How to prevent .ipa hack!!

There's not much you can do. Apple's drm is pretty weak with regard to the apps (the "cracking" method is pretty straight forward and simple).

About the best you could do, is probably implement some kind of serial system, but that would just cause more hassle for paying customers, and probably just end up getting cracked as well.

That said, you can probably take comfort in the fact that jailbroken devices make up a very small amount of the market.

Oh and yea, both of our paid apps got cracked. One a day after it was released.

I remember a post here about some guy who implemented a method where he checked file permissions on the device to work out if it was jailbroken and refused to launch if it was. I can't find it at the moment through search but maybe you'll have better luck!

But that solution won't work as posted. He was checking permissions on a single file outside of his own app. That's not a valid test because someone could have a jailbroken device (which is not a crime in itself) and a legitimate copy of your app. Not running your app (or crippling it) just because the device is jailbroken is not a good idea.

I haven't seen anyone post a real way to determine if your own app is installed without proper purchase via iTunes.

I've done it and the hackers had to modify my application's binary to remove the check. It gave them a really hard time and took them a month to crack it 🙂

You can make a distribution build and then use show package contents on the file to find out how big the info.plist is. Then modify your code to check for that size and rebuild it.

Apple doesn't modify it. I was worried about that too 🙂

I don't know what you mean about being modified. It has all kinds of properties for your app inside it. Changing the name or version number could modify the size, so just make sure the size check is the last thing you change before releasing your app.

The problem is the same as always. Once you think you found a solution and it becomes popular in many programs, then the crackers will most certainly create an automated countermeasure against it. Its always cat and mouse. Its probably best to keep your own trick that prevents the "standard" cracking for yourselves, the more different approaches there are, the more difficult it gets to create cracks for them all.

Dear developers,

Use following emails to report the abuse of their website for distributing copyrighted materials. I did the same and they have removed my app from their website.

dmca-agent (at) sendspace (dot) com
abuse (at) mediafire (dot) com
abuse (at) rapidshare (dot) com

<Edited by Moderator>



Following is the email template that they ask to be sent .

Hello,
My name is <YOUR NAME>
and Address is: <YOUR ADDRESS>
Telephone: <YOUR NUMBER>

Following link on <WBSITE NAME e.g. RapidShare> allows a copyrighted material to be downloaded for free.
<LINK TO THE APP WHERE IT CAN BE DOWNLOADED FROM>

This is an iPhone app which has been cracked and hosted on <WBSITE NAME e.g. RapidShare>.
You can find the original app in iTunes app store at following link.

<ITUNES LINK>

The <WBSITE NAME e.g. RapidShare> link is being displayed at following webpage.
<LINK TO THE WEBSITE WHERE APP IS BEING LISTED e.g. appulo.....!!! :)>

I request you to discard the file as soon as possible and help us.
I make this statement under penalty of perjury, that the information in this notice is accurate and that I am the owner of the copyrighted work.

<YOUR NAME>

Check the size the the info.plist and make sure it hasn't changed. This is contained within your app's bundle.

What in Info.plist would change with a hack?

They are changing the code signing identity in the info.plist to run using a hacked provisioning profile. Making sure the size doesn't change will prevent distribution in ipa form.

is this true? It's so easy yet no one does it??

I suggest we all submit support tickets to Apple on this. It is Apple's responsibility to provide a solution.