Mac App Store giving away pay apps for free Security oversights mean that many of the applications in Apple's newly launched Mac App Store can easily be obtained without payment. A significant number of developers have disregarded Apple's advice on validating App Store receipts before making their software available through the store. As a result, many applications can …
Exactly. They should have been checking for the correct AppleID receipt and not just any receipt. However, with how locked-down the iPhone/Pad/Pod are, it's doubtful anyone could have swapped receipts around anyway and exploited this weakness. Trying to push a walled garden into a space that is fairly more "open" will lead to these kind of snafus. I entirely blame the developer however.
And you PC people, Steam has been running this kind of "app store" for a long time. So no, this isn't some thing Steve invented. If he patents his "app store to a desktop" idea, Steam will likely be first in line to groin-kick him into place.
.. in there will an "alternative" app store allowing you to download what you want for free?
Could potentially see this happening. If this does I wonder how long before we see the 1st bit of malware that might actually do something.... then again nothing could happen ;)
Interesting times ahead for Apple for the home market, but us corporate fuddy duddies are gonna hate the app store with a passion...........
"But I had purchased a load of apps & you wiped my machine"
"No personal data on a work machine"
Queue HR trying to defuse the situation... lol
Heavenly Gates.
Heated complains by the user.
Followed by dismissal for breach of contract and/or gross misconduct.
Followed by unfair dismissal tribunal.
Tbh, as long as it lets you redownload things you purchased its not an issue, but if its like the iTunes music/app store, then at some point youll be out of luck.
> us corporate fuddy duddies are gonna hate the app store with a passion
Fortunately, there's two ways to nip it in the bud. Either blacklist com.apple.appstore (The program's bundle identifier) and thus block users from running the app store; or redirect *.phobos.apple.com to a black hole at the firewall and thus block the app store and the iTunes music store from contacting Apple.
Is this really any different from any other method of pirating commercial software? Sure without the extra checks it may be even easier to copy apps, but even with all the DRM and copy protection in the world all it takes is one hacker to modify the binary to remove the checks and it'll be all over torrent anyway.
And that bit about malware is just alarmist FUD, it's true of any method of pirating software and has nothing to do with the app store.
How the hell do developers forget this. Any online shop I've worked on I compare the receipt to the one the bank have posted back, and only if it matches completely is the download allowed.
As an aside, I was very disappointed to see that Aer Lingus had fixed their CC validation. I used to tell them my card was a Visa Electron to avoid paying the 10GBP booking fee, but use my Visa Debit card. I didn't feel too bad about this as I can't believe Aer Lingus is being charged 10% for a CC transaction, let alone debit card transaction.
It's blatantly a case of fraud, but it's still hard to feel sorry for people who haven't bothered following the guidelines and have case security to the wind.
The sources in this article make no mention of pirated, modified apps being UPLOADED to the App Store for distribution as has been written.
They're referring to a lack of validation in the app itself which is not the same thing. To get that pirated app you're still visiting dodgy warez sites in the first place and, frankly, you deserve everything you get.
I'm all for pointing out valid risks but at least report them accurately and within the right context.
So Reg, let me get this right. Publishers can choose the check the receipt but are essentially providing software without restriction if they don't. You are publishing a quote from a security "expert" stating the bleeding obvious, that executables can be modified to execute virus/trojan code by writers of malware and used as bait for the unwary. BTW he's not much of an expert because this is in fact true of ANY code including restricted code if someone is stupid enough to take an executable from an untrusted source and run it (you unwrap the legitimate code write it to disk and run that after you have installed your trojan, whether the app is restricted and then runs or not, malware writers don't even care by that point!).
So the story is software publishers who choose to publish their software which runs without purchase validations can might have their software copied and software (restricted or not) can be used as fishing bait by virus writers. And you call that a story.
If the "El Reg Gives the Gospel" editorial style you used to make work so well is to continue to work at all you have to retain the respect of your readers and maintain some integrity. If you lose that, the same style just makes you seem like arrogant twats. I used to be on your side, but now I'm beginning sympathise with why Apple treat you as though you don't exist.
This is what happens when you rush your existing iOS app out to the Mac App Store hoping to benefit from the goldrush frenzy - they don't bother to read the effing documentation.
I see it here all the time.
..."whine whine this doesn't work"
..."have you read the latest docs?"
... "no i shouldn't have to, it should be simply, i been doing this for years"
... "Ok well, go home, and don't bother coming back."
In their defence, Apple's setup is a bit of a pile of cack.
The Register 
Biting the hand that feeds IT
Copyright. All rights reserved © 1998–2024
