I'm starting this thread in order to help you, iPhone dev colleagues to protect your apps. Please contribute in order to help each other. (I would avoid posting full-blown solutions, though.) Here are some Dos and Don'ts I've collected so far, which might help you in implementing a better protection for your apps. Just checking for SignerIdentity is a very naive approach. Unfortunately many sites suggest this method, - even commercial frameworks use this check! - however if implemented the way shown below is the same as doing nothing! It only adds some additional bytes to your binary's size, definitely dead code I would say. The code snippet below is useless in this very raw form: Code: NSAutoReleasePool *pool; boolean pirate_copy; // iphone: piracy detection pirate_copy = false; pool = [ [ NSAutoreleasePool alloc ] init ]; { if ([ [ [ NSBundle mainBundle ] infoDictionary ] objectForKey: @"SignerIdentity" ] != NULL) { // we have just detected a pirated copy pirate_copy = true; } } [ pool release ]; Why won't this work for you? The string can be easily identified in the binary, and by just replacing one single character, the whole check is history. Here are my advices which might improve your anti-piracy attempts: Advice #1 Never use popular snippets to protect your app against piracy (see above). Advice #2 Strive for original solutions / adapt the existing ones. No, don't reinvent the wheel, but try to modify or even improve the existing solutions. This applies for the SignerIdentity check also - do not use it in the well-known way (see reasoning above). However, if applied with a twist, it will make cracker's life harder. It's not easy, but once you think out something which is not spread all over the internet, your app will be harder to crack (at least an automatic crack tool will probably fail). Advice #3 If the crack is detected, do not react instantly. Apply some delay logic. That way there is a good chance that the cracker does not detect the trick, and the pirated version is spread in this form. And actually that's what we want, isn't it? ;-) Advice #4 Test your anti-crack logic thoruoghly for false positives. Do not punish legal users! Btw, there is a good chance you'll punish yourself first, as your app will be probably rejected by Apple - and this is the optimal case. Otherwise - if not detected by the review team, and the app goes live - you'll dissappoint your loyal users, which is the worst thing for you as a developer! Thanks GregH for reminding me this important rule.
or.. don't bother.. if your looking to see if someone is using a different signer identity than your own; the above is sufficient.. if you don't cripple the game - the patchers wont go through and bother changing that single byte anyhow. remember - most people run an existing script to crack apps; they don't disassemble the code (they only do that if the developer shows a message or locks out a feature) ... i've been an expert on these things for years; i even wrote a paper on it. http://www.ardiri.com/publications/palmsource2000.pdf while it was specifically for palm os; the end result applies.
Advice 1: Release a lot of useful updates - if someone really likes your app he will get bored of searching for working pirated copies of your app Advice 2: If you detect a pirated copy don't block everything - use the opportunity to show the user how great your app is - just show a message and apply a time limit or some other solution to make your app a "light" version. In some cases it will be enough to show a nag screen (maybe with a 5 second countdown) every time your app is started. Advice 3: Use fair and consistent prices for your apps. There are many great apps available for $1, so it is hard to convince users to pay $3-$10 only because your app is new or you compare prices to other systems. This is the Appstore - no XBLA, PSN or a windows mobile device. If you did sales and price drops in the past (even for other apps) users will wait for the next price reduction and maybe lose interest in the meantime. If you don't offer something very special stick to $1 to generate impulse buys and avoid that users wait for price reductions.
Do crackers ever remove the "We won't stop you playing, but please buy this game… etc." pop-up messages?
Actually they remove the program logic which leads to displaying this message. Or to put it otherwise: every anti-crack check is removed (most probably as part of an automated process). That's why I said that using straightforward and popular methods just won't work: the countermeasures are instantly inserted in the crack tool as soon as a new protection method appears and gets detected by them. This is nothing but a race, something similar with the one which is between virus/trojan horse makers and antivirus software developers. Once you have a good anti-crack method, they will find it - if your app is interesting enough or if the method is applied at a larger scale. If this is not the case, and the automatic check does not work, they probably just don't care.
With my latest update I put some crack-detection code in my app to make it limit your play-time (like a demo basically) and put up a nag screen. Unfortunately I made a mistake and just found that the crack detection can give a false positive on a legally purchased copy which is the last thing I'd want to happen. Now my latest update will probably have been in review for nearly a month by the time it comes out. At least I caught it before it finished the review process. Oh well
This will be unpopular, but I am not doing nothing about piracy, and I don't intend to. I have more important things to do, like add actual features to my game for the people who paid for it. If the customers are happy, they will talk about it. If the pirates are happy, well maybe they will talk about it. Or try this: Make your app free for a while when it first hits the app store. In the very least, it will lower the pirate downloads and increase your standing in the App Store. Its a win-win.
Note to anyone reading... do NOT follow this advice. You'll lose your best shot to actually make money as a small potatoes indie developer- the early adopter crowd. These are the people who need it now, and will pay your asking price. After them, everyone's a harder sell... especially if they think you may make it free again at some future point. In addition, your ranking does not carry over between free and paid when you do finally switch. So I'd say it's lose-lose. Regarding piracy- I'll add obfuscated detection in my next game just to track how rampant it is, but most likely won't do anything dramatic to the pirate players unless my bandwidth use gets out of hand.
I don't think thats "unpopular" at all. Its a perfectly valid plan to just ignore piracy. However, there is an opportunity here and if 90% of our gamers are pirating, then reaching a few of them could be quite significant.
90% is awfully high. I've seen that number before, so I don't think it is unrealistic. I know we never even came close to approaching a 90% piracy rate (yet). I think Russia was one of the first countries to pirate our game (UAE or Saudi Arabia was the first actual evidence). However, Russia is the first country to put us in the Top 100 Paid Apps (all categories). I realize Russia is a much smaller market, but our Russian downloads have always been much higher than most other regions (including USA). At a 90% piracy rate, there may be other things at play here.
When I first released War3100 I had a piracy rate of 96% for the first two weeks. 90% seems reasonably high given my own experience. I think I've made maybe $200 gross off of it so far.
The cracked version of my game appeared first on a russian site. Currently the number of legal downloads for Russia is zero. Not that it matters, I never thought it will be a significant market. Now back to the original topic: any feedback regarding anti-piracy measure will be highly apreciated. Just to reiterate: please do not post full-blown solutions, just ideas or suggestions. What proved to be working for you so far?
Well, this is a risk. A thorough testing would help. So this would be another advice #4 Test your anti-crack logic for false positives. Do not punish legal users. Thanks GregH, I've omitted this one. The thread starter has been updated with this important rule.
No, Russia isn't a huge market compared to other countries. For a couple weeks we saw a couple thousand downloads a day for our Free version, and it rose as high as 4,000 downloads for a couple days in Russia ALONE. These are FREE downloads directly through the App Store, so the raw number of people in the Russian App Store exist. Only just recently, our sales in Russia have started to climb and we have entered the Top 100 Paid/All Games. Granted, the market is probably really tiny, so that could amount to 3 sales. Our game is English only, so I am not sure what the appeal is.
This should be number 1 with a gold star next to it. If you are fighting an endless war that you can't hope to win the last thing you want to do is screw over your legitimate customers. If you do this not only are you wasting your time your also turning your customers against you. It's also a lose-lose. Sure, you may have sold the app to that person this time, but next time you won't make the sale. AND you'll have a loud critic remember that unhappy customers are far more vocal than those that are satisfied.
I did not emphasize this one as it is obvious. Besides it's actually not an anti-piracy measure, but rather an unwanted consequence of it... However it is worth mentioning.
I've gone back and forth but have come to the conclusion it's not worth it. - If your check has any logic flaw and you block legitimate users, people will get (rightfully) upset - If you detect and cripple pirated copies, you will get bad word of mouth support - I haven't seen any evidence that "please don't pirate" messaging has any positive impact on sales - Pirating does help spread the app to legitimate, paying users via word of mouth. If I could write an application that's popular among pirates and leads to 1,000 'advocates' of my game, that's worth something. Keep in mind that most games fall into relative obscurity on the app store, and 'pirate marketing' could be enough to give them a real boost. - Unless your app is absolutely amazing, pirates aren't going to be convinced to buy it anyway. They have access to every single Gameloft, Chillingo, EA, etc... title for free. Yours is broken? Move on. I'm pretty much in the camp where the thinking is that pirated downloads don't have much correlation to lost sales. In other words, if someone pirates your game, they weren't going to buy it anyway, at any price -- even if you removed piracy from the equation altogether. Honestly, I think the best bet is put some detection logic for metrics purposes, then write a blog about how bad piracy is and submit it to major blogs. If that story gets picked up, chances are you'll get a good sales boost. I'm serious
For the first one: I agree, begging people who downloaded a pirated app to buy it is nonsense. A better approach would probably be to convert at least a fraction of them to legal users. For the second one: can you prove that spreading an app through pirate sites is some kind of promotion? It sounds good but I do not believe in such "marketing channels". I've seen this reasoning many times, but nobody could come up with real stats, therefore is merely (bad) theory in my eyes. My experience also shows that it just does not work, it did not boost my sales at all.
It isn't an anti-piracy measure, but it should be part of the planning of any half-decent anti-measure. That is to say, it isn't a method, but the theory which I think is more important.
I wonder if they are counting households with 1 iTunes account but multiple iPhones. For example my wifes' iPhone and my own all have the same games even though I am the only one that buys them.
