Windows Phone Marketplace app-security cracked: Proof-of-concept [Video]
Disclosure: Well before the publication of this article, WPCentral contacted Microsoft's Brandon Watson directly about the breach and we are cooperating with Microsoft in any way we can. Microsoft may be providing a statement to us addressing this issue, which we will of course post in its entirety if they choose to do so.
Yesterday we reported on a controversial "whitepaper" over at XDA (since pulled) which gleaned publicly available information to outline how the WP7 Marketplace could be cracked. To some, this was new. For others, it was very old. And for others still, it was information that was plain incorrect.
For developers, the weakness in Microsoft's DRM for Windows Phone 7 applications has been well known for quite some time, and there have been calls for Microsoft to address these concerns (see here in their forums).
Since then, a "white hat" developer has provided WPCentral with a proof-of-concept program that can successfully pull any application from the Marketplace, remove the security and deploy to an unlocked Windows Phone with literally a push of a button. Alternatively, you could just save the cracked XAP file to your hard drive. Neither the app nor the methodology is public, and it will NOT be released (please don't ask). It is important to note that this was all done within six hours by one developer.
After the break, you can see a video of the application (called "FreeMarketplace") in action, demonstrating how easy it can be to download any app from the Marketplace. While many will condemn us for "promoting piracy," we respectfully disagree. We have heard many complaints from developers about this weakness for months now and it is their right to know about the flaws in the system. We are confident Microsoft will work hard to implement a stronger DRM system, in part due to this proof-of-concept demonstration.
Tobias, technical adviser for this article, can be contacted via WPCentral
Get the Windows Central Newsletter
All the latest news, reviews, and guides for Windows and Xbox diehards.
Daniel Rubino is the Editor-in-chief of Windows Central, head reviewer, podcast co-host, and analyst. He has been covering Microsoft since 2007 when this site was called WMExperts (and later Windows Phone Central). His interests include Windows, laptops, next-gen computing, and for some reason, watches. Before all this tech stuff, he worked on a Ph.D. in linguistics, watched people sleep (for medical purposes!), and ran the projectors at movie theaters because it was fun.