Read on to find out more.
It is clear that Microsoft is taking software security a lot more seriously than before, and its latest showings with Windows Vista and Windows 7 are probably the best proof of the company’s new commitment for more secure software. However, it seems that in the process of doing so, the software giant has conveniently forgotten all about security on its mobile platform. And the result is that an enterprising app developer for Windows Phone 7 has managed to find a way to obtain paid apps from the Windows Marketplace without paying a single cent
Details on how such a ‘hack’ was done is sparse, but it is clear that the work gone into enabling the piracy of paid apps is not as straightforward as one might think. This is because the installation packages in Windows Phone 7, also known as XAP files, are secured in such a way that even if a user managed to get his hands on a XAP file, the package is designed to not deploy, even on officially unlocked developer handsets. Hence, raw XAP files are usually considered to be relatively safe against efforts to reverse engineer or pirate the enclosed app within the package.
Unfortunately, it seems that the unbreakable XAP file has recently been compromised, as hackers have apparently found a way to modify a XAP in such a way which will allow it to deploy and run on any device. And as a result, an anonymous developer had built on the existing knowledge by compiling an app known as FreeMarketplace, which strips off the DRM layer from Marketplace apps, thus potentially opening the door to widespread piracy and file sharing.
The developer has declared that he has no intention to release the app for public consumption as the original intention was to force Microsoft to provide better anti-piracy assurances for developers. However, he claims that he was able to build FreeMarketplace in only a matter of hours. This means that the work required to do so might be complex but short, and that someone else might already be working on a similar app to allow for widespread piracy of Windows Phone 7 apps.
That being said, one might be curious as to how Microsoft would react to such a security breach. And if you are, prepared to be somewhat disappointed: the Redmond giant is merely asking developers to protect their work via code obsfucation, and has not announced any concrete plans to fix this vulnerability in future firmware updates, if at all. That might serve as a decent solution for the time being, but the fact remains that the ball still lies squarely in Microsoft’s court. Either way, Microsoft will eventually have to take measures to protect the developers working to make Windows Phone 7 a better smartphone OS by providing it with the apps which it desperately needs. The only question is whether Microsoft’s measures will be dished out in time to prevent widespread app piracy.
Reference: Ars Technica