Microsoft: We use "a variety of extra measures" to protect Windows 8 apps

Earlier today, we reported that a Nokia employee, Justin Angel, had posted up an article on his personal website that claimed to show how people could turn free Windows 8 "Modern" app trial versions into the full versions without paying for them. He also allegedly showed how Windows 8 games could be modified to add free amounts of in-game currency that are normally paid for by real money transactions, such as those used for SoulCraft, shown above.

The website has since been taken down, and now Microsoft has sent Neowin a statement on this matter. It does not directly comment on if Angel's hacking methods will in fact work. It does state:

Any successful software distribution channel faces the challenge of being targeted by people wishing to circumvent the system for ill-gotten gains and we’re committed to ongoing protection of both customer and developer interests. Just as they have with other platforms, hackers are proposing ways to compromise the integrity of apps, which can have lots of negative consequences to the system and the customer experience. We have taken a variety of extra measures to help harden Windows 8 ...

The statement also contained a link to a recent post on the Microsoft Dev Center web site which goes into how Windows 8 app developers can protect their apps. One way protects against someone hacking Windows system code directly. The post states:

To prevent users from employing this strategy to illegally use your apps, we have a receipt feature that allows you to validate a user’s access to your app and service. Your app is able to obtain a signed receipt for any app-related transaction made through the Windows Store, such as the initial purchase of the app and any in-app purchases. Your app can then use this info to determine what services or features it can access for that user.

Hackers might also try to go after specific apps. In this case, Microsoft says that one prevention method might be to keep some features of the app on a remote server. It states, "This keeps them in an environment that is completely in your control and requires that you only pass the initial data and the results between your service and your app."

App developers can also encrypt portions of their Windows 8 app. Microsoft says in the forum post, "We believe that having a rich choice of obfuscation and encryption options—tuned to the types of exploits you are trying to thwart—will help you to take the appropriate steps in protecting your apps as necessary."

Report a problem with article
Previous Story

Apple-Microsoft iOS SkyDrive fight extends to Office 365 too

Next Story

Microsoft's Bing Fund to support Selectable Media

9 Comments

Commenting is disabled on this article.

People are so misinformed and so is the media which makes things worse. ANY application can be "hacked". That does not make it a Windows 8 vulnerability. Applications have been hacked forever. People used to get cracks to play cd protected games, or trainers and patches to modify their game saves. This has nothing to do with Windows or the OS being insecure. It is up to the developer to protect their applications (DRM, server authentication like what battle .net does, etc).

You obviously didn't take a look at that specific "hack" - it's like editing text file (xml). Which is outrageous that M$ even allowed such type of "security" and it passed certifications.

M$ starts pushing on the market half-cooked products.
Also lamers like Neowin try to promote this junk and believe that banning users for being vocal for their opinion solves their problem (taking money from their donor M$).

Say me "Bye"???
How about "Welcome"!!!
And don't dare to do that again, pseudo-journalists!

Exactly, it's not MS's fault if developers choose to not use security that's provided for them to use. Same thing happened with iOS and android apps, don't use server checking and it'll get hacked to pieced, use server checking and it's MUCH harder (though not impossible) to do the same thing.

MS said a lot of things however, seasoned developers don't trust in MS specially since most of the time, the same applications made by MS are hacked / pwned countless of times. Example :SharePoint 2010 request Silverlight for some task..

BTW, Piracy and Popularity are "cousins".

In the recent article posting when I pulled the cached version of the page that had been removed one of the targets was the free Minesweeper game made by Microsoft themselves.