I think it should be made very clear, in the context of Hacker News, that one of the primary reasons that these sites have been operating as long as they have is because of support from Stripe, who handled their payment processing.
The developer of this program keeps opening PayPal accounts, and PayPal keeps shutting them down. In just December, this developer got two PayPal accounts shut down; the latest one was only used for four days before it was whacked.
However, despite careful and detailed explanations to Stripe--and despite them saying they would look into the matter--this website has been operating and taking payments using their payment processing system for months.
Also, while the developer of Zeusmos claims in the "update" to the article that his application was never supposed to encourage piracy, it came by default with its search results coming from a website called AppTrackr, a large repository of cracked applications.
In the last few months, the developer decided he wanted to "stray away from AppTrackr", but the result was not to move further from piracy: it was to become less reliant on that one piracy site and instead use another one called AppCake.
Meanwhile, the developer has often compared his service to Installous, saying on his Twitter account that "its somewhat like Installous, but better"[1] and that it "has many features that Installous does not excel at very well"[2].
With your rather unique experience of running the Cydia Store on jailbroken iOS devices can you provide more information on the process loopholes these approaches (Zeusmos and Kuaiyong) are exploiting?
In order to deploy code (without jailbreaking), you need to have it signed by a certificate that is valid for the device you are using. With a normal developer account, you can provision certificates for up to 100 devices. Signing an application is fairly simple (I implement most of the intricate pieces in an open-source program called ldid, but do not do the official signature parts).
Putting this together: you simply get paid developer accounts from Apple (you will need to keep getting more of these, as you will run up against the 100 device limit), ignore the part of the contract you sign that states that you are not allowed to redistribute the certificates they give you, and instead automate a process to log in to Apple's portal, add a UDID to your account, and download an updated provisioning certificate.
Connect this up with a payment processor that is willing to look the other way and an app that is capable of doing the signature process for apps locally for the user, and you are done. The device is already capable of installing certificates and applications that are signed by them from websites (see Test Flight for a commonly-used legitimate example), so the final steps are easy.
(With an Enterprise account, you don't have to worry about the number of devices; however, the contract terms are much stricter, the system has more mechanisms for Apple to turn you off, and Apple will probably care more if you attempt to abuse it. In essence, an app signed by an Enterprise certificate can be installed on any device, anywhere, at any time until the certificate's three-year expiration date hits.)
Given that developer accounts cost money, and paying requires giving personally identifiable information, what keeps Apple from seeing that you are buying multiple accounts?
So, first off: I really do not believe that this service (Zeusmos) was that popular; I mean, when you hear about the number of people who were using Installous (omg too many ;P), the number of people using Zeusmos would be this tiny tiny speck in comparison.
Once you are only talking about hundreds or even in the low thousands of devices (as opposed to tens of millions), you can satisfy the demand by getting a bunch of friends from your high-school class (the developer of Zeusmos was 15) to register for individual developer accounts and then contribute their Apple ID and passwords to a pool.
Based on what it says in the article (edit: which a friend of mine is telling me might be wrong, so maybe these people are doing something more complex), the other product (Kuaiyong) was using a single Apple Enterprise certificate: you only need one of these to satisfy an infinite number of devices, and they probably were signing the stuff on their server rather than on the client (so not redistributing the certificate).
That said, the rules on how you can use an enterprise distribution certificate are quite strict: you can sign applications used only by 1) employees of your company; 2) customers of your company who are physically present at your company's place of business; or 3) customers of your company who are being physically supervised by an employee of your company while at another location.
It makes me sad that these get used for piracy. They could be extremely useful by allowing widespread installation of apps that Apple won't accept in their store, but instead we get another lame piracy service that people will point to as evidence that Apple's walled garden approach is a good thing.
I suppose the positive in this is that it doesn't require a jailbreak, and so doesn't tarnish the jailbreak name which has already unfairly been painted with the Installous / piracy brush.
Jailbreaking already allows widespread installation of apps Apple won't let in their store. Its utility is far more than piracy.
I feel the exact same way. I jailbreak to develop on my own device and use Cydia for things they'd never let through. I've never used Installous or anything like it.
But piracy is a feature. It's good thing. Paying for stuff sucks. From a user's point of view, if Apple's walled garden approach prevents piracy, then that's just another reason their walled garden approach is bad.
Edit: I'm not even playing devil's advocate here, this is just honestly what I think, and I think what most people honestly think. Stuff is better when you don't have to pay for it.
Stuff sucks when you don't have to pay for it. That's why Android apps have never really held a candle to their iOS counterparts; piracy has been easier on Android. As an Android user, I'm just hoping this causes developers to not automatically develop for iOS first and then Android as an afterthought, if at all.
From a user's point of view, if walled gardens help support app devs making more apps, and those apps are worth more than the $1.99 or however much they cost, this is a net gain.
No. I have developed (free) software in the past, and I've contributed to larger projects as well, but I don't have as much time for programming anymore. I "make" a living through a combination of squatting, dumpster diving and occasionally theft (only from bad people though).
Great, lets all make our apps free so you don't have to pay for anything. Wait, you mean I can't just take the stuff I need to eat for free from a supermarket? That's crap.
Ridiculous example for a ridiculous statement. Piracy is not a feature. If piracy was a feature it'd be ridiculously easy to pirate games on all consoles, but it's not.
You can take stuff and eat it for free from a supermarket. It's called shoplifting and people do it all the time. Food should be free, by the way; you seem to think that it shouldn't be and that it's right that people are forced to work for some capitalist because if they don't they can't get money for food.
Your second statement doesn't make any sense. As a user, I consider "ease of getting stuff for free" a feature of a platform. All other things being equal, it's better to get something for free than to pay for it. The difficulty of pirating stuff for consoles is an anti-feature. Your argument is that if X is a feature then consoles would necessarily have it; consoles don't have it; therefore X is not a feature. There is no reason to assume that consoles would necessarily have every possible feature.
I've enjoyed reading your input to this thread. It's interesting that you're taking this stance, as clearly, I wouldn't expect it on this site. Most of these guys are developers; and more than likely don't have days of war nights of love on their bedstand.
Your opinion is valid. Of course getting things for free is great. But, you are not only speaking to most of the hand that feeds you here, but are also forgetting that a majority of the world operates on a cost-benefit... a majority of people are mostly motivated by money to spend their time doing things. And this is what the dude earlier was trying to say... developers (who are motivated by money) will not develop for a device they can't make money off of. Developing is their dumpster diving, just without the dumpster. It's simply an alternate (and arguably easier [un/fortunately]) way of being.
I have a day job and contribute to open source projects in ways that I can. I hope all developers do this, like I hope lawyers do as much pro bono work as they can; but I realize neither is the case.
Sounds like they haven't really broken apple's DRM - Zeusmos relies on getting a developer profile for your phone's UDID and re-signing the apps under that dev profile, which means the apps will expire in a year or so. And Kuaiyong relies on an enterprise profile by the looks of it, and i believe apple can remotely nuke enterprise profiles.
> Sounds like they haven't really broken apple's DRM
Yes and no.
No, in the sense that they are abusing the pay-for Apple developer services in order to get the software pushed to non-jailbroken devices. As such, they are still playing within the DRM system.
But in the case of Zeusmos, yes, Apple's DRM (FairPlay) is broken in that "re-signing" involves signing a copy of the (App Store published) commercial app that had its original DRM removed.
I'd like to point out that a method of resigning applications for piracy purposes has been around since early 2010, and that Apple doesn't have a history of taking action against services offering adding UDIDs to developer profiles for money.
Are you sure? A lot of "credit cards" in China are actually debit cards, where you must deposit money in your account up-front before you can spend. I don't see any reason why banks would make it hard for people to get these, since there's virtually no risk of bad debt.
However, there are also potentially strong reasons to avoid it.
1. China dissuades capital exodus. (They actually have a whole government bureau for this, the Foreign Exchange Management Bureau or 'waihuiguanliju')
2. My recent travels about Southeast Asia suggest that the government-run centralized interbank settlement network 'China Union Pay', is being supported by the government as a regional alternative to the de-facto global defaults Cirrus/Maestro (Mastercard) and Visa (Bank of America).
Anyway, the why doesn't matter. It's really the situation.
That assumes that transactions are always processed immediately. This is not the case. Some gas stations, and convenience stores, for example, will wait up to a week before actually charging your card (they frequently just check to see if you have funds available at swipe time). This saves them money on batching charges. As a result it is possible, with a debit card, to run up charges that exceed the available balance. That's why a credit check is required to give out a debit card with a visa / mc symbol on it.
So, even in the US, if you have bad enough credit, you may not be able to get a debit card even though in theory you shouldn't be able to charge more than you have.
Sorry, but am I the only one who dislikes the picture they used for the post. The flag of the pirate party has nothing to do with iPhone software piracy websites ...
DRM is such an utter and absolute waste of effort and money. Think of the millions of man-hours that have so far been misallocated on trying to "secure" digital content. It's just sad.
Eh, I think DRM has been pretty effective for Apple so far, still is, even with this. Pirating iOS apps is very uncomfortable, uncomfortable enough that those who can (i.e. those who have a credit card and are not completely broke) will in general buy, not pirate.
I mean, even their gift card distribution is now so effective (you can buy them everywhere you go) that even without a credit card, the app store is pretty damn comfortable – so even kids are not necessarily forced to pirate.
I think 80% of folks I know who have iPhones have them jailbroken, most of these people are pretty non technical as well. It's been a long time since I've used an iPhone for anything other than development, but I don't remember it being very difficult to jailbreak, and pirating apps isn't a difficult step from there.
iPhone 5 & iOS 6 Untethered Jailbreak: Where Art Thou?
15 mins ago by Rick Berke
It has been a few months since the rollout of iOS 6. In that time we have yet to see a successful iOS 6 untethered jailbreak for the two main smartphones in waiting – the iPhone 4S and iPhone 5.
This has left iPhone 4S users on iOS 5 and iPhone 5 users left with no option but to remain locked down. So where is the iOS 6 untethered jailbreak? Let’s take a look at the progress so far.
Starting off in September, we saw the first evidence of an iOS 6 jailbreak from chpwn, who gave us a glimpse of an iPhone 5 jailbroken and running Cydia.
Then in October came news from @planetbeing of a tethered iOS 6 jailbreak under development, and the solution was usable but needed a developer account.
Then it November @planetbeing returned and said that he was even closer to a public release but “missing critical pieces.” At the time he showed IntelliscreenX running on an iPhone 5.
Then in December we were met with a number of hoaxes including a very convincing one from Dream JB. Lastly in the last days of the year, famed iOS hacker pod2g in an interview with iDownloadBlog said that he was, “very confident about the next 6 months” when it came to an iPhone 5 compatible iOS 6 untethered jailbreak.
And that’s where the music has stopped. If so, it may be deep into the summer before the iPhone 5 will be jailbroken. We sure hope this isn’t the case.
FWIW, this is all a recent development; the iPhone 4, for example, was entirely defeated: Apple can't fix it with software updates, they have to go back to their manufacturing process and start using new low-level bootloaders. There are definitely jailbreaks for the iPhone 4 for iOS 6, and there will continue to be when Apple releases iOS 7.
Given that Apple then continues to sell the iPhone 4, and they continue to sell very well, you have to defend the argument that "DRM is working well for Apple" against "jailbreaking many devices are easy" even if not "jailbreaking all devices are easy". This is especially true given that these old devices not just sell, but sell well.
Being heavily ingrained in that side of things, would you call a tethered jailbreak 'entirely defeated'?
I understand that the base exploit is there, but for me at least, the thought of being tethered and not being able to count on my phone when it runs out of battery is tough.
There's nearly half a million devices that have been jailbroken on iOS 6 (over 470k). To the extent to which that number is low because of the lack of a tethered jailbreak, the lack of a jailbreak on recent devices, or simply the lack of interest in iOS 6 (as the main feature seems to be "Maps no longer works well"), I am not certain.
However, for purposes of "DRM has won against piracy", you have to first look at the demographics of piracy: the average person on Hacker News is a technically proficient user who is out a lot and relies on their cell phone for everything in their lives, from driving directions to business calls to reading websites like Hacker News.
Your average pirate is from a fundamentally different set of demographics: one of the most common is a middle-school or high-school student that shares an iPod touch (not an iPhone) with their sibling; the device probably doesn't leave the house much, and was a hand-me-down from the father (who probably doesn't have much time for games anyway).
I thereby take a lot of issue with people who attempt to frame conversations about anything involving normal people--whether it be the benefits of closed ecosystems, how users spend their money, or really anything--by aiming the spotlight on people who have enough money to own an iPhone 5, or even an iPhone 4S: the iPhone 4 is still selling, and it is still selling like hotcakes, because it costs $200 less up-front. I would even argue that it would be selling better than it is if it weren't perpetually sold out ;P.
In all honestly, I am not even certain why anyone would spend $200 to get an iPhone 5 instead of the iPhone 4, and I actually understand many of the various subtle technical differences... to the normal user, though, the only things they really are able to make decisions about are how the iPhone 4S supports Siri (which, of course, the iPhone 4 could easily handle, as demonstrated by the numerous jailbroken users who actually have installed it on that device--but then this device would have nothing at all which differentiates it to the normal consumer ;P), and that the iPhone 5 is slightly taller (which might even be a turn-off) and has a metallic back (which many will perceive as making the phone more sturdy to drops, but AppleCare+ protects against accidental damage--including drops--and costs only $100).
The result is that if you want to discuss what people who feel even slightly money-constrained are doing, you have to do so in the context of the iPhone 4. Yes: there are people who own recent iPhones and pirate, but at least the few I know (grrr) are in a very weird demographic (super-highly technical people who believe it is a moral sin to purchase information bits and will go to insane lengths to never spend a dollar on, say, iTunes).
I think looking at the technical side of things as an attraction for 'normal' consumers, is the wrong way of going about it, especially with consumer electronics. It's pretty evident by now that people want the latest (and perceived best) device, even if the technical differences aren't that massive. It's enough to be able to say to friends, "I got the iPhone 5".
I'd also assume the iPhone 4 being perpetually sold out is either a determined move by Apple to force sales on upper models, or is just a result of having production lines focused on the upper models. I don't doubt they'd sell either though.
Admittedly I used to be that person, as a teenager. Once I got full time employment, I definitely starting buying more things I would pirate, both for the reason that it was a pain getting updates to apps (Apple does well in this regard), and also because there was no financial reason for me not to if I had the money.
I would imagine, even if most users can't do it themselves, other family members or friends will do it for them, in the same way they've been installing Chrome on their computers before. This can quickly (a few years) lead to a large portion of the users using jailkbroken devices, and getting used to having their device jailbroken.
If you are willing to help lots of nontechnical people jailbreak their phones you better have a lot of time for the thousands of support questions they flood you with.
I'm pretty tech savvy, I work with very tech savvy people. Many of them write firmware, network routing systems, and spend hours a day JTAGing various spins of our NICs.
I don't know how to jailbreak my phone, nor have my dozen or so google searches yielded anything useful, nor do any of my colleagues have jailbroken phones - despite being precisely the type of people who want to.
Jail breaking used to be straightforward a couple years ago, but for anyone with a recent phone (I have an iPhone 5, colleagues have iPhone 4S's) - it's become pretty difficult.
I doubt that most of the people who pirate have a recent phone: they probably have hand-me-downs from their parents or purchased the device second-hand off of eBay.
In fact, if you consider piracy a feature, you probably purposely purchase an older phone: Apple still sells the iPhone 4, which continues to be trivial to jailbreak.
I don't know a single person with a jail broken phone. My wife, parents, and most kd my friends couldn't even articulate the concept. Then again my circle has a log fewer engineers these days than it used to.
Oh good, I didn't realize it was not hard to jailbreak. Can you tell me where to find a jailbreak for my 4S running the latest iOS? I haven't been able to find one.
Just because it is hard for people who have the latest-greatest device, does not mean that it is generally hard: many users (I would argue especially the demographics that pirate) either still have or are newly acquiring older devices.
A 4S is hardly "latest-greatest", and having to specifically buy a different (and inferior) device in order to jailbreak definitely qualifies as "hard" in my book.
Read: http://news.ycombinator.com/item?id=4995559 (this was posted by me in response to someone else 7 hours before your comment, but it directly addresses your argument: concentrating on anything but iPhone 4 is a very "I have a lot of both money and knowledge about technology"-focussed way of approaching this problem that loses touch with the actual demographics that are being discussed when you look at piracy...)
The DRM makes pirating less comfortable. If you could just go to some website and download the app and drag it into iTunes to get it on your device (that’s what dropping DRM entails) pirating on iOS would be very comfortable, probably on a level with using the App Store.
It's pretty hard to argue that DRM doesn't reduce piracy. The overwhelming evidence from the last several decades (everything from the piracy rate on Commodore Amigas vs DRM'd consoles to modern ebook DRM) is that DRM has a significant impact on reducing the amount of piracy that occurs.
Most of the arguments against DRM aren't about it's ineffectiveness in reducing piracy, but rather its implication for privacy and ownership rights.
The trouble is that piracy reduction is the wrong end of the stick. What content creators benefit from is increased purchases, which does not necessarily follow from reduced piracy. I would agree that it's fairly clear that DRM reduces piracy, but it's not at all clear that this then results in increased sales.
PDF's convert to epub pretty well these days. You can even use good Text-To-Speech engines to read the converted epub aloud to you afterwards, so you get the benefit of having the equivalent of an audiobook, too.
As predicted, the Hackulo.us shutdown simply spurred the adoption of more effective software piracy tools. Between Aptoide on Android, which somehow is available via the official app store and also doesn't require rooting/jailbreaking [1], and these new iPhone piracy services, I wonder if we'll start to see changes in the way we approach software monetization. Requiring in-app purchases, for example, is quite effective.
Zeusmos has been around before the shutdown, but articles like this are just giving them publicity and pushing them into the light. Zeusmos runs on the apptrackr API, which has also been shutdown, so the shutdown also hurts them.
Perhaps I am missing something here (correct me if I am), but Android has never needed root privileges to run 3rd party apps. Just have to check off the "unknown sources" box under application settings and any sort of app can be side loaded. I'm just guessing this app is just a way to easily facilitate the download of such apps? If so, then users can install them, but they don't get updates to them on the market (it'll just say invalid license or "you don't own it").
The Android Market is also rather slow to take things down. I've seen MP3 downloader apps that just link to gray area music at best and blatant ripoffs of well known games (such as cut the rope and plants versus zombies) stay listed for months. Eventually they seem to disappear, but then another app pops up in its place.
Most apps on both platforms are already free, and the percentage is increasing. Also on both platforms, the highest grossing apps are the free ones (with ads and in-app purchases).
For the most part, it seems to be people going to a lot of trouble to save a dollar or 2 on app purchases, the type of people that were unlikely to buy anyway.
People still aren't able to make arbitrary in app purchases for free? If that is the case piracy might end up making the developer more in the long run.
>the type of people that were unlikely to buy anyway.
As someone whose Android app has wound up on some pirate sites, it's not so much the lost revenue I'm worried about. It's the possibility that the version of my app on some Chinese pirate site has been repacked with malware.
Is it time to go back to the early-'90s-shareware model of annoy screens? Release two versions of your app to the app store, one free with a ten second long "you're a bad person" loading screen, and one that costs a bit.
As a consumer, I prefer this style of monetization to in-app purchasing. At least I know what I'm getting and what the reviews mean. Oddly, though, the market doesn't seem to agree with me. Demo/shareware apps just don't seem to do well.
Obviously the average consumer and I just don't see eye to eye about something. I have no idea what, though.
I think anyone downloading apps from a Chinese pirate site can expect to get malware sooner or later. I wouldn't be too concerned about it if I were you.
Maybe its time Apple and Google start providing receipts that devs can validate themselves. Apple already provides this on OSX and it makes it hard to mass pirate all apps.
Wow, it's certainly interesting to see how the consensus on Piracy changes on HackerNews when it's iOS apps and not music/media that's being downloaded. The article even goes so far as to call it stealing and not one person has piped up to point out that they're merely copying bytes, not removing utility from anyone else.
The PirateBay receives a lot of support when it's mentioned here. I imagine if I opened a "PirateBayForApps" on which I carried both legitimately free apps and pirated apps, I might not receive the same support.
On one hand this could be a great alternative distribution channel, on the other hand developers get nothing and another risk is Apple can shut their accounts down at any time.
The developer of this program keeps opening PayPal accounts, and PayPal keeps shutting them down. In just December, this developer got two PayPal accounts shut down; the latest one was only used for four days before it was whacked.
Dec 24: "PayPal is back online for http://zeusmos.com and http://uhelios.com – Happy Holidays everybody!" -- https://twitter.com/uhelios/status/283260362919395328
Dec 28: "I'm absolutely done with PayPal. This is ridiculous." -- https://twitter.com/uhelios/status/284654128339243009
However, despite careful and detailed explanations to Stripe--and despite them saying they would look into the matter--this website has been operating and taking payments using their payment processing system for months.
Also, while the developer of Zeusmos claims in the "update" to the article that his application was never supposed to encourage piracy, it came by default with its search results coming from a website called AppTrackr, a large repository of cracked applications.
In the last few months, the developer decided he wanted to "stray away from AppTrackr", but the result was not to move further from piracy: it was to become less reliant on that one piracy site and instead use another one called AppCake.
Meanwhile, the developer has often compared his service to Installous, saying on his Twitter account that "its somewhat like Installous, but better"[1] and that it "has many features that Installous does not excel at very well"[2].
[1]: https://twitter.com/uhelios/status/274859392812318720
[2]: https://twitter.com/uhelios/status/239863143793324032