Many Mac App Store applications cracked, hours after the store launches [Update]

Hours after Apple launched its brand new Mac App Store, which brought the App Store model from the iPad, iPhone and iPod touch to the company's Macintosh computers, Neowin has learned that many applications have already been cracked, enabling pirates to easily install them.

The process involves the copying of 3 files, from a free application that you download from the app store, into a paid application that you download from a piracy site. This will allow the paid application to run on whichever Mac has that user authenticated within the Mac App Store. The instructions Neowin found recommended downloading Twitter, a free app, opening the application contents, and literally copying and pasting the 3 files which prove that you own the app into any vulnerable application.

At this point, Angry Birds is the most notable application which is vulnerable to the new exploit, however it's likely that many more are affected.

The issue affects applications which have not fully implemented Apple's security recommendations. Developers can patch the exploit fairly easily; however, it is expected that these apps would once again need to go through the approval process.

Neowin will not be publishing the process of how to pirate the apps, and does not encourage the practice.

Update, 9:48 EST: John Gruber, of Daring Fireball, is reporting that only some applications are affected, namely those which do not fully implement Apple's security procedures. The article has been updated to reflect this.

Report a problem with article
Previous Story

First look: Samsung Sliding PC 7 Series 10-inch Windows 7 tablet

Next Story

Hands-on: Samsung Galaxy Players

57 Comments

Commenting is disabled on this article.

ONCE AGAIN a lot of members on here just read what they want to read... i'll point it out for you :

The issue affects applications which have not fully implemented Apple's security recommendations.

..So this is apples fault because.........?

either way, the apps will find their way online somehow and people will bypass the AppStore, personally i think a lot of the stuff (that i would want anyway) is reasonably priced, so i'll stick to buying them and have the nice integration.. roll on Lion.

Apple again seeing $$$ signs and pushing out stuff without the proper Q&A. Little tip Apple, take a step back...concentrate on quality like you used to. You are growing to fast and cannot keep up.

Problem Neowin?
This actually shows most people don't even read the articles before commenting... It's just disturbing to see so many ignorant users here.

Thrasko said,
Problem Neowin?
This actually shows most people don't even read the articles before commenting... It's just disturbing to see so many ignorant users here.

Hes raising a valid point though

"Neowin will not be publishing the process of how to pirate the apps, and does not encourage the practice."

That is a load of crap. You know, I know it, everyone knows it. Neowin promotes piracy every chance it gets. Gotta get those ad impressions by any means necessary.

And everyone posting here saying "I just tried it", freaking criminals.

RichardK said,
"Neowin will not be publishing the process of how to pirate the apps, and does not encourage the practice."

That is a load of crap. You know, I know it, everyone knows it. Neowin promotes piracy every chance it gets. Gotta get those ad impressions by any means necessary.

And everyone posting here saying "I just tried it", freaking criminals.

There is a thin line between trying stuff out and being criminals. Not many people get it, don't worry. But your comment is disturbing and insulting.

RichardK said,
"Neowin will not be publishing the process of how to pirate the apps, and does not encourage the practice."

That is a load of crap. You know, I know it, everyone knows it. Neowin promotes piracy every chance it gets. Gotta get those ad impressions by any means necessary.

And everyone posting here saying "I just tried it", freaking criminals.

Wow, did you get out of the wrong side of the bed or something, someone get this guy a Waaambulance quick!

To be honest this isn't really a problem with something that Apple did Developers rushed and didn't read the documentation properly and didn't implement some critical functions meant to protect their apps.... Oups

Rudy said,
To be honest this isn't really a problem with something that Apple did Developers rushed and didn't read the documentation properly and didn't implement some critical functions meant to protect their apps.... Oups

I think it is both Apple and the developers' fault. Even if the developers overlooked it and didn't put it in, shouldn't it have been found during the approval process? If they can prevent an app for being in the store because the icon doesn't look right but they don't check to see if all the security measures are implemented, I see that as a big problem.

Edited by Joyette S, Jan 7 2011, 10:52am :

I don't see how that's Apple's responsibility. Next, you'll expect Apple to check and fix all bugs in third-party applications as well.

Joyette S said,

I think it is both Apple and the developers' fault. Even if the developers overlooked it and didn't put it in, shouldn't it have been found during the approval process? If they can prevent an app for being in the store because the icon doesn't look right but they don't check to see if all the security measures are implemented, I see that as a big problem.

It's not Apple who's responsible how you secure your apps. This is an AppStore for a full fledge OS not a protected mobile OS. Apple gives the devs a way to make sure their application is legit and if they don't use it it's not Apple's fault

Rudy said,
It's not Apple who's responsible how you secure your apps. This is an AppStore for a full fledge OS not a protected mobile OS. Apple gives the devs a way to make sure their application is legit and if they don't use it it's not Apple's fault

But what we are trying to say here is that it *IS* Apple's fault in someway if the process which is meant to check for security issues and bits and pieces like that doesnt even pick up that developers are not bothering to follow Apple's procedures correctly. That is when it becomes Apple's problems. It should of been rejected until the security was 100% followed. They let it through purely so the numbers were there when it launched.

Thieving bas****s ... why do people always have to steal stuff? Don't wanna pay? Don't have the software. Barely any of it even costs more than a few bucks anyway!

Spirit Dave said,
Thieving bas****s ... why do people always have to steal stuff? Don't wanna pay? Don't have the software. Barely any of it even costs more than a few bucks anyway!

maybe because people overpay for the product and want a way to get some of their money back. lol. either way this is funny.

Spirit Dave said,
Barely any of it even costs more than a few bucks anyway!

I'll remember that next time I purchase a copy of Final Cut Pro.

Historically, Mac applications (in general) don't have the intense anti-piracy measures you find on Windows.

It does seem like Apple could have done a better job at trying to thwart piracy. But in the end would it had really made any difference what-so-ever? People who pay for apps pay for apps. People who pirate will pirate given any DRM efforts. Nothing new.

Shadrack said,
Historically, Mac applications (in general) don't have the intense anti-piracy measures you find on Windows.

It does seem like Apple could have done a better job at trying to thwart piracy. But in the end would it had really made any difference what-so-ever? People who pay for apps pay for apps. People who pirate will pirate given any DRM efforts. Nothing new.


Hmm.. I assume a lot of Little Snitch users are users because LS helps them get their hands on free binaries are run them after trial time with blacklisted keys the application would otherwise check for.

Mac applications sometimes are among the most hard to crack ones.
Leaving out games here... as well as Apple's applications.

GS:lin

Glassed Silver said,

Hmm.. I assume a lot of Little Snitch users are users because LS helps them get their hands on free binaries are run them after trial time with blacklisted keys the application would otherwise check for.

Mac applications sometimes are among the most hard to crack ones.
Leaving out games here... as well as Apple's applications.

GS:lin

My experiences have been different. Especially with engineering applications.

Another in the LONG list of glaring, blatant and inexcusable examples of Apple worrying more about bling and features and UI and secrecy.... than paying ANY attention or resources to Security and testing...

If you still have to visit The Pirate Bay to get a copy, how it it any different? Just because you can launch the program from the App Store? That's like those sugar candies saying "made with real fruit" but meaning "made in the presence of real fruit, but contains no actual fruit".

random_n said,
If you still have to visit The Pirate Bay to get a copy, how it it any different? Just because you can launch the program from the App Store? That's like those sugar candies saying "made with real fruit" but meaning "made in the presence of real fruit, but contains no actual fruit".
It's different because this isn't a crack for one app, with a specific process for each app. It's a crack for every app on the store; this will work for any application, out of the 1,000 so far, that is on the store.

Simon said,
It's different because this isn't a crack for one app, with a specific process for each app. It's a crack for every app on the store; this will work for any application, out of the 1,000 so far, that is on the store.

What random_n is trying to say is you still have to go to a site to download the full program illegally. Then slip in the files from the free app. This is no different than going to the pirate bay and searching for something like iWork.iso. You can't just download these paid apps from the app store itself for free. Unless I'm completely misunderstanding the article.

random_n said,
If you still have to visit The Pirate Bay to get a copy, how it it any different? Just because you can launch the program from the App Store? That's like those sugar candies saying "made with real fruit" but meaning "made in the presence of real fruit, but contains no actual fruit".

you don't need to visit some obscure website if you know someone who bought the app just copy his files and add your special files

NesTle said,

you don't need to visit some obscure website if you know someone who bought the app just copy his files and add your special files

So... it's no different than it was yesterday?

threetonesun said,

So... it's no different than it was yesterday?

Not really. It was trivially easy to pirate software on Macs before.

random_n said,
If you still have to visit The Pirate Bay to get a copy, how it it any different? Just because you can launch the program from the App Store? That's like those sugar candies saying "made with real fruit" but meaning "made in the presence of real fruit, but contains no actual fruit".

Well you see pirated apps usually have cracks or other workarounds which may be undesirable.

Dumb oversight on Apple's part, but it sounds simple enough to fix: Sign the receipt/token/whatever based on the app its sold with. I'm sure this'll be worked-out within a couple of weeks.

I fail to see how anyone can say Apple understands, or even cares about security... This workaround is simply atrocious...

M_Lyons10 said,
I fail to see how anyone can say Apple understands, or even cares about security... This workaround is simply atrocious...

So true haha. Apple has good marketing which knows how to manipulate facts, that's why people believe Macs are more secure.

andrewbares said,

So true haha. Apple has good marketing which knows how to manipulate facts, that's why people believe Macs are more secure.

Do you parrot that often?

It would be an interesting thing to see how secure macs were if they suddenly got more of the market share, just from a purely speculative standpoint. It could be that they are rather lacking on security due to security through obscurity. It's well known that they are easier to hack using exploits.

Turns out as classical cats and mouse game... now there's probably a centralized way of how to get all apps (appearing on the AS of cause) for free.
No more per-app anti-piracy measures?
Hmm...
TBH: this iOSization of Mac OS X is a negative development anyways...

Not sure about the app store, but still...

GS:lin

eh? You still have to buy the paid App, its just so you can transfer it to another of your macs with the same mac store login

evo_spook said,
eh? You still have to buy the paid App, its just so you can transfer it to another of your macs with the same mac store login

read again.
copy from a free app...

GS:lin

Glassed Silver said,

read again.
copy from a free app...

GS:lin


Read again

into a paid application that you download online.

I assume it only downloads once you've paid like ios app

evo_spook said,


Read again

into a paid application that you download online.

I assume it only downloads once you've paid like ios app


Comprehend again. DOWNLOAD. Ie find on web.

The process involves a free app you download from the store, i.e. Twitter, and a paid app you download from a piracy site online and crack.

evo_spook said,
eh? You still have to buy the paid App, its just so you can transfer it to another of your macs with the same mac store login

Really? Whats this then??


The process involves the copying of 3 files, from a free application that you download from the app store, into a paid application that you download from a piracy site

Dont have to pay for ****