Walking the fine line between black and white hat security, XDA member V@l€n has gone and posted a detailed "security whitepaper" on the state of app piracy in the Windows Phone Marketplace.
We almost hate to write on the topic since it will attract claims of supporting piracy, but the fact is developers and Microsoft need to know just how vulnerable the platform is so that it can be improved on before it's a problem. And that's just it, right now there is no issue with app piracy for Windows Phone, but it is inching closer and once those few remaining hurdles are cleared, there will literally be a flood of pirated apps on the market.
But before we jump into all of that, lets detail exactly what is going on here. For better or worse, V@l€n has done a great job of outlining all the steps needed to make a ridiculous piracy campaign, showing all the necessary procedures that need to be cleared.
Follow us after the jump as we walk through this story...
As mentioned earlier, app piracy just does not exist yet in the Marketplace. But what V@l€n has done is given potential "black hat" developers a step by step guide on how to make such piracy happen. More importantly, V@l€n veers on advocacy here by wanting to "liberate" apps from Microsoft's "oppressive Featured Apps section" undermining his whiepaper's credibility in just preventing piracy. But putting aside judgment on motivation, lets look at the crux of the issue.
The steps needed to break down Microsoft's security is summarized as follows:
- Download all the apps from the Marketplace: done (or can be done)
- Seed those apps in a torrent for peer to peer distribution
- Circumvent the 10 sideload app limit: done (see here)
- Enable a disabled app: tricky, but can be done, no method to do it en masse
- Get around code obfuscation (not mentioned by V@l€n, we'll do it for him)
- Remove XAP security signature: needs work
Like we said, V@l€n doesn't seem aware that the 10-sideloaded app limit has already been breached, nor does he mention any potential use of code obfuscation which Microsoft is openly advocating and offering to developers for free.
Still, as can be seen above, the road to a completely open and hacked Marketplace is not that far off and in fact, seems within reach if and when more developers (black and white hat) begin tampering with the OS and development tools. None of this is unusual for any new OS and there is no 100% foolproof solution (iOS is cracked wide open and there is even a pirated app store for the platform that makes stealing software as easy as buying legit).
The real question is this: Is Microsoft prepared for this and do they have extra security features waiting in the wings to either prevent or quickly ameliorate any such security breach when it happens?
That we don't know and is what should concern commercial developers.
Source: XDA Forums; Thanks, V@l€n, for the info
Here's everything we know (so far) about Star Wars: Squadrons
Star Wars: Squadrons is a dog-fighting game developed by EA Motive. Players join the New Republic or the remnants of the Empire and engage in vicious space battles. Here's what we know so far.
Review: Elgato's Wave 3 is a great first attempt at a condenser mic
The Elgato Wave 3 is one of two new microphones from Elgato, which aims to give streamers an affordable high-quality all-in-one condenser mic with impressive studio features on the side. Is it worth the asking price, though? Let's take a look (and listen.)
Review: F1 2020 is a polished racer for long-time fans and newcomers alike
In a turn of events in this crazy year we're having, the real-life F1 championship is making its debut in the same week as the official game. It's been months of nothing for fans of the sport and as we hit July it's time for all the racing action you can handle. F1 2020 is pretty damn good, but you knew that already. Here's what's cooking in this year's title.
Secure your business with these Dell tools
Are you an IT professional or business owner that wants to heighten security? Dell Technologies has the products you need to keep your files, hardware, and more, as secure as possible.