Microsoft planning to combat Windows Phone app piracy with new encryption

By Tom Warren, on 9th Nov 11 4:42 pm with 35 Comments

Windows Phone Marketplace

Microsoft is planning to combat the recent spate of Windows Phone app piracy with new server side encryption, according to reports.

The current state of the Windows Phone Marketplace allows users to download XAP application packages direct from Microsoft’s servers and sideload them using the ChevronWP7 labs tool or Microsoft’s official developer unlock. The practice allows users to pirate applications based on the acquisition of a XAP file. A number of developers have been left frustrated after having their XAP files made available to download freely.

Ars Technica reports (via WPCentral) that this is about to change. Windows Phone 7.5 “Mango” includes support for a new type of application encryption that prevents the piracy seen today. Microsoft is reportedly waiting to ensure that the majority of Windows Phone users have upgraded to Windows Phone 7.5 “Mango” before enabling the encryption support. The support will wrap XAP packages in a new layer of protection, preventing them from being sideloaded after they are published and downloaded from the Marketplace.

Nokia’s Music and Maps applications have both been ripped from their Lumia devices and ported over to non-Nokia devices. The Finnish handset maker is reportedly sending out cease and desist notices to sites involved in hosting the pirated applications. Nokia ships a Maps, Drive and Music application exclusively on its Windows Phone devices.

  • http://twitter.com/Henryed07 Henry Edwards

    What happens to those who installed the leaked apps I wonder?

    • http://twitter.com/Pieter_Kroon Pieter Kroon

      You’ll die a painful death and will burn in hell for your sins, probably…

  • Anonymous

    I’ve never understood why companies waste time with encryption…it’s been proven over and over that it doesn’t stop piracy.

    But since they’re going to do it, as long as they implement it in a way that doesn’t negatively effect legitimate customers I will hold off complaints.

    • Anonymous

      They owe it to the developpers to try protect their work and revenue

    • http://twitter.com/efjay01 Ef Jay

      Thank you. Most people always think of it from the angle of what they can get for themselves and ignore the dev who worked to create the application. Very few, if not no one would work for free but so many somehow expect to get stuff for free and will move mountains to get it. Pretty sad state our society is in.

    • Anonymous

      I agree that developers work needs to be protected, but encryption and drm methods can always be worked around by those who are hell-bent on pirating.

      Maybe developers should take matters into their own hands and either implement their own in-app payment system or registration.

    • https://profiles.google.com/christopher.gull/ CG

      If nuisance due to encryption starts to happen during sideloading, you can bet your horses on the fact that most people won’t bother, and that piracy will become a minority-activity.

    • Anonymous

      @openid-82529:disqus I disagree.  If you look back at the pc realm over the years, the more companies tried to protect their product with drm/encryption, the more people worked to break it.  If something doesn’t work people will search for a solution and keep trying.  Those that pirate don’t want to pay and usually won’t pay even if they can’t figure out how to get around the encryption.

      I’m not saying it’s right…I’m just saying that’s the way the world works.

    • phil jay

      The worst thing to happen would be if every dev invented his own registration system like you suggest.. Maybe some check against the database on/after installation if the app has been bought, but from what I know that never ended well. I think one should just calculate in a certain amount of pirated versions, keep it in its borders though. It’s not that of an problem.

    • https://profiles.google.com/christopher.gull/ CG

      @DrHotmann:disqus  I disagree with you on the other hand. I’ve seen my fair share of piracy during my years, and I’ve seen how tired people get from all the viruses, problems, even total computer breakdown due to pirate copied software. I’m not saying it’s not happening, I’m saying it’s decreasing as far as I’ve experienced, and I live and have lived with people who come from countries where piracy is their daily bread (including myself). They’re getting fed up, and rather pay a little to stop wasting their time on fixing problems they cause for themselves. Of course, if we talk about software that’s worth $2000 and is only used a few times or privately without money earning (such as Photoshop), that can’t really be counted, as is the case on a massive scale.

    • http://www.jeffkibuule.com Jeff Kibuule

      Effective DRM has never been about stopping hardcore pirates, but stopping casual “drive-by” pirates. If it takes 10 seconds as opposed to 10 minutes to pirate an app, most people will just download it anyway to save them the trouble. That’s the kind of stuff Microsoft really wants to stop (and will get actual benefits from stopping).

    • http://twitter.com/guldkatten guldkatten

      wp7 has failed. Its still a BETA OS

    • Guest2009

      You have failed in life, roaming around the interwebz to troll instead of doing something productive.

    • Anonymous

      you failed.

    • Anonymous

      developers can’t sideload groceries to put food on their tables. any measure that makes it harder to pirate apps is a good thing. sure, a determined users will always bypass that, but if you make it so easy to pirate apps that nobody purchases anything, there will soon be no apps, or they will all be ad infested.

    • Anonymous

      http://dukechronicle.com/article/lifting-drm-may-lead-less-piracy-researchers-argue
      p.s. if someone expects to make money in the mobile app world they better be pretty good or pretty lucky.  Most of the money made is by a few developers while the vast majority either of developers either lose money or just break even.  IMPORTANT: I’m not saying people shouldn’t try to make apps that will bring in money, but they should have realistic expectations and strive to put out a good app that people will want to buy.  As a developer myself (mostly web apps, but some mobile experience), I know how tough it is to make it on mobile apps alone…it’s one of those 1% type of situations.

    • http://twitter.com/PhilippMager Philipp Mager

      … Well you know, that there is a way, to get the full source code to all windows phone apps very easily (only if developers do something against it you can’t, but most developers don’t encrypt their binairies…)

      Believe me or not, but I have the full source code even to XBox-Live games like Need for Speed… For me as developer it is very scary to see. I for myself don’t steal another ones work, but I don’t think that many people do that that way. (Even it is kinda funny see some fail programming (I looked up an app of my friend ^^)) 

      Edit: Back to the Topic. They should do better encryption, but not to stop piracy (they won’t be able to stop that), but to lock at least the code.

    • Anonymous

      I’m not sure what you mean by “encrypt” binaries but it’s sad that people don’t go through the trouble of obfuscating their files after they have spent so much time developing their application. Especially since it’s available for free - http://www.preemptive.com/windowsphone7.html

    • http://twitter.com/PhilippMager Philipp Mager

      I meant of course obfuscating… But didn’t want to drop any words that bring people bad ideas :-P . Great site, I always wanted to analyze performance :D thanks.

  • J A

    This is why HomeBrew makes no snese but causes disruption. I am not sure MS worked with these guys to develope this crap of an unlock application but if they did then they are stupid for doing that. What they need to do is have the phones that are unlocked outside of the official unlock process to phone home and re-lock each day so as to frustrate the hell out of them and have them quit.

    • Anonymous

      Well, this is a server-side encryption. So devs can still sideload their own stuff with Chevron, but the average person cant sideload apps that are not purchased. 

      So i think its a win-win situation. And with all the trials you get in the Marketplace, piracy is no excuse.

    • Inkog3

      Actually, all MS did was lower the cost for non-developers to have access to functionality (Dev unlock) that the $99 dollar App Hub account granted devs anyway. Devs, or anyone willing to spend $99 bucks could already pirate software as it was. This will help close that loophole while still allowing home brew apps as intended. PS. I thought all WP7.5 apps from the marketplace were already encrypted with DRM? 

  • http://www.facebook.com/profile.php?id=11814278 Chris Woelfel

    Thanks for lying. :D

  • http://openid.tomservo.eu/ Tom Servo

    Oh, NOW they’re thinking about it.

    • Guest

      Yeah, they should have anticipated this.

    • phil jay

      It’s not like there is an pirated marketplace app on the phone that makes everyone download free stuff only. It’s much harder to get to than on android, and jailbreak is simpler too I’d guess.

    • http://www.facebook.com/tony.gorham Tony Gorham

      yeah sounds odd to me that someone like MS would think to add that now but not start out that way. Or at least add it before letting the unlocker out into the wild. They must have seriously upset Nokia with this.
      Strange you would have thought they had some experience in the but clearly they are learning as they go

  • Anonymous

    99.9% of apps aren’t made for dual cores so 99.9% of the time your second core is idle. so if you have a dual core 1ghz chip and a single core 1.5ghz chip, the dual core will be a 1ghz chip 99% of the time, and the single core will be a 1.5ghz chip 100% of the time…..dual core is a gimmick designed to sell phones to users that don’t need it.

  • https://profiles.google.com/christopher.gull/ CG

    guldkatten, it’s obvious from your history of comments you are an inbecil. Perhaps a Swedish imbecil. Please stay with your iPhone 4S(hit) and talk dirty to Siri if that relieves you of your life’s frustrations.

  • Anonymous

    Programs like Nokia Drive and Music must connect to an external server to get the info.  can’t they just have a BIOS check on the program so the server can tell if it’s in fact a Nokia phone or any other brand?

    same concept of a license key (only you do it with the brand of the phone), if it checks good, if it’s invalid the server blocks your program.

    • http://www.facebook.com/tony.gorham Tony Gorham

      you would have thought but I guess they didnt realsie they needed to? Perhaps they expected MS to protect the,m. Let’s hope that Nokia can implement this in an update and that they dont lose out too much.

  • http://www.magento-themes.jextn.com Magento Themes

    All the contents you mentioned in post is too good and can be very useful. I am totally impressed! Keep stuff like this coming.I am highly interested in learning more.

  • Anonymous

    Hopefully some people get arrested for piracy. People’s jobs are on the line for this.

  • Anonymous

    the point isnt that encryption or drm is going to get broken, its that it makes it more of a hassle to mod the device that its too complicated for the average joe. that leaves a few who know what theyre doing , which is better than a free for all.

  • Live_in_varun

    Is there any way to differentiate between windows phone 7.5 apps and the 3rd party app that comes from the market place.  Difference between the phone app and the 3rd party app.