Mac App Store already a target for hackers and piraters
Just a day after Apple launched the Mac App Store to generally positive reviews, reports that the copy protection may have been hacked have begun to surface. In addition, several developers may have improperly secured their apps, making the pirator's job that much easier.
A group calling itself "Hackulous" said that it has developed a program called Kickback which circumvents the DRM methods used by Apple. However, the group is holding off public release of the application until the Mac App Store builds a larger library.
The Cupertino company has used a drastically different way of distributing software -- tying the application to the purchaser and not the computer itself. Purchases are processed through iTunes -- and hackers have discovered in some cases unlocking a paid app is as simple as cut and pasting a receipt number from a free application.
At least one app has been identified as having the problem, and it's a popular one: the Mac version of Angry Birds. The directions to do so were publicly available on code site Pastebin.com as of Friday morning. It was also reported the game Incident was affected: it is unknown at this time how many others might be affected.
Of course, this requires the user have a copy of that app from somewhere else other than the Mac App Store itself: hackers have not figured out a way to fool the system itself into allowing the app to download without payment.
It should also be added that the problem, at least at this point, does not appear to be completely Apple's problem. Developers appear to be at fault here, failing to properly secure their applications.
Daring Fireball's John Gruber said most developers should be fine. "For apps that follow Apple's advice on validating store receipts, this simple technique will not work.," he said in a blog post. "But, alas, it appears that many apps don't perform any validation whatsoever, or do so incorrectly."
Gruber called on Apple to test for proper validation during the review process and reject applications which fail.
Apple was not responding to requests for comment on the situation.