As Apple launched its highly-anticipated Mac App Store yesterday, some found that replacing the receipt and signature files in some paid apps with the receipt from a free one allows the app to run in full mode.
This apparently works only for some apps, while the paid application actually needs to be downloaded from a third-party site.
However, once the app is cracked, Apple’s Mac App Store will foolishly serve any subsequent updates for free, provided that the developer had released the update as a free one.
John Gruber of Daring Fireball is vocal on the matter. In a recent blog post, he begins by quickly enumerating the steps needed to crack an application:
“Copy the App Store receipt from any legit Mac App Store download — including from any free app — and paste it into a bootleg download of Angry Birds, and it’ll run.”
He claims the vulnerability exists only in apps that don't follow Apple's app validation advice.
“This isn’t true for all paid Mac App Store apps. For apps that follow Apple’s advice on validating App Store receipts, this simple technique will not work.”
Some applications are known to check only for a valid receipt. Others check whether the receipt matches the app's bundle ID, this kind of system being more difficult to crack.
The Apple pundit firmly upholds that Cupertino “should test for this in the review process, and reject paid apps that are susceptible to this simple technique.”
Apple’s Mac App Store is available for all Mac users running OS X 10.6 Snow Leopard.
The service requires the user to download Mac OS X 10.6.6, the latest incremental update to the Snow Leopard operating system.
The update contains the Mac App Store, as well as a few system improvements.
0 comments:
Post a Comment