Microsoft: We use "a variety of extra measures" to protect Windows 8 apps

Earlier today, we reported that a Nokia employee, Justin Angel, had posted up an article on his personal website that claimed to show how people could turn free Windows 8 "Modern" app trial versions into the full versions without paying for them. He also allegedly showed how Windows 8 games could be modified to add free amounts of in-game currency that are normally paid for by real money transactions, such as those used for SoulCraft, shown above.

The website has since been taken down, and now Microsoft has sent Neowin a statement on this matter. It does not directly comment on if Angel's hacking methods will in fact work. It does state:

Any successful software distribution channel faces the challenge of being targeted by people wishing to circumvent the system for ill-gotten gains and we’re committed to ongoing protection of both customer and developer interests. Just as they have with other platforms, hackers are proposing ways to compromise the integrity of apps, which can have lots of negative consequences to the system and the customer experience. We have taken a variety of extra measures to help harden Windows 8 ...

The statement also contained a link to a recent post on the Microsoft Dev Center web site which goes into how Windows 8 app developers can protect their apps. One way protects against someone hacking Windows system code directly. The post states:

To prevent users from employing this strategy to illegally use your apps, we have a receipt feature that allows you to validate a user’s access to your app and service. Your app is able to obtain a signed receipt for any app-related transaction made through the Windows Store, such as the initial purchase of the app and any in-app purchases. Your app can then use this info to determine what services or features it can access for that user.

Hackers might also try to go after specific apps. In this case, Microsoft says that one prevention method might be to keep some features of the app on a remote server. It states, "This keeps them in an environment that is completely in your control and requires that you only pass the initial data and the results between your service and your app."

App developers can also encrypt portions of their Windows 8 app. Microsoft says in the forum post, "We believe that having a rich choice of obfuscation and encryption options—tuned to the types of exploits you are trying to thwart—will help you to take the appropriate steps in protecting your apps as necessary."

Report a problem with article
Previous Story

Apple-Microsoft iOS SkyDrive fight extends to Office 365 too

Next Story

Microsoft's Bing Fund to support Selectable Media

9 Comments - Add comment