- Gain access to Address Book… easy.
- Send HTTP POST data… easy.
- Send email w/ attachment via PHP… easy.
- Spreading malicious Mac-ware… easy?
Tag: security
Spreading malware on Mac
Shareware licensing techniques
I have been meaning to write about this topic for ages due to a huge response to this article, but with four exams in two days and a few more still left, there’s been very little time. So instead of a full-fledged post / tutorial, here is my view on writing solid security measures into your shareware applications. Note that I haven’t actually written a shareware app myself, so most of this is theoretical (ie. in my crazy mind).
Before we get into the different strategies, I would like recommend this article on software piracy by Ambrosia Software (Snapz Pro X). It really shows how vulnerable Mac apps really are and the effect they can have on small and individual developers. Ambrosia now uses what I believe to be one of the strongest and most fraud-free licensing system of any developer (including Apple). However, the method they use does have drawbacks in slight annoyances for the user. There is no perfect way of protecting your application, and no matter what you do, those that want to crack your application will; Even Microsoft, Apple, and Adobe have their software cracked and pirated. It’s about finding the right balance between safety and resources. How much time are you willing to spend hack-proofing your app? Do you need to go hard core encryption and daily online checks or is storing a hidden encrypted file enough? It’s up to you to review the alternatives and decide.
How not to write shareware
I’m stunned.
What happens when the app crashes and the user clears their preferences?
Now, I’m not encouraging willful interference and hacking of applications, but come on! There has got to be a better way than simply storing everything in plain view of everyone. I don’t want my license or serial number visible to other people who use the same computer. Another hiccup is that in demo modes, AppZapper and Disco store the number of remaining zaps or burns in the plist file. That’s fine up to a point, but at least check if the user (as in the screenshots above) has manipulated it. After so many years of Mac Shareware, something’s got to be done. Hack proof your apps. Please. You’ll get more business and not be exploited.
I have kept this short, since I don’t want to simply tell everyone how to exploit applications, but my general plea is, please, test and retest your apps to make sure they’re not hackable. If the biggest names in shareware are making these mistakes, it’s time run another audit on your work.
Update: Follow up article on shareware licensing techniques using Cocoa.
![[RSS]](http://lipidity.com/wordpress/wp-content/themes/virtuoso/res/img/feed.png){kind=small}
![[RSS feed for this tag]](http://lipidity.com/wordpress/wp-content/themes/virtuoso/res/img/feed_tag.png)