Security oversights mean that many of the applications in Apple's newly launched Mac App Store can easily be obtained without payment. A significant number of developers have disregarded Apple's advice on validating App Store receipts before making their software available through the store. As a result, many applications can be …
Angry Birds vendor now even angrier?
if they're angry, they've only themselves to blame for not following the guidelines
Sounds to me that, in the Angry Birds case, they've no-one to blame but themselves. Checking for a receipt without checking if it's the right receipt is entirely their cockup.
Exactly. They should have been checking for the correct AppleID receipt and not just any receipt. However, with how locked-down the iPhone/Pad/Pod are, it's doubtful anyone could have swapped receipts around anyway and exploited this weakness. Trying to push a walled garden into a space that is fairly more "open" will lead to these kind of snafus. I entirely blame the developer however.
And you PC people, Steam has been running this kind of "app store" for a long time. So no, this isn't some thing Steve invented. If he patents his "app store to a desktop" idea, Steam will likely be first in line to groin-kick him into place.
let me be one of the first to say....
ha ha ha.
Will it be like the Iphone soon...
.. in there will an "alternative" app store allowing you to download what you want for free?
Could potentially see this happening. If this does I wonder how long before we see the 1st bit of malware that might actually do something.... then again nothing could happen ;)
Interesting times ahead for Apple for the home market, but us corporate fuddy duddies are gonna hate the app store with a passion...........
"But I had purchased a load of apps & you wiped my machine"
"No personal data on a work machine"
Queue HR trying to defuse the situation... lol
Heated complains by the user.
Followed by dismissal for breach of contract and/or gross misconduct.
Followed by unfair dismissal tribunal.
Tbh, as long as it lets you redownload things you purchased its not an issue, but if its like the iTunes music/app store, then at some point youll be out of luck.
".. in there will an "alternative" app store allowing you to download what you want for free?"
We could call it... the internet.
> us corporate fuddy duddies are gonna hate the app store with a passion
Fortunately, there's two ways to nip it in the bud. Either blacklist com.apple.appstore (The program's bundle identifier) and thus block users from running the app store; or redirect *.phobos.apple.com to a black hole at the firewall and thus block the app store and the iTunes music store from contacting Apple.
Re-downloading is part of the deal
The Mac App store does indeed let you re-download the same apps.
The iOS App store does as well, by the way.
In both cases you can use the same single purchase on multiple Macs/iOS devices if you sign in the the same store account on each.
Alternative app store?
Oh, you mean Steam?
Didn't that come to Mac OS X last year?
Pirate software, much?
Is this really any different from any other method of pirating commercial software? Sure without the extra checks it may be even easier to copy apps, but even with all the DRM and copy protection in the world all it takes is one hacker to modify the binary to remove the checks and it'll be all over torrent anyway.
And that bit about malware is just alarmist FUD, it's true of any method of pirating software and has nothing to do with the app store.
Where in the article does it say that Rovio Mobile are angry with Apple?
To be fair, it was reasonable to assume this after Rovio Mobile came around with squads of kamikaze birds and started knocking down Apple's flimsily built offices.
Serves them right, I mean, who keeps stacks of explosives directly under their main living quarters?
Never ever trust the user
How the hell do developers forget this. Any online shop I've worked on I compare the receipt to the one the bank have posted back, and only if it matches completely is the download allowed.
As an aside, I was very disappointed to see that Aer Lingus had fixed their CC validation. I used to tell them my card was a Visa Electron to avoid paying the 10GBP booking fee, but use my Visa Debit card. I didn't feel too bad about this as I can't believe Aer Lingus is being charged 10% for a CC transaction, let alone debit card transaction.
It's blatantly a case of fraud, but it's still hard to feel sorry for people who haven't bothered following the guidelines and have case security to the wind.
The sources in this article make no mention of pirated, modified apps being UPLOADED to the App Store for distribution as has been written.
They're referring to a lack of validation in the app itself which is not the same thing. To get that pirated app you're still visiting dodgy warez sites in the first place and, frankly, you deserve everything you get.
I'm all for pointing out valid risks but at least report them accurately and within the right context.
So let me get this right
So Reg, let me get this right. Publishers can choose the check the receipt but are essentially providing software without restriction if they don't. You are publishing a quote from a security "expert" stating the bleeding obvious, that executables can be modified to execute virus/trojan code by writers of malware and used as bait for the unwary. BTW he's not much of an expert because this is in fact true of ANY code including restricted code if someone is stupid enough to take an executable from an untrusted source and run it (you unwrap the legitimate code write it to disk and run that after you have installed your trojan, whether the app is restricted and then runs or not, malware writers don't even care by that point!).
So the story is software publishers who choose to publish their software which runs without purchase validations can might have their software copied and software (restricted or not) can be used as fishing bait by virus writers. And you call that a story.
If the "El Reg Gives the Gospel" editorial style you used to make work so well is to continue to work at all you have to retain the respect of your readers and maintain some integrity. If you lose that, the same style just makes you seem like arrogant twats. I used to be on your side, but now I'm beginning sympathise with why Apple treat you as though you don't exist.
You always get the AV Vendors quoting shite like this; in the desperate hope they can scare Mac users into purchasing their wares.
Boobies (traps) and pirates in the app store
this is more excitement than we've seen from apple in years... Arrrrgh
I don't see how you can blame Apple for this. It happened because Rovio didn't follow Apple's guidelines. Since you clearly didn't get past the headline I suggest you go back and read the complete article. Maybe next time you're about to comment you'll look before you leap and not make such a fool of yourself.
App store developers are more stupid than Mac users?
Yeah, that sounds about right.
Perhaps apple decided if they gave the apps away then there wouldnt be any need for people to hack the store and sell accounts on chinese bay.
apple renaming the app store
Apple is renaming the app store to I-Free also known as I-is free well done Steve Half a job.
This is what happens when you rush your existing iOS app out to the Mac App Store hoping to benefit from the goldrush frenzy - they don't bother to read the effing documentation.
I see it here all the time.
..."whine whine this doesn't work"
..."have you read the latest docs?"
... "no i shouldn't have to, it should be simply, i been doing this for years"
... "Ok well, go home, and don't bother coming back."
In their defence, Apple's setup is a bit of a pile of cack.
- One HUNDRED FAMOUS LADIES exposed NUDE online
- Twitter: La la la, we have not heard of any NUDE JLaw, Upton SELFIES
- China: You, Microsoft. Office-Windows 'compatibility'. You have 20 days to explain
- Apple to devs: NO slurping users' HEALTH for sale to Dark Powers
- Rubbish WPS config sees WiFi router keys popped in seconds