Log in

View Full Version : Windows Marketplace for Mobile "Security" Severely Lacking


Jason Dunn
10-10-2009, 12:15 AM
<div class='os_post_top_link'><a href='http://www.modaco.com/content/windows-mobile-news/293823/marketplace-copy-protection-cracked-in-less-than-12-hours/' target='_blank'>http://www.modaco.com/content/windo...-than-12-hours/</a><br /><br /></div><p>There are a few significant problems with the new Windows Marketplace for Mobile, not the least of which is <a href="http://www.modaco.com/content/windows-mobile-news/293823/marketplace-copy-protection-cracked-in-less-than-12-hours/" target="_blank">security from a developers point of view</a>. The idea is that you buy an app from the Marketplace, it installs onto your device, then deletes the CAB file that it downloaded to install itself, and that's that. But what happens if you don't allow the CAB file to be deleted, or find a way to grab it before the process deletes it? More than one person has been able to figure this out, and it's not that difficult apparently. The concern here is, of course, that developers will be reluctant to put their apps onto the Marketplace if they don't feel their investments will be protected.</p><p>From a user perspective, knowing that sometimes phones get messed up - and let's not forget the disaster that is ROM updating on the Windows Mobile platform - it's important to keep backups of your applications. I haven't heard anything about a new version of Windows Mobile Device Center that would allow the user to keep a copy of Marketplace applications on their PC. So how exactly does the consumer protect their investment in software? That's a piece of the puzzle that can't be ignored. Ideally I suppose you'd be able to enter your Marketplace ID into the device and be able to re-download all the apps you've purchased...but I don't think it works that way. Anyone with a 6.5 device care to comment? Yeah, this is me not having a clue again because I don't have a 6.5 device to test. &lt;sigh&gt;</p>

heatlesssun
10-10-2009, 05:28 AM
Jason,

So by your own admission you’ve not even used the Marketplace and you post this article?

Did you not even know that the Marketplace works with WinMo 6.1? That’s right, just got a Verizon HTC Touch Pro 2 a couple of weeks ago with 6.1 and if you had bothered to check it out you can download the CAB and install it on a 6.1 device, which I did.

So under 6.1, and I would imagine that it’s no different under 6.5, one can REDOWNLOAD their apps. Amazing what 20 minutes of effort unveils. I’ve purchased about $30 worth of stuff from it and I tested reinstalling first thing. I installed those apps, removed them when back into the Marketplace app and viola, I was able to reinstall all of my apps.

As to the security issue that’s on the developer to implement the DRM, at least for now and it’s not like developers haven’t been doing this for years already on the Marketplace even. I have a number of apps that do this like Kinoma Play, which is in the Marketplace though I bought my copy long ago. And what would be any different if the developer just sold their app directly? You would have a CAB or PC based installer that you could do with as you please as well without some type of DRM built into it. Honestly, horrendous logic.

Sorry Jason, this article is just uninformed and utterly useless. Not trying to be harsh be you were even unware that 6.1 devices can use the Marketplace. If I know how to do it so should you BEFORE you write about it. That's irresponsible.

Fritzly
10-10-2009, 01:00 PM
Jason,

So by your own admission you’ve not even used the Marketplace and you post this article?

Did you not even know that the Marketplace works with WinMo 6.1? That’s right, just got a Verizon HTC Touch Pro 2 a couple of weeks ago with 6.1 and if you had bothered to check it out you can download the CAB and install it on a 6.1 device, which I did.



Are you sure that WM 6.1 is already, officially, supported by MS?
I know that they added the support for 6.1 but my understanding is that is not officially available yet.
Yes there are workarounds available but......
Just curious.

whydidnt
10-10-2009, 03:33 PM
All this discussion about security or lack there of is quite funny. We have developers screaming that it's too easy to grab the cab and post it on a warez site. Newsflash--- under the old model you can find any of these same programs on warez sites. People that want to crack and use cracked software will do it. It's futile and worthless for developers and Microsoft to invest all these hours of time trying to prevent something they can't prevent. I would much rather have both parties invest their energy in producing better software and a better overall experience. Maybe if MS wasn't devoting such a huge percentage of their development resources to DRM issues, we wouldn't have to wait until 20XX-whenever for WM7.

Mastersoft
10-10-2009, 03:53 PM
Agreed. Adding security to WM apps is fairly pointless as it is so easy to obtain warez versions. The WM warez scene is huge. Provided Marketplace is easy to use and the prices are good value, then honest people will continue to pay for apps like they always have.

Rob Alexander
10-10-2009, 06:12 PM
Yes, honest people will continue to pay for apps as they always have. Then, in two or three years, when MS decides that they don't want to play with the Marketplace anymore, those same honest people will lost their apps (and their money) when MS closes down their servers. (Skeptical? Just ask people who bought DRM-laden WMA music files from MS and then lost their investment when MS pulled out of the market.)

I'm not worried about developers because a well-designed and fairly-priced application will sell well. I'm worried about the consumers. It's really very simple. It may take two years, or it may take five, but when you buy intellectual property that requires someone else's servers to install and/or run, you will lose your investment eventually.

jeisner
10-14-2009, 02:46 AM
I'm not worried about developers because a well-designed and fairly-priced application will sell well. I'm worried about the consumers. It's really very simple. It may take two years, or it may take five, but when you buy intellectual property that requires someone else's servers to install and/or run, you will lose your investment eventually.

I can't speak for other developers but this is why I preffered licence keys like I can do through mobihand.. as I get lists of customers so I can confirm their identity if they lose teh key (and mobihand is gone) and I can provide the CAB from my website too for free (as long as I am around)..

No protection will ever make dishonest people honest, it is simply about keeping the honest ones that way..

Reid Kistler
10-14-2009, 08:26 PM
It may take two years, or it may take five, but when you buy intellectual property that requires someone else's servers to install and/or run, you will lose your investment eventually.

I can provide the CAB from my website too for free (as long as I am around)...


From an end-user perspective, REALLY like the idea of being able to keep installation exe and / or CAB files on a LOCAL system, ready for "immediate" use, whether there is an internet connection available or not.

So much so, that always have a handful of CAB files - those for the most important applications - tucked away on my SD card, along with a reasonably recent backup of data files. (Use my desktop system as the Primary backup for PDA data, and therefore don't do On Device backups as frequently as probably should - but they do exist....)