[eternalemb]

If you don't wanna code for PlayBook just don't use this as an excuse... People can find apk, bar files and everything else for any other big platform to download for free, piracy exists every were, not just playbook

Seriously. We don't want developers like you any damn way. Go code an Android app and sought off.

[borceg]

How does someone who earns $250/mo get their hands on a $200 - $400 tablet with no real purpose outside of entertainment to begin with?

Very simple, steal it; buy it from someone who doesn't have an idea what's the real value is; get it on giveaway/contest etc

While that's true, are you then assuming the developer doesn't need to earn money from their app to live on either? Maybe that's how they help provide for their families?

I did not said that devs should give away their product/code for free.

[borceg]

As an app developer for the BB smartphone market who is working on moving into the PB platform as well, I have to point out that the resources are as readily available on the PB to protect your apps from being stolen as it is on the BB smartphone. I protect my apps via a license key which is generated based upon the smartphone PIN, the same unique PIN identifier is also available on the PB and thus the same method can be used. With my apps, if a valid license code is not entered, they simply run in a fully functional 7-day trial mode.

It really doesn't take much extra work to implement such protection.

Russ.

Yea, it's functional, but the protection algorithm and private/public keys used for checking the validity of serial num. must be stored into the code. And air/webworks is not secured from decompilers

[Martis94]

I just sideload mine
Thnx for this post

[recompile]

And people question why RIM is cracking down - it really is out of control...one reason why I refuse to code for the PB platform.

I look at piracy as advertising. I've had programs make the rounds on pirate sites in the past, but I never once cared.

I figure that if my app is worth searching pirate sites for, it's a good app. It's also an indicator that the price may be too high and that I'm killing my own sales.

On RIM's platform, I keep prices lower anyway so a pirate download isn't likely to be a lost sale. Piracy is advertising for me.

[yllus]

Very simple, steal it; buy it from someone who doesn't have an idea what's the real value is; get it on giveaway/contest etc

So we're debating whether it's pathetic to steal a $2 app using the example of a fictitious person who makes $250/mo and either stole their PlayBook or won it at a lottery and decides to keep it instead of pawning it for food or rent?

Okay, you got me. If that particular guy is out there, I give him permission to steal any apps I develop.

Yea, it's functional, but the protection algorithm and private/public keys used for checking the validity of serial num. must be stored into the code. And air/webworks is not secured from decompilers

Yeppa. The only way around this is to authorize the app every time it's run against some central server. And then the nightmare scenario exists of legitimate users getting locked out of their apps because your server (which costs money to run as well) goes down. Still, you can wipe out a lot of piracy by making your app difficult to pirate (as opposed to impossible).

[russnash]

Yea, it's functional, but the protection algorithm and private/public keys used for checking the validity of serial num. must be stored into the code. And air/webworks is not secured from decompilers

I don't use keys for encryption but a mathematical algorithm based upon the PIN and some other characters that are unique to the app. But I do see your point about webworks etc, although no system is flawless and can only stop say 90% of piracy.

Would you mind expanding on this, a quick point-form explanation of how this is best accomplished? How does your app know when to generate a licence key? Where does it get the private key to create the licence key from? Where does the licence key get stored?

In the smartphone's, my app uses persistent storage on the BlackBerry device. When a correct license key is entered, the entered key is stored within the persistent store. Every time the app is started it looks to see if a license key has been stored previously, if it has been then it is validated via the algorithm. If there is no license key then the same storage is checked for a trial end date, if one does not exist then one is generated and stored. The trial end date is then checked to see if the app should still function or prompt for a key. I should also add that the persistent storage is secured via the developers code signing keys and not accessible from another app.

License key generation is performed by a program on my webserver that app world / mobihand contacts whenever a purchase is made. In my case this obviously requires a web server, however, mobihand and app world both offer an algorithm option where they can generate the key for you.

[borceg]

So we're debating whether it's pathetic to steal a $2 app using the example of a fictitious person who makes $250/mo and either stole their PlayBook or won it at a lottery and decides to keep it instead of pawning it for food or rent?

Okay, you got me. If that particular guy is out there, I give him permission to steal any apps I develop.



Yeppa. The only way around this is to authorize the app every time it's run against some central server. And then the nightmare scenario exists of legitimate users getting locked out of their apps because your server (which costs money to run as well) goes down. Still, you can wipe out a lot of piracy by making your app difficult to pirate (as opposed to impossible).

We can talk whole day about this issue, but piracy will always exist. And I'm trying to understand this Dynamic License Flow

Code:

The last model, Dynamic, means that the App Store server will perform an HTTP connection to
the developers website when it is time to generate a license key, the developer website will 
generate a dynamic license key based on their own pre-determined algorithm, for example based 
on the device PIN number, phone number or email address.   
 
1.  Vendor uploads an application with a dynamic license model, providing an HTTP URL 
where this license will be generated  
2.  User purchases an application  
3.  App Store collects info from end user 
4.  App Store server contacts vendor server to obtain License Key 
5.  License Key is generated 
6.  License Key stored in the App Store server 
7.  User downloads the application via the App Store Client 
8.  Application is registered based on Key from App Store server

Does it mean that my app should not handle the key from vendor server ?

[samab]

See from the perspective of a general user and forum member, I see posts mention that developers aren't developing apps for Playbook because of security reasons. But someone like myself knows none of the actual reasoning behind that. I send emails to developers asking if they have plans to make a Playbook version all the time, and they basically answer back with a straight 'no'. I am never told anything about security reasons or anything else. On the surface it just comes across like they have no interest.

There aren't any single factor why developer A doesn't develop for platform X. It's always going to be a dozen factors that make up the final decision. It's always a combination of limited resources (money and manpower), availability of tools, ease of porting of their existing codes, how many targeted users...

Yesterday's Angry Birds Space launched on the Playbook but not on the windows mobile phone is a perfect example --- Rovio has limited manpower, and they need to set priorities. And Rovio's priority number 1 is to get IPO next year (in Hong Kong). Rovio is throwing every single engineer to make another 2 new Angry Birds games for the iphone before their IPO (so that they can maximize their IPO price).

For the big name general apps, it's going to be limited targeted users (until RIM starts making BB10 phones), lack of native UI toolkits (still no Cascades API), and limited manpower --- and they don't want to spend time to make a AIR app and 6 months later scrap the whole app to make a native app.

Even well known app developers don't know what they are generally doing --- like Dolphin browser people who didn't know that they gave republishing rights to Handster (a subsidiary of Opera). Then they don't know that their android app works on Playbook's android player without even a single line of source code changes. And you are emailing these people who don't know what they are doing and you relying on their answers.

[mkelley65]

If you pirate other people's intellectual property you are a thief plain and simple. You are the same as someone who breaks into a car, a house, or steals from a retailer. There are no different levels. You lack the moral fiber to even understand stealing is wrong. What you WILL do is always try to justify your actions. "Oh I was just testing the app. I bought it later on". Yeah right. You are the same person that would find a wallet and not turn it in. You lack moral fiber. What's right is right.

[borceg]

I don't use keys for encryption but a mathematical algorithm based upon the PIN and some other characters that are unique to the app. But I do see your point about webworks etc, although no system is flawless and can only stop say 90% of piracy.

In the smartphone's, my app uses persistent storage on the BlackBerry device. When a correct license key is entered, the entered key is stored within the persistent store. Every time the app is started it looks to see if a license key has been stored previously, if it has been then it is validated via the algorithm. If there is no license key then the same storage is checked for a trial end date, if one does not exist then one is generated and stored. The trial end date is then checked to see if the app should still function or prompt for a key. I should also add that the persistent storage is secured via the developers code signing keys and not accessible from another app.

License key generation is performed by a program on my webserver that app world / mobihand contacts whenever a purchase is made. In my case this obviously requires a web server, however, mobihand and app world both offer an algorithm option where they can generate the key for you.

But, if I pull out air/java/webworks app from pb that uses this licencing scheme, code can be "easily" modified to disable license key checks.

[Hgouck]

Thieves will steal and justify why they do. If your moral fiber believes stealing is wrong and you are a moral person you wont. Piracy is out there and people will continue to take advantage of others work by avoiding paying for it. If the App is worth it people will buy it. Do all you can as a developer to protect your investment and than don't fret about it.
With saying that, do not use this as an reason to not develop for RIM only. Be true to yourself and do no develop for anyone if this is the excuse you want to use.

[torndownunit]

There aren't any single factor why developer A doesn't develop for platform X. It's always going to be a dozen factors that make up the final decision. It's always a combination of limited resources (money and manpower), availability of tools, ease of porting of their existing codes, how many targeted users...

Yesterday's Angry Birds Space launched on the Playbook but not on the windows mobile phone is a perfect example --- Rovio has limited manpower, and they need to set priorities. And Rovio's priority number 1 is to get IPO next year (in Hong Kong). Rovio is throwing every single engineer to make another 2 new Angry Birds games for the iphone before their IPO (so that they can maximize their IPO price).

For the big name general apps, it's going to be limited targeted users (until RIM starts making BB10 phones), lack of native UI toolkits (still no Cascades API), and limited manpower --- and they don't want to spend time to make a AIR app and 6 months later scrap the whole app to make a native app.

Even well known app developers don't know what they are generally doing --- like Dolphin browser people who didn't know that they gave republishing rights to Handster (a subsidiary of Opera). Then they don't know that their android app works on Playbook's android player without even a single line of source code changes. And you are emailing these people who don't know what they are doing and you relying on their answers.

I guess it's sounding to me like the new trend on the forum is to use the piracy issue as the new scapegoat for the lack of apps. I have a tough time believing that is the main reason developers aren't making Playbook apps. Your post points out several other reasons. Plus the other glaringly simple one... that they just might not want to or feel it's worthwhile.

[torndownunit]

If you pirate other people's intellectual property you are a thief plain and simple. You are the same as someone who breaks into a car, a house, or steals from a retailer. There are no different levels. You lack the moral fiber to even understand stealing is wrong. What you WILL do is always try to justify your actions. "Oh I was just testing the app. I bought it later on". Yeah right. You are the same person that would find a wallet and not turn it in. You lack moral fiber. What's right is right.

No, they lack the same morals YOU have. Everyone has their own 'moral fibre' and no one is really right or wrong. Nor are they right to enforce their 'moral fibre' on anyone else.

I don't pirate apps, and there are plenty of other people who don't as well. But I am not going to pull some moral high ground on anyone. The developers need to focus their time on the customers, not the pirates. They are fighting a losing battle fighting the pirates because the piracy isn't going anywhere. It will just evolve.

[Anke6831]

It's pretty pathetic when someone can't pay 2.99 for an app.

You're not the only one who thinks so ;-)

This is how I feel about buying apps - The Oatmeal

[Anke6831]

Yeppa. The only way around this is to authorize the app every time it's run against some central server. And then the nightmare scenario exists of legitimate users getting locked out of their apps because your server (which costs money to run as well) goes down. Still, you can wipe out a lot of piracy by making your app difficult to pirate (as opposed to impossible).

And a related scenario where legitimate users can't use the app if they're offline.

[Goggleboi]

For those saying RIM can eliminate piracy I say good luck! Piracy has been around since the advent of digital media / technology. There used to be entire operating systems that were pirated along with software.

I fail to see how any of this is RIM's fault.

Piracy has been around a lot longer than that. The grandparents here harping theft used to pirate with cassette tapes. Ask Walt Disney where he got the idea for cinderella from. It's okay when companies steal ideas from previous generations then scream piracy and lock down their content behind 5000 years worth of copyright.

Piracy is not the reason why big name apps aren't available for the playbook. Kindle, Google maps, netflix, pandora, and Skype are free everywhere else.

[Zidentia]

Piracy makes the world go round, make the app worth buying and it will sell.

Here's something to chew on. The people that pirate games have no intention of buying the original anyway so nobody has lost out.

Sent from my GT-I9001 using Tapatalk

Simply circular reasoning. Justifying the crime with apathy does not absolve it of criminal intent.

[Zidentia]

No, they lack the same morals YOU have. Everyone has their own 'moral fibre' and no one is really right or wrong. Nor are they right to enforce their 'moral fibre' on anyone else.

I don't pirate apps, and there are plenty of other people who don't as well. But I am not going to pull some moral high ground on anyone. The developers need to focus their time on the customers, not the pirates. They are fighting a losing battle fighting the pirates because the piracy isn't going anywhere. It will just evolve.

Talk about smacking your self on the .

" no one is really right or wrong"
Really?

[Goggleboi]

You're not the only one who thinks so ;-)

This is how I feel about buying apps - The Oatmeal

Being poor is pathetic amirite?

Speaking for myself, it's because I don't want to, not because I can't. A penny saved is a penny earned.

[samab]

The issue was brought up by developers 1 year ago and RIM is fixing it in 2.0.1.

Apps can be extracted from the Playbook? - BlackBerry Support Community Forums

[russnash]

But, if I pull out air/java/webworks app from pb that uses this licencing scheme, code can be "easily" modified to disable license key checks.

Agreed, there will always be ways around protection routines, no system is fool proof but such schemes will always provide a level of protection above the absence of them. Reverse engineering java bytecode or compiled C/C++ though is definitely not something the average playbook user can do either.

I can definitely see the dilemma with air and webworks apps though as they should be relatively easy to unpackage and modify the code.

Piracy will always be with us in some shape or form, personally I agree with the perspective that someone who chooses a pirate source for an app is very unlikely to purchase it anyway. In either case, I'm not going to lose too much sleep worrying about my apps being pirated, I would rather expend this energy on my development work so I can deliver better quality apps and more value to the customers who are kind enough to help support me and my family by purchasing my apps.

[Eir]

There is a lot of piracy on iOS, but there are also a ton of app sales. When there are a lot of app options, and for a very cheap price, buying it is the easiest option for most people. My iPhone is jailbroken, and I could get free apps if I wanted. But when some of the best apps I use cost $1.99 at the most, I have no desire to. I not only am presented with apps worth buying, I have choice for each type of app. Clearly with the ridiculous amount of app sales Apple has, what they are doing works.

The thing is, people who pirate were not going to buy the product in the first place (no matter what the product). A better game plan is to concentrate on the consumer base that DOES pay and give them what they want.

I agree with the other posters that posting info about these sites on here is the wrong approach. If you want to make someone aware of the site, report it to RIM. Don't give it more publicity.

Exactly. Piracy is not RIM's fault, nor can they do anything to stop it. What would be a great problem, is that pirated / stolen apps are made available on the App World - which I am not aware of. That has happened on the Android Market as well as on the Nokia Ovi Store, and that is really, really bad.

Also worth noting, RIMs care and options for developers is on a much higher level than anything else I've seen so far.

As a developer for several platforms, my experience is that piracy is least problematic on the BlackBerry. Unfortunately, I think that is due to low popularity of BlackBerry in general - which is a much bigger issue for developers (at this moment, at least).

[narci]

Why do they make it a dropdown to choose 2.0.1? Shouldn't it just be mandatory towards the latest OS?

[Eir]

As an app developer for the BB smartphone market who is working on moving into the PB platform as well, I have to point out that the resources are as readily available on the PB to protect your apps from being stolen as it is on the BB smartphone. I protect my apps via a license key which is generated based upon the smartphone PIN, the same unique PIN identifier is also available on the PB and thus the same method can be used. With my apps, if a valid license code is not entered, they simply run in a fully functional 7-day trial mode.

It really doesn't take much extra work to implement such protection.

Russ.

Ok, just a quick note, why this doesn't work. EVERY security mechanism ends up as a single line in the code. What it takes to break this is to decompile the app, modify this line and compile the modified app again.

There are additional ways how to make the life of the cracker and the user of a cracked app more miserable, especially if the app is installed on a device which holds much of the owner's private data, and if the app can perform actions that cost the owner money - like making phone calls, or sending messages.

Normally, no developer would do such things - because his name is on the line. But, an anonymous cracker, who can modify the app, can do whatever he likes.

How people don't realise this, and why they don't think twice before installing a cracked app on their phone, is a total mystery to me. And not only a cracked app, but an app from an unknown / unreliable developer.

Android is ahead of BlackBerry here, as for each app you are presented with the permissions it requires. So, if you're a sane person, you wouldn't install a game that has access to your phone book, and at the same time, access to the internet, or permission to make calls or send messages. Correct me if I'm wrong, but on BlackBerry, you don't know what the app will actually do with your phone. That is a HUGE security hole.

P.S. One of the my most popular Android apps is actually a dialer, with access to the phone book, call log and permission to make calls and send messages. It requires no internet access, on the cost of lacking some functionality many users requested, because I want the users to be sure that my app is not sending their private data anywhere over the internet. You might be surprised to see that all (or at least all I've seen) such apps, which are free on the Android Market, require internet access. What for?

Someone wisely said: if you're not paying for the product, you are the product.