Pocketed input method is how to share anti-piracy accounts on iOS

For iOS developers,The face of app piracy,The biggest problem is not a technical break,Instead, more and more sharing of pirated Apple ID,Some people might say that piracy is equivalent to a "trial" of the,Like people will naturally go into positive ...... but in fact,Because of penny share account of piracy,Led to numerous independent developers and ultimately to the vote resume。

In short,last year,Surge authors published such an article Surge 2.0 It is how to achieve the anti-piracy on iOS His theory was a unique time stamp from Receipt app purchased,To a certain extent it can be used as the only user credentials。Specific argumentation not go into details here,Here I follow his train of thought,So based on this article,it is this original_purchase_date_ms

For Free + IAP sales model,If you want to share the account of the anti-piracy,Then you should take the time stamp in the corresponding time stamp purchase rather than the application of purchase。

Since iOS 7 Start,Apple improved the receipt app purchases,Some developers may not know,Even without in-app purchases,You can also StoreKit To get a purchase receipt,This receipt is the user's app purchase receipt。

Server Issues

After reading this article author Surge,You might regret - it is likely your app is a utility class,Like pocketed input method,It does not even need to log networking can work,So it naturally does not own a server,So how is it capable of storing data?

This time we can use Apple provides to all developers Cloud Database,Your app is communicating via the API system,You do not need to worry about complex network communication。

Judgment shared account

This time someone will propose,If you are judged in accordance with activation,So my same account,Download your app,I deleted,Download again,It is not shared by a procedure is the same yet? Even under the rule Surge,Up to 10 Secondary,It still has a great probability of miscarriage of justice。- Yes,Because Apple user privacy too good,For developers who are simply unable to obtain the user's Apple ID,For the purchase receipt,And no user information。

--But in fact,Although we can not get Apple ID plaintext data,But developers can indeed obtain the hash value of the user's Apple ID! by CloudKit ,We can get the user's unique identity,For example, this:

You can get the following results:

This is the user's Apple ID 。

Then,Have unique sign purchase,Have a current user mark,Everything becomes clearer,We just need to save up both,Then compare it!

For example, when the user first purchase,We get to buy flags,Put it into a database,Subsequent downloads,As long as the user's Apple ID different from the value recorded in the database,So count on +1,Such,You can get a completely accurate number of share。

As a matter of fact,Your Cloud Database you do not need to create your first purchase user id of this field alone,Because you can check the creator of this system fields directly。The same time,You can also create an array,The way to save it purchased app users to share what are installed。

Reset manslaughter

Now,The ideas I have not thought any loopholes,For possible manslaughter,That is reset manually,Developers can edit data directly to Cloud Database,If a user needs to be reset,So we need to show only proof of purchase in the app in the field (ie, the time stamp),By this token to find the corresponding entry in the database,Shared counter to reset,View shared or number, etc.。

Apple ID no user is logged in?

of course,In this paper all judgments are built on the premise logical user login and enable iCloud Drive (if the user is not enabled,And then off the net is no different。If your app is not a function of Cloud Database,So willing to sacrifice iCloud Drive users can continue to use pirated and will not be found)。So we assume that:

  1. Share iCloud account not logged in at the time of purchase,And there is no open app,Then it can not be recorded。- it does not matter,Because there will always be users to purchase and install the shared account and using the app,This will establish a record of this purchase;
  2. After buying a shared user account to download the app,But ultimately not logged in iCloud。- As a result app can not access the database,Checking and recording would not exist,If you are willing to give up the use of pirated iCloud,That is no way - this program is invalid,Users can continue to use pirated normal;
  3. After sharing app users to install,Continue typical use,But before the first open app permissions the app to disable the networking。- As a networking app can not,It all becomes empty talk,Users can continue to use pirated - For some functions depend on the network for app,Perhaps users will not be able to do that。Is input to the pocketed,Users will not be able to use [cloud] in the number of shared content, and content sharing to log cloud。

Additional doubts:Share Apple ID account is not the same?

For such users do not use pirated app of it,This may be a mystery。As a matter of fact,The use of shared user account,ICloud does not use shared account to log on,Also will not bind its own equipment to the account - this is common sense to use a shared account of piracy。

In short,iOS App Store is to allow replacement in without leaving the iCloud account,Thus,Users only need to use a shared account login App Store to download the app,This is the premise of this article established,That user will eventually use their own Apple ID for everyday use,After all, who would not want to be a stranger enabled "Find my iPhone" on their iPhone。

Double account issue

Some users like me,Is the area、US District two accounts,If so then,There is similar to the above-sharing account behavior may occur,For example, in the area to buy,In fact the United States is used iCloud district,Here we assume several cases:

  • Using the primary account number to buy - this is the typical usage,everything is normal;
  • Using a small purchase,That is another sign in iCloud Apple ID,So when a user first opens app,app to add records in the database,Actually Apple ID currently logged in user。--everything is normal;

In summary,Well, in fact double the normal user account,The impact does not exist。of course,This is based on the user does not change the iCloud account login,If you do,So when in another account login,User deletes the app,Download the app again,Also open a,So share count this time +1,However, because of the number of fault tolerant (for example 10 Times),So we can say that this is enough for a user to reload or reset the phone in the entire app lifecycle,Replace the iPhone。

In particular,If a user is 2,He will not stop reloading deleted,Also with a very logged with iCloud Apple ID,Or that he is very used to buy Apple ID and have configured the app before Apple ID in exchange for common,And then kept reloading deleted,That we have the last remedy - manual reset。Manually reset,This purchase can see exactly how many shared different Apple ID,If it is the same,Then clearly,This is a miscarriage of justice。

Privacy concerns

The only record such information,Perhaps some friends will provide privacy issues and concerns,Here we analyze:

Data Security

Data using database services provided by Apple,Communication is by itself iOS,Developers can not intervene in the entire communication process,We rely entirely on Apple's own industry-standard secure encryption。

The only evidence of Apple ID

hash Apple ID allows developers to get the,Cloud Database is the only unique hash used,This data is meaningful only for Cloud Database,Even leak,There is no need to worry,For security database,On a reference。

The only evidence of timestamp

This timestamp is the time of payment when you purchase app,This time accurate millisecond,It can be used to distinguish a single purchase roughly uniqueness,But not enough to associate with a particular Apple ID,Even if an upper bound,You can not locate a specific "a user",We can only know that it is "a user-determined"。

Summarize

All network data pocketed input method are stored in Cloud Databse,I use a combination of the past year of the Cloud Database,I summed up such a precise judgment on the basis of shared user's policy on the author's Surge,A possible advantage is that no additional servers can be achieved,And is precise and correct;The disadvantage is the need for users to log in and open the iCloud Drive,Otherwise, you can not judge。

Original article written by LogStudio:R0uter's Blog » Pocketed input method is how to share anti-piracy accounts on iOS

Reproduced Please keep the source and description link:https://www.logcg.com/archives/2950.html

About the Author

R0uter

The non-declaration,I have written articles are original,Reproduced, please indicate the link on this page and my name。

Comments

  1. Thank you so much for sharing。

    We have created an anti-piracy platform for iOS based on your blog post – https://dusto.top/

    Hope to help more independent developers get their due profits,No need to bother about the shameless behavior of pirate merchants。

      1. thanks for the reply。My application is installed in xcode,After refreshing the bill obtained In-App Purchase Receipt Fields fields are empty array。I ask in order to get to the store version?

          1. Then you can look at more versions, there is no App Store,Theoretically yes。Official website said the video。
            I get a subscription version later than what,So ...... you know。

  2. I did not understand a little。I was Chinese account to download off the grid,iCloud also in the area,Of course, for reasons known,It may have to move。 However, due to District Appstore many app shelves,I am using the Japanese district account,And hung up the Suica,Easy payment,Exchange rate more favorable。Daily use in my day area Appstore actually account,Then,I will detect it?

  3. Alive is everything,Music is alive,Alive and bitterness,Bitter but she is happy;As a leaf,I was born when the,I briskly to,My long green,Now my shape,By the time of the fall of the,I very much love to go,Let the other leaves off and from my scar in newborn。

Leave a Reply

Your email address will not be published. Required fields are marked *