tag:blogger.com,1999:blog-6690916271713809138.post4016907696475348993..comments2020-01-20T08:29:47.327-05:00Comments on Applications Are People Too: Hoisted by my own petard: or why my app is number two (for now)AppsRpeople2http://www.blogger.com/profile/08529547238174325669noreply@blogger.comBlogger9125tag:blogger.com,1999:blog-6690916271713809138.post-57770599258166567312012-05-03T19:16:38.662-04:002012-05-03T19:16:38.662-04:00Paras - email mktlegal@microsoft.com - they have a...Paras - email mktlegal@microsoft.com - they have a form that you fill out. Good luck.AppsRpeople2https://www.blogger.com/profile/08529547238174325669noreply@blogger.comtag:blogger.com,1999:blog-6690916271713809138.post-72338914920999302942012-05-03T19:10:27.378-04:002012-05-03T19:10:27.378-04:00Hi, can you please explain what was the process to...Hi, can you please explain what was the process to contact Microsoft to remove this pirated app from the marketplace?Paras Wadehrahttp://www.twitter.com/ParasWadehranoreply@blogger.comtag:blogger.com,1999:blog-6690916271713809138.post-30504464582110965372012-01-10T09:50:16.886-05:002012-01-10T09:50:16.886-05:00OK - thanks for your clarifications Rene; they are...OK - thanks for your clarifications Rene; they are appreciated. <br /><br />A couple of quick points - obfuscation protects IP in code and is not intended to protect IP in media, which is the class of IP that has been stolen from me. The design of my app, the logic (of mapping poses to symptoms), the streaming of a daily audio lesson, etc. has not been stolen. In this particular scenario, obfuscation has not been found wanting - but it is a good lesson for anyone who relies upon media and has a false sense of security because of how they've protected their code.<br /><br />Now, having said that, I am positive that if hackers saw enough value in the IP within my code, they would find a way to it (with or without obfuscation). Their investment in cracking (and therefore the required investment to protect myself) is directly proportional to the value being secured (that's why banks need more security than dry cleaners). <br /><br />And this speaks to the last "anonymous" post as well - he/she asks if there are technologies that can protect media resources. Of course - media companies, gaming companies, etc. employ them all of the time - none of them are perfect and they get progressively more onerous in proportion to their sophistication. <br /><br />Do iOS and Android have the same issues? Of course (not identical - but analogous) because criminals follow the money... (that's also why PCs have more viruses then Macs - its not that Macs are more secure - its that there is less opportunity for hackers on macs than on PCs.<br /><br />In any case, thanks for the second note and i will let everyone know when the "Bad APP" is off of the MSFT marketplace.AppsRpeople2https://www.blogger.com/profile/08529547238174325669noreply@blogger.comtag:blogger.com,1999:blog-6690916271713809138.post-27597932275020943862012-01-10T09:11:16.697-05:002012-01-10T09:11:16.697-05:00I apologize if you got the impression my comment w...I apologize if you got the impression my comment was cynical Sebastian. It wasn't my intent. Really! I just wanted to give a comment how this might be seen from the outside.<br /><br />I mentioned Dotfuscator cause I remember you and MS are always telling WP7 devs they should use it in order to protect their IP. And now your IP was stolen. <br />BTW, you know that giving something away for free, doesn't mean you're giving it away without any benefit. ;)<br /><br />As a CMO you were always very vocal about the usage of Dotfuscator and I didn't know you draw that line here. It's OK if this case described above should not be linked to your job as PreEmptive CMO.<br /><br />My comments are not meant to be cynical and I'm sorry if you got that impression. As I wrote before, I'm also affected by WP7 piracy and can feel your pain. MS finally needs to enforce the improved XAP protection.<br />I hope you can get it sorted out and that crap app gets pulled down very quickly. I actually had hoped it is already down. :( <br />All the best. Please keep us updated. <br /><br />- René Schule @rschuRene Schultehttps://www.blogger.com/profile/12777157871967896549noreply@blogger.comtag:blogger.com,1999:blog-6690916271713809138.post-19075601685805519622012-01-10T08:17:04.969-05:002012-01-10T08:17:04.969-05:00Wow, I'm sorry to hear this about your app. @...Wow, I'm sorry to hear this about your app. @rschu described his thoughts on the issues involved but I'm curious to what Preemptive and Microsoft think on the subject too. Are there solutions for this (besides streaming content) and do these problems exist as blantantly on Android and iOS?Anonymousnoreply@blogger.comtag:blogger.com,1999:blog-6690916271713809138.post-69990601174229758422012-01-10T06:30:02.381-05:002012-01-10T06:30:02.381-05:00Rene, it never dawned on me that anyone would cons...Rene, it never dawned on me that anyone would consider this as a "marketing stunt". First, it would have to be a positive story (and it's not) - the only way to have avoided this would have been to stream the videos from the cloud rather than include them as resources (so the Azure evangelists may have an angle here). ...and there's also the little detail that we don't actually charge for Dotfuscator on WP7 - we give it away at no cost.<br /><br />Is there irony here? Perhaps - but i don't really see it. Lastly, your comment that obfuscation is "half a job" is like saying seat belts and smoke detectors only do "half a job" because people still get injured in accidents and fires (nor does obfuscation always impact performance) but that's a whole other thread and not at all the topic at hand.<br /><br />Bottom line - this is an exploit that i had not seen before and i wanted to share it with the community for the "greater good". Please don't be so cynical.AppsRpeople2https://www.blogger.com/profile/08529547238174325669noreply@blogger.comtag:blogger.com,1999:blog-6690916271713809138.post-5181532973001737732012-01-10T06:18:54.246-05:002012-01-10T06:18:54.246-05:00To Anonymous - The app plays 4 videos - that's...To Anonymous - The app plays 4 videos - that's it. There is no music and there is no standard analytics that i could find.AppsRpeople2https://www.blogger.com/profile/08529547238174325669noreply@blogger.comtag:blogger.com,1999:blog-6690916271713809138.post-85766305668305772022012-01-10T02:15:35.291-05:002012-01-10T02:15:35.291-05:00I hope that fake copy of your app gets pulled down...I hope that fake copy of your app gets pulled down quickly. <br />Why does this always happen with China? I know it's a cultural thing, but man that sucks. <br />I know that feeling just too well. My quite successful apps were cracked, translated to Chinese (!) and the XAPs were hosted at some Chinese forums. This happened 2 days after I released a huge update for my Pictures Lab app for example. :(<br /><br />I see you are the CMO of PreEmptive. Maybe it's a targeted attack to show that Obfuscation is no full solution at all? You guys and MS were saying that obfuscation protects an app, but me and others always knew it's only half of the job. <br />Only the highest level of obfuscation really helps, but that kills the performance, so it's a no go for performance critical apps. And as you experienced yourself, assets like audio, images, video, string resources (translated text) and most important XAML aren't protected by obfuscation at all. <br />MS finally needs to enforce the higher protection of the XAPs. I hope you as a MS partner can help to push MS so they finally enforce the better protected XAPs.<br /><br />BTW, since you are the CMO of PreEmptive some might speculate this here is probably a marketing stunt. You can develop a nice story out of this. Your code was protected and the app that has stolen your assets, the only non-protected part by Dotfuscator, gets quickly pulled down by MS. A happy end. <br />Don't get me wrong, I don't think you are doing this here, but some people might just speculate. <br /><br />All the best for you and your apps. I hope it all ends well. <br /><br /><br />- René Schulte @rschuRene Schultehttps://www.blogger.com/profile/12777157871967896549noreply@blogger.comtag:blogger.com,1999:blog-6690916271713809138.post-77819354564330965882012-01-09T23:58:12.955-05:002012-01-09T23:58:12.955-05:00I presume the data and phone identity is for analy...I presume the data and phone identity is for analytics. Music? Maybe that's a feature that's been added. I really hope you get the ripoff pulled down.Anonymousnoreply@blogger.com