Microsoft does little to protect revenues for Windows Store devs

Microsoft does little to protect revenues for Windows Store devs

Summary: Looking to make money out of Windows Store apps? The support is in the platform, but the ways you have to make money are woefully easy to circumvent...

TOPICS: Software
Windows Store Trial Expired - Big
Trial expired? No problem -- quick download and a bit of typing, that app will be unlocked with no need to give the developer any of your precious in-pocket currency.

What's been emerging over the past year or so is that a pretty decent way of making money out of apps for tablets and smartphones is in-app purchasing (IAP). The idea of IAP is it allows you to build a game that you give away for free, but you allow users to buy premium items. For example, you may be able to earn gold coins by completing tasks in the game, but if that's too much effort you can just buy the coins that you want using real money.

This kind of "freemium" model is shaping up to be the only way to make money out of mobile apps and any platform owner that's a newcomer to the market -- and I'm talking about Windows-based phones and tablets - needs to have its act in order when it comes to helping developers take advantage of this opportunity. 

Earlier this week Justin Angel, a Windows Phone engineer at Nokia published an article on his personal blog of showing various ways of exploiting IAP to get goods that you haven't paid for, hide ads in ad-supported software, and flip trial versions to full versions without payment, on both Windows 8 and Windows RT. 

Whilst Justin's work is diligent and well-executed, the main problem here is that what he shows is very, very easy. Although no one's put all these pieces together quite so publicly, a decent developer could create a proof-of-concept for everything he's done from first principles in a few hours. In all cases, there is essentially no level of protection at all. Windows 8 and Windows RT are wide open. If you're a developer targeting Windows tablets, your entire userbase can click a few switches and your revenue stream is cut off. (Of course, they have to be inclined to do so.)

Peculiarly (well, maybe it's not that peculiar given his employer's relationship with Microsoft), his website is down so I can't link to his article. But I can talk through the problem and his findings.

Getting stuff you haven't paid for

Let's say you're a developer who builds a game that you want to put some premium content in. What you would normally do is have the normal game mechanics rewards you with some items -- we'll use gold coins in this example -- but users can buy extra coins using real money. Regardless of platform, you will need to store, persistently and locally, the number of coins that the user has. When the user earns coins in the game, the local value is updated. If the user buys more coins using IAP, you simply increment that same local value with the number of coins that they bought in response to the IAP server confirming a successful purchase.

(The actual IAP process is roughly similar on iOS and for Windows Store apps -- you issue a request up to the store server, it validates the payment and returns back to you some confirmation. You then act on that confirmation by incrementing your local value.)

When you install an app on Windows 8 and Windows RT, two things happen. The actual app is packaged as a zip file. (I've simplified this a bit, but it's good enough for this explanation.) This is exploded onto disk in a known location and a whole load of registry changes are made so that Windows knows where the app is and what it can do. (For example, whether it can share, search, etc.) As well as this, Windows will create a folder on disk where the app can store all of its local state. Windows Store apps are sandboxed so that each app can (in most cases) programmatically access this special folder only. If you want to persistently store the number of gold coins that the user has, you have to store it in this folder in some way.

However, on Windows 8 and Windows RT, the file system is wide open. Thus any user with administrative access (which is basically "every user") can just go into that folder and change it. What Justin found at its basic level is that, assuming you know the file format, you can go in and change the 10 gold coins you earned in the app to 10,000,000. Justin shows exactly how to do this for one commercially available game in his article.

(There are some subtleties with this, namely that you can encrypt the files, but Justin points out that you can readily get around his is the app is written in .NET using existing technology that offers decompilation and deep inspection of .NET assemblies. The moral here is that if you are a developer, you need to obfuscate your code.)

On iOS you can't hack an application's data files as readily because although iOS has a file system, you can't get to it unless you jailbreak the device. In theory you could do the same thing on iOS as you can on Windows, but Microsoft has made it stupidly easy through the inclusion of root access to the file system for everyone. In essence, Windows 8 and Windows RT devices come "pre-jailbroken".

Jailbreaking on iOS is a niche activity. Whereas on iOS you may find that 2% of your user base has a jailbroken device (I've guessed "2%", it's likely to be much less than that), effectively on Windows 100% of your user base is jailbroken.

The scenario I'm trying to sketch out here is one where, say you have a popular game, what you could do is allow the user to download a small app onto the Windows 8 device that finds the game's private data store, uploads the files to the server whereupon those files are then modified to your specifications, downloaded back again, and made to replace the originals on disk. You could in theory even charge for such a service -- a $10 charge to enable you access hundreds or thousands of dollars worth of IAP items is attractive, and obviously won't yield revenue for the original developer. I probably don't need to labor the point that throughout our industry's history, even people with well developed moral compass's find it easy enough to justify pirating content or -- in this case -- diddling a developer out a few dollars. People will do this if they can, and probably more people than you would think.

Incidentally, on Windows RT this process is slightly trickier as you wouldn't be able to download an agent to do this for you because of the restrictions imposed by the ARM port. What you'd have to do here is manually transfer the files off of the device and then upload them to the exploit server manually. You'd then replace the files on the device with whatever ones the server gave you. However it's important to note here that even if Windows RT takes off big time, there's isn't significantly better protection on Windows RT than Windows 8. On Windows RT it's harder to automate the exploits, but the exploits themselves are no more difficult.

Removing ads

Another way that developers can make money from their software is by putting ads on the screen. And on Windows, if you want, you can go and remove those ads from the app using nothing more sophisticated than Notepad. Justin shows how to do this in the third part of his article.

Describing this next part is tricky without going deep into the technology, but the easiest way to think about this is that, mostly, Windows Store apps are written in a way where you create separate files for each discrete view. For example, if you're building a news reader app, you might create a layout file that defines the main view as having a list of news articles on the left, and the actual detail of an news item that the user selects on the right. What a developer will do if they want to include ads is simply write into that layout where they want the ad to appear. The app starts, the layout is interpreted, and the ad is shown.

These layout files are included in the zip file that gets downloaded before installation, and are exploded onto disk as part of that installation. The problem here is that the layout files are text files and because we have full access to the file system, it's possible to open up these layout files in Notepad and just remove the ads post-installation. After you've done that, when the app starts the ad simply won't appear. Again, it's this problem with Windows devices being more-or-less jailbroken.

On iOS this isn't possible as generally apps define their layout as binary code that's compiled into the application as opposed to being text files on disk. Thus even if you have a jailbroken iOS device and can access the file system, you still can't remove the ads.

I'd suggest this one is less serious than the IAP circumvention vector that we discussed earlier, but it's still a good way of seeing your app revenue get sucked away.

Changing trial versions into full versions

This one is a bit more of a traditional crack, and less readily doable using File Explorer and Notepad.

Unlike iOS and the Apple App Store, the Windows Store supports trial apps. Windows maintains a single file that keeps track of whether an application is in "full" mode, or "trial" mode. By changing the contents of this file you can flip any app from trial mode and into full mode, without actually buying the app.

In his article, Justin talks about using a utility called WSService_crk to do this. I haven't included a link to this utility for various reasons, not least because it's hard to guarantee the safety of such things. However, what this utility does is display a list of apps, let you select one, and then let you reset the trial marker against any installed app. Next time you start the app, it will no longer be in trial mode.

It's hard to draw a comparison to iOS here as trial apps aren't available. It's likely that any such system on iOS would look roughly the same -- i.e. you'd have a central register of apps and a flag indicating whether they were in trial mode or not. Jailbroken devices would likely have the same vulnerability as Windows. But, again, the problem here is that Windows 8 and Windows RT come already "jailbroken" and so it's easy for a utility like WSService_crk to get at and manipulate the data needed to change the flag.


Let's talk about Raymond Chen. He's a Microsoft engineer, who happens to run a fascinating blog called The Old New Thing. Raymond's position at Microsoft is one where he's spend a good deal of his career dealing with the deep internals within Windows, and he often blogs about deliberate or accidental exploits of the OS.

The reason why I bring Raymond's blog up is that he often talks about "being on the other side of this airtight hatchway", by which he usually means "yes, you can do that, but you have to some sort of unusual privilege in order to it". Typically its in response to customer enquiries where they'll flag up some horrendous problem, but which happens to turn out to not be so horrendous because it relies on a certain astral alignment, or somesuch weird arrangement of circumstance.

We know that Microsoft's mobility strategy is (for better or worse) based on running after the market leaders trying to emulate where it makes sense, and doing a little better than basic emulation where they can. However, whereas Microsoft's competitors have rebooted the whole approach when it comes to devices, Microsoft's tablet strategy is to just keep adding more and more bits to Windows. Apple and Google are building "post-PC" devices. Microsoft has built a "PC Plus".

The problem is that by building a "PC Plus", Microsoft has grandfathered in stuff that people think they need, but that also puts everyone on the wrong side of the Raymond's "airtight hatchway" talks about. The file system and elevated privileges on Windows provides more utility compared to iOS, but on iOS you start off on the right side of the airtight hatchway, and only by jailbreaking can you end up on the wrong side. (And, of course, by using "right" and "wrong" in the way that I am here I'm making a judgement over which personal philosophy is the right one. What I'm really saying is that locking down a computing appliance so that it's more trustworthy and trustable is good for users and developers, but I'm making a distinction between an appliance and an Old World PC.)

As a developer, you have to ask yourself some serious questions about this state of affairs. What's emerged here thanks to Justin's work is that protection of developer revenues has not been considered by Microsoft in the platform as it stands today. It's a shame, as there are many things that Microsoft could have done to alleviate this.

For now, Windows developers have to deal with the double-whammy of not only being a niche platform, but also one where the platform owner isn't doing you any favours when it comes to revenue protection. And you can bet that it if Office was dependent on IAP or ad revenue this whole story would have been a lot better.

What do you think? Post a comment, or talk to me on Twitter: @mbrit.

Thanks to Paul Ardeleanu and Nic Wise for their help in writing this article. 

Topic: Software

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.


Log in or register to join the discussion
  • I've noticed this quite a bit

    Why compare Windows 8 with iOS? The comparison should be Windows 8 to OS X and Windows RT to iOS.

    For the reasons you've stated in the article, hacking Windows 8 apps but hacking OS X apps is also trivial:

    Since then, Apple has published guidelines about verifying receipts but MS has said the same. So to talk about "jailbreaking iOS devices" in the same breath as Windows 8 makes no sense. The same things devs have to do in the Mac App store are required in the Windows Store for Windows 8. Apple doesn't do this better for the equivalent OS which is OS X, NOT iOS.

    As for iOS vs Windows RT, even you say this is far more difficult in Windows RT. You can't use an argument like "Microsoft sucks because Windows 8 on a PC is more hackable than iOS on an un jailbroken iOS device."

    Hacking apps on Windows 8 PCs and OS X PCs is always going to be a problem unless your content and functionality is kept on your server.

    Hacking apps on Windows RT devices and iOS devices is far more difficult. People who are willing to go to the trouble will be able to do it on both devices but these will be niche cases. If you are willing to go to the trouble of transfering files from your Surface to your PC, hacking them, then transferring them back, you are willing to go to the "trouble" of jailbreaking your iOS devices where the hacks are far easier (once you've jailbroken). Cydia makes stealing apps and IAP a joke, FAR easier than anything that is available today for Windows RT.
    • My fifteen year old also

      plays this game of "well, you're worse" all the time, too. And he gets just as ticked off when I tell him to quit using others as an excuse for his own shortcomings.
      • Aren't you the guy with reading comprehension issues?

        Yes, yes you are.

        At no point did I make an excuse for Windows 8 by saying OS X is worse. I'm saying that you can't compare Windows 8 to iOS and say that iOS wins because it is more locked down. It would be like saying "my calculator is better than a Mac since my calculator is immune to malware but my Mac isn't".

        I'm not excusing anything, I'm asking that like be compared to like. Compare desktop OS to desktop OS, tablet OS to tablet OS. When comparing desktop OS, both Microsoft and Apple do very little to protect their store developers (and there is probably little that CAN be done). When comparing tablet OS to tablet OS, both do an okay job. They both make it inconvenient enough that hacking will be a niche occurence on both platforms.

        Speaking of your shortcomings: try reading AND comprehending. One without the other makes you, well, post drivel like you just did.
    • In app purchases

      In app purchases is *really* hard to get right. The game should be interesting and addictive enough to get people hooked, but if you achieve that then the game is ALSO fun without the purchases so people (well, me) just don't bother buying silly power ups; after all a game is a fun challenge, don't really feel like paying my way to some achievement; maybe the P in IAP could stand for prostitution, because it's a similarly empty experience.

      I like the 'light' model; give people a true taste so they can try if they like it, and if they do then shell out the couple dollars for a nice game with no ads or shenanigans.
      Han CNX
    • Because Windows 8 is advertised as a mobile OS.

      As evidenced by Surface Pro with Windows 8 commercials produced by MS. That would seem to allow comparision to iOS.
      • So Airbooks are on iOS

        And not the MAC OS?
    • Short memory?

      Remember that incident with the Russian hacker who found a way to trick iOS devices into letting in-app purchases (just one of the problems, identified with the new be-all Microsoft apps platform) -- and how quickly Apple plugged the hole.

      Where is the reaction by Microsoft? What are they going to do to fix this?

      Your posting Microsoft praises here does not help. Those developers write software for money. Or, if they are not for the money, they would all write Open Source code that will generally run on UNIX anyway.
    • *Why* have anything about app's monetary/trial state stored locally??

      This is the line in the article that I don't get - the claim you have to store the app's IAP balance somewhere locally.

      Why? If you don't trust the user's local data store, don't use it. Store app monetary balance, trial/full version status, etc. on your own server. Require online access to run, or if you want to allow offline usage of your app, have regular re-syncing runs between your server's data and the user's, whenever the tablet goes online.

      This doesn't sound like rocket science.
    • You can't...

      "You can't use an argument like "Microsoft sucks because Windows 8 on a PC is more hackable than iOS on an un jailbroken iOS device.""

      No, but I can use an argument like "Microsoft sucks because it is run by committees, answers to committees, and writes software by committees."

      Seriously, the committee thing has been killing them for years. Jobs was an arrogant dictator, but he was good at it! Committees are by their very nature trying to make everyone happy and end up making very few happy, if any at all. M$ needs a good dictator.

      PS Sure, Jobs was a d1ck, but the guy has been dead for over a year. Now you can stop being one too, and change your avatar already.
  • Sounds like a selling point to me

    Your article has a very negative tone, but from a consumer perspective everything you stated is a positive point with the platform. Open file system compared to iOS is one of the biggest selling points of Windows RT!

    But even from a developer prospective, I'm not convinced what you present here will translate into an epidemic of lost sales. You claim that this hacking is stupidly easy, yet most people don't even know how to do something like this. The same people who are willing to look up how to hack games on Windows 8 are the same people willing to look up how to hack games on iOS and jailbreak their devices. These people aren't paying money for IAP on ANY platform. The difference is, Microsoft has taken a consumer friendly stance by making the file system open and available to users, whereas Apple takes the consumer unfriendly stance of blocking off users. And if you take a different angle on it, Apple makes jailbreaking the OS stupidly easy... some iOS versions just require visiting a website and your device is wide open.

    So enterprising Windows users can hack IAP, disable ads, and convert trial versions. Big deal. On the iOS side, enterprising users can jailbreak and download pirated apps. Doesn't seem like there's a big difference in dev friendliness to me here.

    But there are other areas where MS is friendlier. Trial versions are a great feature not available on iOS, where you have to submit two separate apps for a trial/paid version. The ability to port apps between desktop, tablet, and phone is a big plus. Or how about taking a 20% cut (after $25k in revenue) instead of 30% compared to Apple. Live tiles are a great feature to keep people coming back to your app. Or let's talk about IAP, and how Microsoft doesn't take a 30% cut from IAP, unlike Apple.

    Guess what devs, your app is going to get hacked on any platform. No. Matter. What. MS could include a bunch of consumer unfriendly measures like obfuscation, locking down the filesystem, and tons of DRM, but in the end these measures have proven to just piss consumers off and drive away customers. Those who would hack your apps will hack them no matter what, because they're cheap and they wouldn't pay for your app anyway. Focus on a good app experience and you won't have to worry about the small, infinitesimal percentage of people who will follow the instructions here.
    • Not if you are developer

      It's not funny, when Microsoft (again) tricked you, promising great returns on your investment in writing software for Windows.

      Today, the situation for software developers is very simple.
      1. You write for Apple's platform and you are guaranteed to get tons of money, if your app is any good.
      2. You write for Android and you more or less get paid for your product.
      3. You write for Windows, and anyone who so desires, can use your product for free. As has always been on Windows.

      The most funny stuff is the heavy DRM that Microsoft puts about everywhere. It's pretty useless to protect anything from anyone and it's only effect is to make things more difficult for the legitimate users.

      People are not stupid.
      • Are you kidding me?


        Guaranteed to make money on iOS and Android? How about acknowledging the piracy problem on both platforms.

        Developer makes game free due to rampant piracy on Android:

        "Regarding price drop. HERE is our statement. The main reason: piracy rate on Android devices, that was unbelievably high. At first we intend to make this game available for as many people as possible - that's why it was for as little as buck. - It was much less than 8$ for SHADOWGUN but on the other hand we didn't dare to provide it for free, since we hadn't got XP with free-to-play format so far. - However, even for one buck, the piracy rate is soooo giant, that we finally decided to provide DEAD TRIGGER for free."

        Or how about this game: Battle Dungeon, which was aborted on iOS due to rampant piracy:

        "10 signups to every legitimate sale was a ratio none of us expected to have to cover."

        Can you point to me any stories where this supposed rampant piracy of Windows 8 has actually affected any developers so far, as the two above stories show it has for iOs and Andorid (where again, you claim you are essentially "guaranteed" to make tons of money)?
        • there is no piracy on windows phone/rt

          because there is nothing worth stealing. the two mentioned games as well as a whole bunch of other apps are simply not available on windows phone/rt. then again, there aren't that many potential pirates either...
  • An update will take care of that, so whats the big deal?

    Isn't that why all OS's get updates?
    William Farrel
    • Re: An update will take care of that, so whats the big deal?

      Yeah, just lock up the filesystem and break all the existing apps.
      • Ther are ways of doing that

        without locking up the filesystem.
        William Farrel
        • Re: Ther are ways of doing that

          Care to share with us at least one way to do that?

          Except the Fairy Dust that was supposed to emanate from anything Windows 8 and fix everything. Since October 26 people discovered this to be yet another Microsoft myth.
          • copy protection is not new

            a lot of developers were dealing with this problem long before [i]OSes with closed file systems came to being and they were successful enough so that never stopped building new stuff.
          • Of course, danbi - we're talking MS here

            so natually it's totally impossible for them to do anything about this that while everyone else that can lock down theirs, that they will never find away around this becausewe're talking MS here, the poster child for incompetence.

            that IS what you really want everyone to say, right?
            William Farrel
    • What is it you smoke?

      Windows can't be fixed. It has had poor design from the day one. Microsoft never were able or even bothered to fix any of this.

      With WinRT, then had a chance to start over. But they goofed. Not only in that WinRT is utterly incomplete and even Microsoft's own programmers needed Win32 bolted in Windows RT, but Microsoft could not let go of the "full access" to the Windows internals. This is just the result of laziness and incompetence.