Windows Phone is better.  With the help of all the news about Android's lack of security, showcasing this fact has helped me to convince several people to go with Windows Phone.
The only drawback I see is for developer unlocked phones.  I have not discussed this with any dev evangelists, or anyone else in the know, but would assume that the revocation of a security certificate would not cause the uninstallation of an app from a developer unlocked phone.  So those of us with unlocked phones have a lesser degree of security than a regular phone.
If I am wrong on any of this, I would love to learn where I am wrong, so I can get it right - I don't want to be deceiving people.

"We are not carrying around a bunch of zombie phones waiting to hear from the mothership before they take over our lives."
 

  1. Great points, well thought out.
  2. Great line.  I laughed a lot!!

As I agre the app should be removed and It should be requested from the downloaders that they legaly uninstall the app. Persoanlly, this is Microsoft's fault, if they are checking apps, this should of never made the marketplace.
My Device, My choice, morals or not. I'm the one to pay for the device, I pay the monthly contract/fees to use the device. They should not have the right to go into my device and remove something because they chose to. I do agree they should agressivly try to get me to remove it though.
This makes me question a lot, what if someone desides to abuse this power ? They want to see what word, PDF or even email I have on my phone ? What if a higher level demands to see it (police, goverment, etc) ? What stops that ? 
This is why at some levels I embrace cloud computing but, in other ways, I fear it...

It's your device.  However, you are plugging that device into Microsoft's servers and by doing so, you consent to the terms of service.  What Microsoft has done has been done in accordance with the TOS.  In other words, you entered into a binding contract.  You didn't read it, so you are upset that the terms of that contract are being enforced in a way that invonceniences you by depriving you of the windfall benefit of downloading stolen property without culpable intentions.

Your Office documents are a completely different matter.
This "what if" question is a slippery slope fallacy. Your device, your documents. You delete, edit, send as you wish.

For the apps, it's your device, MS's Marketplace, someone else's app. The apps are a part of their marketplace. You only own the right to use someone else's app on MS's marketplace. You do not have ability to edit the app, delete it from the marketplace or distribute it to someone else. You can only uninstall the app which relinquishes your ability (for the time being) to use the app.

Is MS partly at fault for the app appearing on the Marketplace? Sure. But, it is simply not rational to expect that a company can prevent everyone from pursuing illegal acts before they happen. They have safeguards that are there. They acted quickly once they realized something had slipped past their safeguards.

It is important to realize that these apps which you have downloaded onto your phone are still a part of the Microsoft Marketplace and so, it is absolutely within their reach to take away your access to apps that are taken off of their marketplace.

I downloaded the free game Flowerz. Good game. No adds and was free for some reason. I expected that to be revoked but it never was. I was not aware that add free Xbox live games were free. Crazy. I still got it though.

Wow lots of idiotic comments on here. I'm pretty sure this also happens in android,especially if the app is malware. Would u rather MS do nothing? IDIOTS!!

Problem is most of the people commenting haven't created and app and had it published on the marketplace.
I wonder if they would feel any different if they wrote an app then had it ripped off by some ***hole who decides to give it away for free.

online version has got offline maps download. That could be the reason a free version has been pushed

For all the people that are saying "What's on my phone belongs to me." and "Microsoft has no right to revoke it.", I'm sorry maybe you're not aware but I can pretty much guarantee you that almost all software you think you own DOES NOT belong to you. The price you pay for it is for the license to use it. NOT the software itself. The software is still completely in ownership of the developer who made it. Yes the device is yours, however the software is not, and Microsoft is fully within their rights to remove software of which the license to use wasn't paid for. If it has a price and you didn't pay it, you STOLE it. Whether it's on your device or not is completely irrelevent.

Bingo. I sort of assumed our readership would be aware of this fact, but alas, I'm a bit dissapointed that a few have expressed dismay at MS's actions.

MS not only did the right thing but in a relatively quick fashion.

When iOS 5 came out, a perfectly working app was ripped off of my 3GS by Apple.  Why?  They wanted me to buy a brand new phone to be able to use this app that was working fine before iOS 5.  It was called Siri.
Hackers have since demonstrated that Siri works fine on a 3GS, so what reason did Apple have to take the app off of my phone?
Why is there no outrage about this???  Oh right - Apple can do no wrong.

Correction, the phone hardware you bought belongs to you, the phones OS on the other hand is licensed to you, NOT YOURS, there is a BIG difference. They can do whatever they want to the software they licensed to you, without your permission. Guess someone did not read or was unable to comprehend the contents of the ToU (http://www.microsoft.com/windowsphone/en-us/tou.aspx)

Thank you Microsoft for doing the right thing. And please feel free to act as quickly and responsibly if some form of malware slips through the Marketplace vetting process. Now regarding subjects like; child pornography, inciting violence, building bombs, etc., to keep your somewhat liberal phone owners calm, it would be best to look the other way and let things be. No worries though. Nothing Jester can't handle. At least he doesn't have to deal with public opinion.

@xImtc,

I know Im late to the party here but you're an idiot. Who said anything about MS 'looking onto your personal personal property'? No one that I saw. There's a transaction history for your account. They simply lookup which accounts downloaded that illegal software and send a signal to your phone via the email you have linked on your handset that disables the software. There is no 'peering at your personal device content'. If we followed your ignorant line of reasoning, then why weren't you whining when MS pushed out the Mango update? Or is that different because people wanted that signal to come through? One could argue that they 'looked at your phone content' in that instance... I can assure you they didn't as they do have a device list of phones that were manufactured without Mango and the serial numbers of the device and the carriers they were sent to. Then they push the signal out all with looking at NOTHING on your device. Seriously, get a grip!