Security Loophole Could Expose Apple's Mac App Store to Piracy

By CIOinsight  |  Posted 01-07-2011 Print Email
A number of security loopholes in the applications listed on the Mac App Store allow users to download paid applications for free and repackage bootleg programs with malicious code.

Security oversights by Mac developers and Apple allow users to pirate or modify applications downloaded from the Mac App Store, several users reported on Jan. 6.

Less than 24 hours after Apple unveiled the Mac App Store for the Mac OS X, reports emerged on various user forums, including Pastebin and Daring Fireball, that some paid apps do not properly validate App Store receipts, making it easy to obtain those programs for free.

Users can copy the App Store receipt from any legitimate Mac App Store download -- free or paid -- and paste it to validate other paid applications, according to the posted instructions.

"This isn't true for all paid Mac App Store apps," wrote John Gruber of Daring Fireball, but only for those applications with which developers were lax about applying Apple's recommendations on validating store receipts. The app checks to ensure there is a valid receipt, but it doesn't check that the ID listed on the receipt belongs to the app.



 

Submit a Comment

Loading Comments...