Reducing piracy of iPhone applications

Alex Reynolds picture Alex Reynolds · May 11, 2009 · Viewed 15.2k times · Source

What are accepted methods to reduce iPhone application piracy, which do not violate Apple's evaluation process?

If my application "phones home" to provide the unique device ID on which it runs, what other information would I need to collect (e.g., the Apple ID used to purchase the application) to create a valid registration token that authorizes use of the application? Likewise, what code would I use to access that extra data?

What seem to be the best available technical approaches to this problem, at the present time?

(Please refrain from non-programming answers about how piracy is inevitable, etc. I know piracy is inevitable. I am interested in programming-based answers that discuss how to reduce it. Thanks in advance for your understanding.)

Answer

David Wong picture David Wong · May 11, 2009

UPDATE

Please visit and read

Thanks to chpwn in the comments.

Code that's way too old! - 11th May 2009

For now there's an easier way to detect if your iPhone application has been cracked for piracy use. This does not involve you to check the iPhone unique IDs against a list of accepted IDs.

Currently there are three things crackers do:

  1. Edit the Info.plist file
  2. Decode the Info.plist from binary to UTF-8 or ASCII
  3. Add a key-pair to Info.plist{SignerIdentity, Apple iPhone OS Application Signing}

The last one is easiest to check with this code:

NSBundle *bundle = [NSBundle mainBundle]; 
NSDictionary *info = [bundle infoDictionary]; 
if ([info objectForKey: @"SignerIdentity"] != nil) 
{ /* do something */  }

Generally we don't have SignerIdentity in any of the App Store applications we build so checking for nil then performing set instructions should make it more difficult for crackers and pirates.

I can't take credit for this so please visit How to Thwart iPhone IPA Crackers. There's loads of information there about piracy on iPhone and how to curb it.