New Service allow pirated iOS app installs without jailbreaking on iPhone, iPad

Late last year, the closure of the uber-popular Installous marked the finish of the promiscuous era inside iOS application piracy. Now, many modern services are found on the rise which are filling the gap plus providing effortless installation of pirated apps, even about equipment which have not been jailbroken.

Screen Shot 2013-01-01 at 11.39.30 PM

Updated with statement from Zeusmos’ developer below.

The 2 which have risen to the forefront are Zeusmos plus Kuaiyong. While the past has been about for a some months, it has gained substantial steam because the leave of Installous. The latter has appeared apparently from nowhere over the previous couple of weeks.

Both of these services are hazardous for application programmers considering they provide easy, one-tap installs of pirated apps plus never need which equipment have been jailbroken inside purchase to do thus. This really is a massive issue, because it opens up the arena for their utilize within the reasonably tiny fraction of consumers with jailbroken equipment — because was the case with Installous — to any unscrupulous consumers of iPhones plus iPads.

If you’re seeking to take apps from programmers — lets not kid ourselves regarding what’s happening here — it really is today easier than ever to do thus.

Zeusmos is a service available for free about jailbroken equipment plus for a fee about equipment which have not been jailbroken — yes, that’s right, it’s charging consumers to download pirated apps. It charges this fee for a ‘cloud plan’ to install ‘cracked’ apps plus to supply consumers with a license plus provisioning profile which enables those to install these pirated apps. The 15-year-0ld creator of Zeusmos, provides it because a method to ‘try before we buy‘. However equally appears unapologetic regarding the nature of what the application does: allow piracy.

Screen Shot 2013 01 01 at 10.35.51 AM New services bypass Apple DRM to allow pirated iOS app installs without jailbreaking on iPhone, iPadScreen Shot 2013 01 01 at 10.35.25 AM New services bypass Apple DRM to allow pirated iOS app installs without jailbreaking on iPhone, iPad

There appears to be a connection between Zeusmos as well as the reseller of developer testing slots UDIDRegistrations.com. Selling developer device testing slots is anything explicitly forbidden by Apple, that has been cracking down about these resellers for the previous many months.

Here’s how the site’s FAQ describes the young developer’s 2 treatments including Zeusmos as well as the Mac-only InstaSign:

Both InstaSign and Zeusmos are applications that allow you to install cracked applications on your iDevice without jailbreaking. InstaSign requires a Mac as it signs iPAs on your computer. Zeusmos requires no computer at all as it signs iPAs directly on to the device (like Installous for jailbroken iDevices) Because of this, both Mac and Windows users can use Zeusmos.

It’s unclear how Zeusmos achieves its objective, nevertheless judging within the pricing as well as the correlation between UDIDRegistrations, it appears to make use of a developer licensing certificate to install ‘cracked’ apps that have had their DRM (copy protection) stripped.

Additionally to users installing damaged apps themselves, the tool enables those to ‘share’ them with their ‘friends’ that are alternative Zeusmos consumers by e-mail or a link about Twitter.

The Chinese website Kuaiyong is moreover providing a synonymous service: permitting we to install apps for free, from a device, without paying for them. However it goes regarding it inside a different technique plus is completely free.

IMG 1107 New services bypass Apple DRM to allow pirated iOS app installs without jailbreaking on iPhone, iPadIMG 1105 New services bypass Apple DRM to allow pirated iOS app installs without jailbreaking on iPhone, iPad

There are 2 components to the tool, 1 that enables installation of apps straight from the iOS device as well as the alternative that is a desktop application which enables install over a cabled connection. Once you employ either, iTunes syncing ceases to function, nevertheless which hasn’t proven to be too much of the deterrent.

The apps appear to have been bought below an Apple enterprise license, that enables installation to several equipment. There may moreover be a bundle of small developer accounts being utilized, that max out at 100 ‘slots’. These are typically then being re-distributed to additional consumers from the 2 tools. There are several indications, still, which the issues go further than a single enterprise license.

We’ve been inside contact with programmers whom have offered you with logs showing pirated installs of their apps. Many of the logs are showing thousands of consumers installing the ‘same’ copy of the application. Not the same application, notice we, however, the same copy. This indicates which the same actual copy has been distributed with all the same set of (encrypted) credentials.

The apps being installed through Kuaiyong can be using bulk enterprise licensing, where the ones distributed by Zeusmos (or additional copycat services, that are absolutely springing up) are showing a range of IDs, every of that is being installed several occasions.

So we’ve got 2 items going about. Services like Zeusmos have figured out how to ease the procedure of buying the developer slot plus utilizing its certificate to install ‘cracked’ apps, that are commonly accessible online. And ones like Kuaiyong are somehow bypassing Apple’s licensing rules to redistribute the same copy of a application over plus over.

Security researcher Stefan Esser has been speculating regarding the Kuaiyong service about Twitter, noting it might be an good method for those to distribute malware to iOS equipment. Though the apps themselves are limited inside what they could access due to sandboxing, specialized malware can be developed for certain prevalent apps which accumulated info plus logged activity about a device. And there’s a sturdy likelihood which any they’re doing is utilizing illegally obtained licenses at the minimum, plus credit-card scam at the worst.

Note: Because publishing, safety researcher Melissa Elliott has continued to look into how the Kuaiyong service plus others like it plus has issued a alert not to utilize them because they’re possibly dangerous.

The end happen is the same in almost any case: persons with a low moral threshold are cheating programmers from revenue plus, inside the case of Twitter apps, forever removing a amount of their potential revenue.

Drawing attention to these apps plus services presents somewhat of a ethical quandary. By composing about them, we are going to definitely draw more attention for them plus consequently more works of piracy from individuals whom merely don’t care. But, hopefully, we’ll equally see action taken by Apple to curtail these practices.

Create no mistake, these goods are absolutely being utilized generally, with thousands of stolen apps inside the last some weeks alone. Twitter searches present endless results for individuals sharing information on them plus interested in aid inside getting the hacked websites to function.

And these two are really a couple amidst a dozen high-profile choices for consumers seeking to take apps. The seedy underbelly is there, plus ignoring it doesn’t do anybody any favors.

We have reached out to Apple found on the problem, however, due to the getaway, there might probably be a delay before any answer is upcoming.

Update: The developer of the Zuesmos application responded to the request to acquire more information. He says that his aim was not to motivate piracy of apps. Though the advertising copy of the service’s site leaves which available to interpretation. In a statement, he states which there is changes created to the application to eliminate the ability to share apps through hyperlinks or repositories of apps:

The intent of Zeusmos will be to SOLELY code sign applications. We will not be supporting or encouraging any form of piracy through the link providers or even via search (although they were based off the iTunes API).

The intents [sic] because I have reported [was] to let open development for programmers. Recently I’ve had the time to incorporate this feature into Zeusmos called the “Exclusive Apps” section where programmers that got their application denied inside the App Store were capable to post their application about here for free plus share their application to a big audience of consumers. Such applications even included Grooveshark plus several others.

He states which the cause of Zeusmos was to permit for programmers to code-sign apps for distribution because betas or to viewers outside the App Store. “I desired this thing initially to be self-sutainable. Many of my applications are largely free otherwise talking, like CarrierEditor…my newest launch.”

He additionally claims which the upcoming adaptation of Zeusmos is ‘harshly discouraged’ from installing or obtaining apps except they’ve created it or own it. If these changes are prepared, it would assist to curtail a few of the rampant sharing of apps through hyperlinks plus repositories of hyperlinks, yet it wouldn’t avoid the installation of damaged apps about un-jailbroken equipment.

Image Credit: Mario Tama/Getty Images

Original Page: http://thenextweb.com/apple/2013/01/01/low-down-dirty-iphone-app-pirates/