Walking the fine line between black and white hat security, XDA member V@l€n has gone and posted a detailed "security whitepaper" on the state of app piracy in the Windows Phone Marketplace.
We almost hate to write on the topic since it will attract claims of supporting piracy, but the fact is developers and Microsoft need to know just how vulnerable the platform is so that it can be improved on before it's a problem. And that's just it, right now there is no issue with app piracy for Windows Phone, but it is inching closer and once those few remaining hurdles are cleared, there will literally be a flood of pirated apps on the market.
But before we jump into all of that, lets detail exactly what is going on here. For better or worse, V@l€n has done a great job of outlining all the steps needed to make a ridiculous piracy campaign, showing all the necessary procedures that need to be cleared.
Follow us after the jump as we walk through this story...
As mentioned earlier, app piracy just does not exist yet in the Marketplace. But what V@l€n has done is given potential "black hat" developers a step by step guide on how to make such piracy happen. More importantly, V@l€n veers on advocacy here by wanting to "liberate" apps from Microsoft's "oppressive Featured Apps section" undermining his whiepaper's credibility in just preventing piracy. But putting aside judgment on motivation, lets look at the crux of the issue.
The steps needed to break down Microsoft's security is summarized as follows:
- Download all the apps from the Marketplace: done (or can be done)
- Seed those apps in a torrent for peer to peer distribution
- Circumvent the 10 sideload app limit: done (see here)
- Enable a disabled app: tricky, but can be done, no method to do it en masse
- Get around code obfuscation (not mentioned by V@l€n, we'll do it for him)
- Remove XAP security signature: needs work
Like we said, V@l€n doesn't seem aware that the 10-sideloaded app limit has already been breached, nor does he mention any potential use of code obfuscation which Microsoft is openly advocating and offering to developers for free.
Still, as can be seen above, the road to a completely open and hacked Marketplace is not that far off and in fact, seems within reach if and when more developers (black and white hat) begin tampering with the OS and development tools. None of this is unusual for any new OS and there is no 100% foolproof solution (iOS is cracked wide open and there is even a pirated app store for the platform that makes stealing software as easy as buying legit).
The real question is this: Is Microsoft prepared for this and do they have extra security features waiting in the wings to either prevent or quickly ameliorate any such security breach when it happens?
That we don't know and is what should concern commercial developers.
Source: XDA Forums; Thanks, V@l€n, for the info
PS5 games prices are higher than Xbox — but is that a good thing?
Sony's PlayStation 5 reveal came with some big caveats, and one of the most overlooked ones is the fact that games will be more expensive, seemingly across the board. Should Microsoft and Xbox jump on that train as well?
Review: Gigabyte's Z490 AORUS ULTRA is a gorgeous Intel motherboard
Gigabyte's Z490 AORUS ULTRA is a motherboard you should consider for a 10th or 11th Gen Intel-powered PC. On paper, it has plenty going for it, including amazing power design and cooling, passively cooled M.2 slots and good overclocking support.
You can get the Windows 10 October 2020 update early – here's how
In this guide, we'll show you the steps to upgrade your computer to the final release of the Windows 10 October 2020 Update before it's officially available to everyone.
Secure your business with these Dell tools
Are you an IT professional or business owner that wants to heighten security? Dell Technologies has the products you need to keep your files, hardware, and more, as secure as possible.