App Piracy Tools Going Down — For Now

In an apparent victory for app developers, a popular tool for app piracy, Installous, shut down last week, prompting software pirates worldwide to seek out alternatives. However, it doesn't look like it's going to be easy for them.

The lack of easy alternatives following the popular Installous' decision to shut down is a minor victory for an industry plagued by piracy problems.

"Despite all of the rigmarole that Apple sends developers through to sign their apps, the certificate system hasn't proven an effective anti-piracy measure at all," said a developer familiar with the matter, who asked not to be identified. He believes that piracy rates are between 80-90 percent amongst paid apps, and the first paid game his company launched, ended up as a free offering on the App Store because of piracy concerns, the developer said. The company's next offering will also be free.

The developer offered two additional observations about piracy and China. First "... iOS users don't seem particularly interested in purchasing any sort of paid application up front." Additionally, he said "close to 100 percent" of the pirates are using devices that appear to be from China. As we've previously reported, gaming companies that offer free app downloads often generate significant revenue from in-app purchases, but our developer source says that once the apps go free, Chinese users spend little on in-game purchases.

Last week The Next Web reported on two new options to bypass Apple DRM and install pirated iOS apps. BYTE decided to investigate.

The first app mentioned in The Next Web story, Zeusmos, is written by Kevin Ko, a 15 year old boy. According to The Next Web, Zeusmos "... allows you to install cracked application on your iDevice without jailbreaking." Zeusmos uses a developer licensing certificate to install apps with the DRM stripped. The app even goes as far as allowing users to share cracked apps with friends via email and social media.

Although initially it looked as though Ko had designed the app specifically to pirate apps, the teenager has since made several statements denying that, and released an update with fixes that prevent piracy.

He has a message for anyone who thinks otherwise: "... I hope they will reconsider that fact with some of the actual updates that are [forthcoming] with changes that strictly take a stand against piracy," Ko explained in an e-mail to BYTE. "I'm aware simply stating something will not get anything done, but rather doing it will."

The developer familiar with the software involved, who asked not to be identified, doesn't see it that way. "... though the author maintains that it was not intended to promote piracy that is clearly how it is used," the developer said in an e-mail to BYTE. The developer added that Ko claimed future versions would make app piracy more difficult.

Zeusmos's real purpose, Ko maintains is to save developers time by "significantly simplifying" the code signing process. He also said that it's useful "...for developers aren't familiar with iOS development." He plans to use Zeusmos to help distribute an upcoming science fair project, he told BYTE.

"As a developer tool, it sounds like something that might actually be useful," the developer familiar with the matter said. The reason, he told BYTE, is that deploying test versions of an app is a "pain point" for developers, and that portions of the process are "quite arduous." Services such as TestFlight emerged to deal with tester issues, but he said that " ... [I] usually lose an entire day to the system every time I need to do some maintenance or management."

Ko says, and the developer agrees, tentatively, that Zeumos makes getting a test program onto a device easier. "However," the developer said, "I doubt legitimate developers will want to go anywhere near it now that it has been associated with piracy."

In Zeusmos' new version Ko claims, he's removed the app's features that simplified piracy, and set up a system to monitor and take action against users who misuse his software. A press release from Ko says "Kevin's goal with Zeusmos is to create a self-sustainable enterprise that can ... control and maintain a program library with a simplified version of distribution to a mass audience while not facilitating piracy or violating Apple's licensing terms.".

BYTE tried out Zeusmos. We weren't able to access the Apple App store. There was a place to download apps called "Exclusive," but BYTE couldn't get any of them to actually install on the test device. At the time of writing this article, the upload function on the web dashboard was disabled, so we were unable to test the reported code-signing function.

The second option mentioned in The Next Web story, called Kuaiyong, isn't safe to install, says security researcher 0xabad1dea (aka Melissa Elliott). Elliot initially judged Kuaiyong unsafe because "... it was very similar to a malicious pirating utility [researchers] had seen before and it appeared to just be a new iteration," Elliot said in an e-mail to BYTE. But, after she had looked into it further, it appeared that there was no "overtly user-malicious," code in the software. She cautioned that the EULA is "ominous," and the code itself is "open ended."

Elliot went on to explain that Kuaiyong works by "... writing something over USB to fool the iDevice into passively accepting anything owned by these IDs [the few dozen owned by Kuaiyong] as being authorized to run (with the important note that they must be correctly signed, i.e., you cannot install malware or Cydia, only things from the App Store)."

Elliot "strongly recommend[s]," that people do not run Kuaiyong, because its user ID trickery is buggy and can cause problems with the app store after using it, she said.

Time will tell if these developments will actually curb rampant app piracy. But, for the moment, some of the most popular tools, and their alternatives are no longer available.

Apple did not respond to a request for comment.