Beta
×

Welcome to the Slashdot Beta site -- learn more here. Use the link in the footer or click here to return to the Classic version of Slashdot.

Thank you!

Before you choose to head back to the Classic look of the site, we'd appreciate it if you share your thoughts on the Beta; your feedback is what drives our ongoing development.

Beta is different and we value you taking the time to try it out. Please take a look at the changes we've made in Beta and  learn more about it. Thanks for reading, and for making the site better!

App Auto-Tweets False Piracy Accusations

Soulskill posted about 2 years ago | from the i'm-spartacus dept.

Piracy 231

An anonymous reader writes "Certain iPhone and iPad applications from a Japanese company have broken software piracy detection mechanisms that are sending out tweets on the user's own Twitter account, saying, 'How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession.' The trouble is, it's sending these out on accounts of users who actually paid up to $50 or more for the software and who are legally using it. The app is asking for access to users' Twitter accounts, but does not give the reason why it is asking, so the author of the article concluded (rightly) that things were being done deliberately. Would you want your legally purchased software to send out messages to all of your contacts on Twitter or on other social networks saying that you were a software pirate? Would you excuse the writers of the software if it was just an error in their piracy detection measures?"

Sorry! There are no comments related to the filter you selected.

no (5, Insightful)

Anonymous Coward | about 2 years ago | (#41975193)

no

Re:no (-1, Troll)

Anonymous Coward | about 2 years ago | (#41976789)

no

Wow. A single word post gets Score:4, Insightful. WTF, Slashshit?

How about this. If that got +4, mine should get +12, but it won't, because the people running this site have their heads up their asses, apparently.

Here's something really insightful. People using this app are fucktards because they're using an iOS device in the first place, and apparently they're also on Shitter, where useless shits twit and twat at each other in 144 characters or less, or whatever the fuck the bullshit arbitrary limit is, causing them to compress thought into so badly broken English it makes Pidgin English look like fucking Shakespeare.

If they weren't using CrApple fucking iShit "devices", or wasting time twatting each other, they wouldn't have this problem.

FTFY.

Who would pay $50 for an iOS App? (-1, Flamebait)

Anonymous Coward | about 2 years ago | (#41975199)

Oh yeah.. the same people who pay $$$$ for Apple's overpriced junk.

Re:Who would pay $50 for an iOS App? (5, Interesting)

EGSonikku (519478) | about 2 years ago | (#41975349)

Flamebait much? People pay far more than that for desktop apps. People tend to think that an iOS iPhone or iPad app is going to always be some simple thing, and a lot are. But there are plenty of higher end "desktop quality" apps available on the platform.

Granted I don't personally believe a Dictionary app would be, but hey, an app is worth what people are willing to pay.

Back to the topic of what's triggering these erroneous piracy messages, there could be a couple of things at play. Some people are reporting its happening on Jailbroken devices that also have the "Install0us" app installed, which is to be fair used solely for app pirating. It may be the app sees "Hey, I'm on a hacked device with a pirate store installed" and assuming it itself has been pirated for that reason.

However, other users are reporting the same issue on non-jailbroken devices which leads me to believe that these apps were targeted for iOS 5.1.1 and may be seeing the massive backend library and OS changes Apple made for iOS6 and incorrectly assuming its running on a Jailbroken devices due to unexpected OS differences.

I'm not defending the app maker for obviously going overboard on anti-piracy measures, just trying to figure out the 'why' of it being triggered for paying customers.

Re:Who would pay $50 for an iOS App? (-1, Troll)

Anonymous Coward | about 2 years ago | (#41975615)

People pay far more than that for desktop apps.

No. Desktop applications, yes, but iDevice apps, no. Show me Photoshop on an iPad, then come back. If you are willing to pay $50 for an app, that better be a darn good app that you can hardly live without. Otherwise the other A/C's point is proven.

Re:Who would pay $50 for an iOS App? (1)

Anonymous Coward | about 2 years ago | (#41975769)

So you want to see $700 software on an iPad before you'll believe there could be software worth $50t?

Applications were called apps by a lot of people before the iPhone even existed.

Points aren't generally proven, they're supported or contradicted.

The only thing you accomplished was getting me to respond to a troll. Congrats, go out and celebrate.

Re:Who would pay $50 for an iOS App? (5, Insightful)

_merlin (160982) | about 2 years ago | (#41976145)

When I'm in a country where I have severely limited vocabulary in the local language, a good dictionary application is one of those can't-live-without things that I actually do depend on for getting by. I haven't seen how good this application is/isn't, but I'd pay more than $50 for a great dictionary app. Also, a mobile version is more valuable than a desktop version. I know from experience what it's like pulling a notebook computer out of a bag when I get stuck trying to read a sign or communicate with a stranger. I'll give you a hint: it's not as practical as pulling a phone out of your pocket.

App permissions (4, Insightful)

danomac (1032160) | about 2 years ago | (#41975201)

Generally if I have an app asking for Twitter/Facebook credentials and it appears completely unrelated to the app I just remove it and move on.

Re:App permissions (4, Funny)

Anonymous Coward | about 2 years ago | (#41975237)

Not using Twitter/Facebook also solves that problem.

Re:App permissions (5, Funny)

Nexion (1064) | about 2 years ago | (#41975343)

Actually that solves MANY problems.

Re:App permissions (5, Funny)

fustakrakich (1673220) | about 2 years ago | (#41975379)

If you don't use Twitter/Facebook, you're obviously hiding something.

Re:App permissions (2)

Em Adespoton (792954) | about 2 years ago | (#41975927)

If you don't use Twitter/Facebook, you're obviously hiding something.

...and that's a Good Thing.

Re:App permissions (5, Funny)

TFAFalcon (1839122) | about 2 years ago | (#41975947)

Yeah, he must be a serial killer or something.

Re:App permissions (5, Insightful)

cjpa (796302) | about 2 years ago | (#41975245)

This app cost 50$ and it was only when the user got an update, that the app insisted on getting Twitter credentials. So he paid heavily for an app which subsequently sent out a dodgy update. Not a very nice practice.

Re:App permissions (2, Insightful)

Anonymous Coward | about 2 years ago | (#41975321)

Yes, but it's a fucking Dictionary. It doesn't *need* Twitter. It doesn't matter who wrote it, or how many good reviews it has.

Re:App permissions (4, Insightful)

danomac (1032160) | about 2 years ago | (#41975565)

I didn't actually realize it was a dictionary - people actually pay more than a buck or two for an app? Considering a dictionary is available online, $50 for a dictionary app seems to be kind of silly.

Re:App permissions (3, Insightful)

tftp (111690) | about 2 years ago | (#41975837)

Considering a dictionary is available online, $50 for a dictionary app seems to be kind of silly.

Perhaps not to a journalist who earns his daily bread by reviewing applications for portable devices. It's one of his tools of trade.

The Web site approach that you talk about may work if you need one word in a month. However the browser is not a perfect interface. You need to scroll around, to zoom in, to zoom out... even a simple application that has only one input field and one output area will be a huge timesaver. This is important for journalists who routinely write articles, especially when those articles are in a foreign language (Norsk != English.)

Re:App permissions (1)

SomePgmr (2021234) | about 2 years ago | (#41975941)

And he'll make his $50 back when the libel suit happens. ;)

Re:App permissions (3, Insightful)

Dahamma (304068) | about 2 years ago | (#41976143)

Unless it's a class action, in which case he'll get a $5 coupon towards purchase of another broken app and the lawyers will get the rest.

Re:App permissions (0)

Anonymous Coward | about 2 years ago | (#41975977)

You must not read the articles these journalists produce.

Re:App permissions (3, Funny)

tftp (111690) | about 2 years ago | (#41976295)

/me borrows a journalist's hat: "We, journalists, are writers, not readers!"

Re:App permissions (3, Informative)

R3d M3rcury (871886) | about 2 years ago | (#41976573)

However the browser is not a perfect interface. You need to scroll around, to zoom in, to zoom out... even a simple application that has only one input field and one output area will be a huge timesaver.

I can't speak for Japanese dictionary sites, but dictionary.com's mobile site [dictionary.com] is pretty straightforward--no pinching or zooming required.

Re:App permissions (1)

interval1066 (668936) | about 2 years ago | (#41975911)

It (they) doesn't need $50 either. Most I ever paid for an app was 4.95, and that was for a very nice mp3 player.

Re:App permissions (5, Informative)

dgatwood (11270) | about 2 years ago | (#41975457)

If I were one of those folks, I would follow these steps [gizmodo.com] to register a complaint with Apple. Just saying.

Re:App permissions (5, Interesting)

Threni (635302) | about 2 years ago | (#41975783)

I noticed one of these twitter posts from Teller (the silent half of Penn and Teller) earlier today. I assumed it was a joke that I didn't understand, but it makes sense now.

I'm more than willing to make a statement in court to the effect that I assumed he was admitting to performing illegal acts if it helps in any subsequent lawsuit against the turd-like cretins who abused people's trust in their products by misrepresenting them publicly in this way.

Re:App permissions (1)

Anonymous Coward | about 2 years ago | (#41976509)

If I were one of these folks, I'd be considering legal counsel. Just saying.

Re:App permissions (0)

Anonymous Coward | about 2 years ago | (#41976623)

This app cost 50$ and it was only when the user got an update, that the app insisted on getting Twitter credentials.

So, those of us without twitter accounts can't use this app? Bugger off.

Re:App permissions (0)

Anonymous Coward | about 2 years ago | (#41975301)

+1. Isn't Apple supposed to disapprove apps like that? Clear breach of privacy whether pirated or not. How about hanging a shotgun at your front door entrance that is supposed to go off only when burglar comes in?

Re:App permissions (4, Insightful)

green1 (322787) | about 2 years ago | (#41975331)

You don't honestly believe that bit about the walled garden protecting the users do you?

Re:App permissions (5, Insightful)

EGSonikku (519478) | about 2 years ago | (#41975395)

As an iOS user since the original iPhone I have a few points to make.

Firstly, part of me wishes it were more open and that's why I've always used available jailbreaks.

Secondly, when one looks at the amounts of malware available for each platform it does become clear that the 'walled garden' does seem to have an affect on device security.

It really is a double edged sword, but I can see the merits of both arguments.

Re:App permissions (0, Flamebait)

TheRaven64 (641858) | about 2 years ago | (#41975599)

Secondly, when one looks at the amounts of malware available for each platform it does become clear that the 'walled garden' does seem to have an affect on device security.

Until you factor in the fact that iOS uses the MAC framework from FreeBSD to enforce a pretty restrictive access, and has a solid centralised update system, while Android uses a fragile, hacky chroot()-based system and only gets updates for core system libraries on a few devices / carriers. Then it becomes a lot less clear.

Re:App permissions (-1)

Anonymous Coward | about 2 years ago | (#41975951)

MAC = Media Access Control
Mac = Macintosh

Please get it correct. It isn't very hard to do and it's rather annoying.

Re:App permissions (2)

Entrope (68843) | about 2 years ago | (#41976301)

In this case, MAC = Mandatory Access Control, and the GP was right.

Re:App permissions (2)

dbIII (701233) | about 2 years ago | (#41975893)

However in this case it's malware people paid for without understanding that it's malware. That one nasty step beyond Bonzi Buddy.

Re:App permissions (2, Interesting)

farble1670 (803356) | about 2 years ago | (#41976219)

Secondly, when one looks at the amounts of malware available for each platform it does become clear that the 'walled garden' does seem to have an affect on device security.

okay, so you are now admitting that there is malware on iOS? that's a big step. so, from now on, your argument is going to be that there's less malware on iOS?

Re:App permissions (1)

EGSonikku (519478) | about 2 years ago | (#41976819)

I've never argued there was none, only that there is far, far less. If you have numbers showing the contrary I'm all ears.

Re:App permissions (3, Informative)

EGSonikku (519478) | about 2 years ago | (#41976859)

In fact, when searching for articles on iOS malware this is what one finds:

http://www.mactrast.com/2012/11/report-android-gingerbread-most-malware-prone-mobile-os/ [mactrast.com]

"much still remains to be done before Android users can sleep as soundly as iOS users do."

and:

http://www.forbes.com/sites/andygreenberg/2012/07/05/researchers-say-iphone-users-hit-with-app-stores-first-ever-spam-sending-app/ [forbes.com]

The first EVER spam app hit the iPhone just this year - and was very promptly removed from the App Store.

"Just as antivirus researchers congratulated Apple for keeping the iPhone free of nasty apps five full years after its release, spammers seem to have finally tarnished that spotless record."

So I think it's fair to say that while not perfect (and who is?) that iOS has really done a remarkable job keeping the malware off it's platform. Android has gotten better and I freely admit that, and it's a good thing. But it's definitely not up to snuff quite yet compared to the competition in that particular area.

Re:App permissions (1)

Anonymous Coward | about 2 years ago | (#41975829)

Apple can't test every possible use-case and scenario of an app.

Re:App permissions (3, Insightful)

Hatta (162192) | about 2 years ago | (#41975433)

Exactly. The article asks if this mistake is forgivable. The mistake isn't even the problem, that the app asks for permissions that it doesn't need is already a deal breaker.

Re:App permissions (0)

Anonymous Coward | about 2 years ago | (#41975899)

Exactly. The article asks if this mistake is forgivable. The mistake isn't even the problem, that the app asks for permissions that it doesn't need is already a deal breaker.

I agree completely. On an off topic note, why does a stopwatch program need to be able to send premium SMS messages? Just saying.

Legal liability (5, Insightful)

Lisias (447563) | about 2 years ago | (#41975235)

This is character assassination.

You know that old joke about crying "FIRE" in a crowded theater? The bottom line is that you must be damn sure the place is really catching fire before doing that.

The software owner should be legally charged.

Re:Legal liability (2)

Intrepid imaginaut (1970940) | about 2 years ago | (#41975361)

I'd expect a few libel suits in lieu.

Re:Legal liability (1)

Anonymous Coward | about 2 years ago | (#41975489)

Could you tell me the punchline to the old joke about frying FIRE? I think I missed that one.

Re:Legal liability (5, Funny)

Anonymous Coward | about 2 years ago | (#41976435)

It's yelling "movie" in a crowded firehouse

Re:Legal liability (-1)

Anonymous Coward | about 2 years ago | (#41975767)

Slashdot: where selling tens of thousands of bootleg CDs for profit should be legalized, but making a software error should be criminal.

Re:Legal liability (1)

flimflammer (956759) | about 2 years ago | (#41975845)

What major user group on Slashdot believes people should be allowed to sell bootleg software?

Cut out your bullshit.

Re:Legal liability (1)

blade8086 (183911) | about 2 years ago | (#41976339)

Go check all of the stupid comments (not mine of course) ha on:

http://yro.slashdot.org/story/12/11/13/2120215/in-mississippi-15-year-jail-sentence-for-selling-pirated-movies-and-music

Re:Legal liability (1)

alantus (882150) | about 2 years ago | (#41975919)

The problem is not the software error, its the malicious intention of the developer by coding an app to humiliate the user behind his back with his friends whenever it thinks it was pirated.
Even if the piracy detection works, the intention is still there.
What's next? posting your private pictures to facebook? Sending your passwords to the developers?

Re:Legal liability (1)

Anonymous Coward | about 2 years ago | (#41976599)

Exactly. This is illegal even if the app were pirated. Piracy is a matter for police, not for public shame; resorting to that is libel. Further, it is still identity fraud.

Re:Legal liability (1)

VortexCortex (1117377) | about 2 years ago | (#41975889)

You know that old joke about crying "FIRE" in a crowded theater?

Nope, does it have anything to do with assassinating the characters?
Maybe it's related to those horrible laws against little boys yelling "WOLF" in small villages... I mean, that's both Sexist and Ageist.

The software owner should be legally charged.

Hmm. So, you're proposing we prosecute the people who bought the software that's defaming them, legally (as opposed to charging them... figuratively)?
Isn't that a bit like yodeling "THEATER" in a crowded fire?

Re:Legal liability (1)

The1stImmortal (1990110) | about 2 years ago | (#41976085)

Copyright owners have been telling us for years that we dont own our software/music/movies, only a license to them...

Re:Legal liability (1)

Anonymous Coward | about 2 years ago | (#41976083)

This is textbook libel. These people WILL be sued into the ground, and for good reason. This is exactly why the often-misused libel and slander laws exist to begin with.

Re:Legal liability (1)

Entrope (68843) | about 2 years ago | (#41976311)

Don't forget to include the almost equally textbook identity theft claims when filing the defamation action...

Economics (1, Insightful)

YodasEvilTwin (2014446) | about 2 years ago | (#41975257)

Regardless of whether piracy is right or wrong, people will always do it. It's an economic problem. Many people will stop if the price is low enough; for others, "free" in both senses is the only price low enough. This is reality, and it will never change. Creators and their associated industries need to get over it. There will never be a way to stop everyone, there will never be a way to catch everyone.

That said, it may also be good economics to implement DRM in some cases; you have to weigh the benefits against the costs. (This does not appear to be one of those instances; this company is fucked.)

Re:Economics (4, Interesting)

sjames (1099) | about 2 years ago | (#41975325)

None of that is applicable here. The app is hijacking the users twitter credentials to falsely claim that they are pirates.

Even if I accept for the sake of argument that DRM is OK in general, I see two major ethical problems there.

Re:Economics (2)

RocketRabbit (830691) | about 2 years ago | (#41975441)

How do we know it is falsely claiming that the users are pirates? The guy in the link admits to using Installus which is an application specifically crafted for piracy. Maybe he pirated it, maybe he didn't, but who likes to admit to being a criminal even when busted red-handed?

Re:Economics (4, Informative)

tftp (111690) | about 2 years ago | (#41975647)

How do we know it is falsely claiming that the users are pirates?

Because at least one instance of a false positive is known. The guy has the receipt. Nothing else matters; the guy is not a pirate.

The guy in the link admits to using Installus which is an application specifically crafted for piracy.

How does that change the fact that the guy has paid his dues with regard to the dictionary? Even if he pirated all other applications - which he denies - this doesn't give the dictionary a right to accuse the owner of anything. Besides, the guy claims that he needed Installus for a legitimate purpose: " you can use it to go back to an older version of an app you legally own. This is otherwise impossible in iOS."

Libel (1)

Anonymous Coward | about 2 years ago | (#41975273)

I would sue the app author for libel because thats exactly what it is.

That's all fine and dandy... (0)

DewDude (537374) | about 2 years ago | (#41975317)

...till you get a phone that for whatever reason refuses to post tweets. Go ahead apps; try to post a tweet to my account....I can't even tweet from my phone.

Re:That's all fine and dandy... (-1)

Anonymous Coward | about 2 years ago | (#41975421)

look at my pussy, bitch

Looks like it might have been pirated after all! (-1, Troll)

Anonymous Coward | about 2 years ago | (#41975365)

The author of the article admits to using Installous, which is a program for installing pirated iOS applications.

Maybe he was just pissed that he was busted!

Re:Looks like it might have been pirated after all (-1, Troll)

aristotle-dude (626586) | about 2 years ago | (#41975475)

The author of the article admits to using Installous, which is a program for installing pirated iOS applications.

Maybe he was just pissed that he was busted!

So it is either pirated or he pirated other apps in the past and he is running them on a jailbroken device. This probably would not affect anyone who had was running it on a non-jailbroken device.

It is possible that the detection mechanism checks to see if the device still has BSD jails enabled and assumes that if it is running on a jailbroken device then it is probably pirated.

I don't have too much sympathy for this person given than they were stupid enough to jailbreak their device leaving it wide open to exploitation and had installous installed.

Re:Looks like it might have been pirated after all (-1)

Anonymous Coward | about 2 years ago | (#41975497)

Fuck you

Re:Looks like it might have been pirated after all (2)

flimflammer (956759) | about 2 years ago | (#41975861)

Except that he explained the reasoning for having Installous on a jailbroken phone, and others have rung in saying that Installous isn't what's flagging it, or the only reason.

Re:Looks like it might have been pirated after all (-1)

aristotle-dude (626586) | about 2 years ago | (#41976119)

Except that he explained the reasoning for having Installous on a jailbroken phone, and others have rung in saying that Installous isn't what's flagging it, or the only reason.

There is no rational for having installous on a jailbroken phone other that to install pirated apps. You can have a jailbroken phone without installing installous.

Re:Looks like it might have been pirated after all (1)

squiggleslash (241428) | about 2 years ago | (#41976207)

Well, he gave a rationale so you're apparently wrong. And nobody suggested that Installous was required for jailbreaking, so why mention that?

Re:Looks like it might have been pirated after all (-1)

Anonymous Coward | about 2 years ago | (#41976305)

...There is no rational...

It's rationale, moron

...for having installous on a jailbroken phone other that to install pirated apps...../

If you'd bothered to rtfa before flapping your gums:

Besides, the guy claims that he needed Installus for a legitimate purpose: " you can use it to go back to an older version of an app you legally own. This is otherwise impossible in iOS."

Who's the bitch, loser?

Re:Looks like it might have been pirated after all (5, Informative)

c0lo (1497653) | about 2 years ago | (#41976425)

Except that he explained the reasoning for having Installous on a jailbroken phone, and others have rung in saying that Installous isn't what's flagging it, or the only reason.

There is no rational for having installous on a jailbroken phone other that to install pirated apps.

TFA:

When Scanner Pro, which I also legally own, introduced a bug in the app that made the app stop working completely on my device. Installous lets you browse a list of available pirated versions of the app, which also means you can use it to go back to an older version of an app you legally own.

Does the above says something about your rational abilities? Naaahh... a simpler explanation exists: who the hell bother to actually RTFA?

Re:Looks like it might have been pirated after all (1)

Anonymous Coward | about 2 years ago | (#41976711)

<advocate client="devil">
Note that he does not "legally own" Scanner Pro as he claims, rather he holds a license which permits him to use it under certain conditions. I rather doubt those conditions include "download old versions from piracy apps", so he surely is using it precisely to violate copyright, or in the common parlance, "to install pirated apps", despite the apps not having been taken by force on the high seas.</advocate>

Copyright law: it's hilariously busted, but let's fix or eliminate it rather than making excuses for violating it.

Re:Looks like it might have been pirated after all (1)

c0lo (1497653) | about 2 years ago | (#41976395)

The author of the article admits to using Installous, which is a program for installing pirated iOS applications.

And a hammer can be used to crack skulls as well as for any problem that looks like a nail. Should we shame the hammer users?
(my point: don't blame a tool, because a tool is a tool)

When Scanner Pro, which I also legally own, introduced a bug in the app that made the app stop working completely on my device. Installous lets you browse a list of available pirated versions of the app, which also means you can use it to go back to an older version of an app you legally own.

Probably only affects jailbroken devices. (-1, Troll)

aristotle-dude (626586) | about 2 years ago | (#41975487)

Don't expect to have software support if you are going to remove all safe guards in your OS.

Boycott app stores (2, Interesting)

KiloByte (825081) | about 2 years ago | (#41975499)

There's a simple solution: never install programs from an untrusted source, such as an app store. A source that's trustworthy has the sources you can download and read -- and if any such a logic bomb is found, it can be removed immediately -- not that code with such a bomb should be really allowed back without a thorough review. This possibility makes such sabotage virtually absent in free software.

Re:Boycott app stores (1)

pclminion (145572) | about 2 years ago | (#41975635)

So, if you were reviewing the code for an app and found some sneaky logic, you'd just remove it and proceed to use the app anyway?

You think the person who put one thing like that in there, didn't also put ten things like that? And you think you're smart enough to be able to recognize them all? I think that's insanely reckless.

Re:Boycott app stores (1)

KiloByte (825081) | about 2 years ago | (#41975731)

In that case, I'd avoid the app in question like a plague. What I meant are projects with many commiters, only one of whom is bad. And even then, such review can be really hard [wikipedia.org] .

Re:Boycott app stores (2)

VortexCortex (1117377) | about 2 years ago | (#41976117)

So, if you were reviewing the code for an app and found some sneaky logic, you'd just remove it and proceed to use the app anyway?

Yes. We wouldn't have had Unix without its C compiler...

FTJF [catb.org]

Historically, back doors have often lurked in systems longer than anyone expected or planned, and a few have become widely known. Ken Thompson's 1983 Turing Award lecture to the ACM admitted the existence of a back door in early Unix versions that may have qualified as the most fiendishly clever security hack of all time. In this scheme, the C compiler contained code that would recognize when the login command was being recompiled and insert some code recognizing a password chosen by Thompson, giving him entry to the system whether or not an account had been created for him.

Normally such a back door could be removed by removing it from the source code for the compiler and recompiling the compiler. But to recompile the compiler, you have to use the compiler — so Thompson also arranged that the compiler would recognize when it was compiling a version of itself, and insert into the recompiled compiler the code to insert into the recompiled login the code to allow Thompson entry — and, of course, the code to recognize itself and do the whole thing again the next time around! And having done this once, he was then able to recompile the compiler from the original sources; the hack perpetuated itself invisibly, leaving the back door in place and active but with no trace in the sources.

The Turing lecture that reported this truly moby hack was later published as “Reflections on Trusting Trust”, Communications of the ACM 27, 8 (August 1984), pp. 761--763 (text available at http://www.acm.org/classics/ [acm.org] ).

You see, the behavior of which you speak is in the very definition of "back door". With the source code available, it's actually possible to compare the expected compiled binary to the resulting binary. If you're talking about some cleverly hidden in plain sight vulnerability we just call those "bugs", and carry on. Deliberate bug infested additions rarely persist beyond refactoring and further contributions. Eg: Only about 2% of Linus' original code remains in the Linux kernel due to code churn. Not that I suspect such foul play, but it would be pretty hard to coordinate a persistent threat in open source code unless the code rarely changes.

Re:Boycott app stores (2, Insightful)

Anonymous Coward | about 2 years ago | (#41975833)

http://notanumber.net/archives/54/underhanded-c-the-leaky-redaction

Evil code can look completely simple and benign. You would never catch this kind of shit reviewing an app's source code. At some point, you just have to trust the developer.

Re:Boycott app stores (1)

Em Adespoton (792954) | about 2 years ago | (#41975955)

There's a simple solution: never install programs from an untrusted source, such as an app store. A source that's trustworthy has the sources you can download and read -- and if any such a logic bomb is found, it can be removed immediately -- not that code with such a bomb should be really allowed back without a thorough review. This possibility makes such sabotage virtually absent in free software.

This is a SIMPLE solution? You're going to get some bare hardware, pressure the manufacturers of the hardware components for the source and flashing tools for the firmware (so that you can personally code review the firmware prior to flashing). Of course, you also have to bootstrap your flashing tool to ensure it's not injecting something. Next, you have to do a full code review of the OS you dump onto the device, with only people you trust doing the review. When that's done, you start in on the apps themselves.

By the time you're done, it's 5 years later, and everything you're running is woefully obsolete and incompatible with what all the "good enough" users are using.

You have to trust people to some degree just to get things done. Openness of code is nice, but you still have to trust the reviewers and the review process (and that what got reviewed is actually what gets installed).

Re:Boycott app stores (1)

KiloByte (825081) | about 2 years ago | (#41976037)

Debian is ------> that way. Go use it.

Android without a malicious telco is not outright bad. There's typically a bootloader and some minor parts that can't be reviewed, though -- and the phone really needs to be rooted and reloaded with some known-good build.

I'm not paranoid, but trusting people is good only if they have some incentive to be trustworthy. A closed app on the other hand gives them no benefits for being honest and plenty of opportunities to try to make additional dime at your cost.

Approved Malware (4, Interesting)

Dan East (318230) | about 2 years ago | (#41976831)

I've been rather surprised at the porousness of Apple's walled garden. My iPad is 100% stock (not jailbroken, etc), and all of the apps came directly from the app store. A couple weeks ago I noticed some odd files in my dropbox root folder. There were two executables - one for Windows (Xbox 360 MSP Generator.exe.), one for OSX (IGenerate 6.7) - both for generating "free" XBox points. Fortunately Dropbox allows you to (via their web interface only) view the versions and history of files. Both those files came from my iPad. Then last week it happened again with just a windows executable (iLividSetup.exe), also from my iPad.

So some iOS app is interacting with the Dropbox app in some way (either via API or just throwing files into a folder that Dropbox must have all permissions open on). I have yet to determine which app it is. I only use 6 or 7 apps regularly, so I'm pretty sure it's not any of those, and I have yet to do a more systematic check on the other dozens of odd lesser used apps. The moral of the story is that these app stores are not foolproof by any means, and malware is still being approved, even if the attack vector is novel, dependent on a 3rd party app (dropbox) and is cross-platform.

Anyone else see this behavior in their Dropbox files?

Regardless... (4, Insightful)

klingers48 (968406) | about 2 years ago | (#41975509)

...Of whether or not the user has pirated the software, this kind of name-and-shame digital vigilantism on the part of the software author is just playing with fire. Especially (but not only) when it's shoddily coded and hitting false positives.

I can imagine them sitting around their dev table brainstorming "Ok guys, what's the best possible way we can open the company up to libel and defamation lawsuits? Hey, I know... Let's even give people who use and rely on Twitter as a business tool an opportunity to claim commercial losses against us as a result of an automated piracy accusation going out to their X-million followers!"

Sometimes things just aren't thought through very well...

Misrepresentation (2, Interesting)

Anonymous Coward | about 2 years ago | (#41975617)

The app is posting a tweet purporting to come form the user, whereas it actually comes form the app's author. As the app's message is implying that the user is violating copyrights, a crime, this is defamatory, so the author of the app is libelling the user. The user isn't a public figure, so doesn't have to prove malice on the part of the app's author. As I see it, the only defence for the app's author would be to prove that the user did illegally copy software.

Re:Misrepresentation (3, Insightful)

tftp (111690) | about 2 years ago | (#41976579)

As I see it, the only defence for the app's author would be to prove that the user did illegally copy software.

It wouldn't be even nearly enough. For example, an ISV cannot set fire to your house upon detection of unauthorized use. There is a specific limit to what software developers may do when they have a good reason to suspect piracy. Have a look at Microsoft's solution - MS had enough lawyers thrown at the problem, so what MS did is basically the maximum of what is legal and safe.

In this case the software developer committed several crimes. And those crimes do not even PREVENT the piracy! What would prevent it? Simple: just don't run the software! Or run it in demo mode. Good solutions are numerous.

One good advice that got overlooked here is this: always maintain good communication. Talk to the user. Let the user always know what is happening. Let the user make his decisions. In this case the software bypassed the communication phase and decided to become not only the detective, but also the judge, the jury and the executioner. Note that only a judge can order a convicted offender to publicly humiliate themselves. This rarely happens, but such sentencing does occur now and then - usually as an offer that can be refused (if you like the inside of a prison more, for example.) This software took upon itself the right that rare a human is entrusted with.

The company's name is Enfor. Ask for a refund. (5, Informative)

Anonymous Coward | about 2 years ago | (#41975619)

Seriously, would it be so hard to include that in the article?

The company you want to avoid from now on is called "Enfor", and they deserve to have this bullshit rubbed in their face. If you want to sock 'em in the gut, email Apple and explain to them what happened after you legitimately purchased the app, and ask for a refund. I'm sure this is breaking one of their SDK rules somewhere, but even if it isn't- they have a walled garden to protect legitimate users from this kind of crap. When stuff like this gets past them, it makes Apple look bad as well as the company who wrote it.

So email Apple and tell them how you feel about this betrayal of trust. Tell them the app has publicly humiliated/embarrassed you, that you want a refund, and that this whole situation has shaken your confidence in Apple's walled garden. If enough people do this, Apple will turn around and tear a strip off Enfor- either by freely issuing refunds to anyone who asks for it, or by taking down the offending apps (goodbye sales!), or by banning the developer.

Re:The company's name is Enfor. Ask for a refund. (1)

flimflammer (956759) | about 2 years ago | (#41975879)

It is included in the ars article.

Re:The company's name is Enfor. Ask for a refund. (4, Informative)

Sponge Bath (413667) | about 2 years ago | (#41976101)

The companies name is Enfour, not Enfor. Enfor Consultants (www.enfor.com) is a different company.

Apple failing at protecting software developers (1)

bhlowe (1803290) | about 2 years ago | (#41975749)

Apple should provide anti-piracy protection to its developers. It could--it is a walled garden and each device has a unique ID... but chooses not to.. Most developers don't make a penny selling iOS software... Apple should take as many steps as possible to encourage a healthy marketplace for quality developers. Ideas such as waiving the $99/year fee for apps that good but not yet profitable would be a start.. And re-vamping the app store to make it easier to find software would be another good first step.

Same way Apple should brick stolen phones.. But AFAIK, doesn't.

Re:Apple failing at protecting software developers (0)

Anonymous Coward | about 2 years ago | (#41976413)

If you can't spend $99/year to get access to the app store, you honestly shouldn't be in this business.

I wouldn't of paid $50 for the app (4, Insightful)

Nyder (754090) | about 2 years ago | (#41975821)

and everyone that knows me knows I pirate software, music, movies, whatever. In fact, I'm the go to guy.

See, I tell people I pirate software, so no, the app wouldn't bother me.

But it goes to show, the only people that buy dvd/bluray's are the ones who get hit with DRM and warnings about copyright, because I sure as fuck don't get those when I download pirated versions.

You buy goods because you like the abuse. I pirate the goods because I don't like to be abused.

Re:I wouldn't of paid $50 for the app (0)

Anonymous Coward | about 2 years ago | (#41976131)

That's some truly twisted logic there. I don't condemn you for piracy but I do think you're full of shit about why you do it. I know why I do it......because I can.

Re:I wouldn't of paid $50 for the app (0)

Anonymous Coward | about 2 years ago | (#41976581)

"I know why I do it.... because I can."

  When you assume that other people just have to have the same motivations and though processes as you do, it is called projection.

Re:I wouldn't of paid $50 for the app (0, Troll)

Anonymous Coward | about 2 years ago | (#41976297)

Having been to your blog, I'd address your virginity first, then your strange twisted moral compass next.

Re:I wouldn't of paid $50 for the app (-1)

Anonymous Coward | about 2 years ago | (#41976317)

Yeah, yeah, you wouldn't of paid $50. It sounds like you could care less about software piracy.

Do the right thing (0)

Anonymous Coward | about 2 years ago | (#41975857)

I would "do the right thing" and sue the shit out of the app developer for libel as well as Apple for allowing such trash inside their "walled garden".

/me is a lame software pirate (0)

Anonymous Coward | about 2 years ago | (#41975953)

/me is a lame software pirate

Libel (0)

Anonymous Coward | about 2 years ago | (#41975997)

The user of the app should sue the developer for Libel.

I'd sue them (1)

JustNiz (692889) | about 2 years ago | (#41976071)

I'd sue them for personal defamation and, If I operated in any business capacity, damages to my corporate/professional image.

Apple's nonexistent App Store "approval" process (1)

Anonymous Coward | about 2 years ago | (#41976269)

For all the high-and-mighty talk Apple bandies about regarding how carefully they analyze every app before approving it to be posted in the App Store, there sure are a lot of iOS Apps that do shady stuff like this.

The pirated version doesn't do that (1)

sgt scrub (869860) | about 2 years ago | (#41976289)

I'm finding more frequently the reason people use a pirated version is to avoid this type of stuff. I'd be willing to bet only 25% of their customer base knows that. I'd also be willing to bet future customers are going to think twice about paying.

Why did Enfour do it? "Only 25% of our apps in use are legitimate copies. Piracy is threatening the survival of all independent devs," she wrote.

Enfour, Inc Oxford Deluxe dictionary app devoloper (2)

Stan92057 (737634) | about 2 years ago | (#41976299)

There that's who they are! so claims the article.Don't buy their products and send them alot of pissed off customer emails. Let em know how ya feel.

Should be illegal (1)

nurb432 (527695) | about 2 years ago | (#41976459)

Doing crap like that should be illegal.

The 'author' should be taken out back and flogged for it.

Load More Comments
Slashdot Login

Need an Account?

Forgot your password?