Unlocked Applications & Security on Ovi Servers

[parisn]

So far I have only received this response from Nokia/Ovi support:

>..application will then be distributed through the Ovi Store
>and negate the need to pass on unlock codes to your customers.

Am I the only one seeking reassurance about the Ovi store
security?

E.g.
..apps must not be 'locked' in compliance with the Terms & Conditions.
Ok, so the full 'unlocked' versions of your app must be uploaded.
What security measures are in place for these apps?
(i.e to circumvent unauthorised leakage?)

I appreciate that Ovi will have the highest quality assurance and security
associated with applications hosted on its servers,
Nonetheless, we can't pretend that breaches can't & never happen.

As we all know,
it only takes 'one' full & unlocked app to somehow become
available on a torrent/warez site - and that forever becomes a
regular and perpetual stream of lost profit.
Ok, some of those people would never buy the software anyway -
but that doesn't mean I shouldn't bother protecting my assests?!


I would at least feel better if Ovi said something like:

(a) our app servers only hold apps in encrypted form

(b) only specific administrators with clearance can access the server apps

(c) apps can only be installed directly to devices, and never downloaded or
held anywhere as a raw .sis file (e.g. on the device or a pc.mac
(which would mean anyone can then copy the .sis file to any number of phones).

At the moment my app implements RPN registration by IMEI because
the distributer I use has a Dynamic RPN /regcode generating server.

This is great, and although all systems have a weakness - it gives
me more peace of mind than my app *not* being locked at all.

Am I really the only one asking this question?

(Two weeks later, I still haven't yet received a response
from Nokia/Ovi on this secific matter.)

If anyone in the forum (preferably in Nokia/Ovi) knows anything about
this matter please post your comments.

[themetesting]

Can't answer any of those questions, only Nokia can.

But I don't think any security measure would stop apps being leaked to torrents. Practically every computing platform has tried every security measure (including highly restricted activations such as on Spore's PC version, or exclusive physical formats such as the PSP's UMD) and it has always failed to stop at least one cracked copy leaking out. And as you say, it only takes one cracked copy for pirated material to spread.

A more realistic tactic might be to make it as easy as possible to buy the legal version, so that people don't want to go to the bother of messing around with torrents (torrents aren't exactly user-friendly, especially for novices). Hopefully Ovi Store will do this by selling direct to phones and allowing bill payments.

Easier purchase systems would also tempt newbies who don't understand phones very well to try buying software, and this is an important market to target because they wouldn't know how to use torrents either.

[jimgilmour1]

hi,
checking another post about nokia software marketplace there seems go be a way already in use for download! function
see the post at http://discussion.forum.nokia.com/fo...d.php?t=163958

jim

[mgroeber9110]

But I don't think any security measure would stop apps being leaked to torrents. Practically every computing platform has tried every security measure (including highly restricted activations such as on Spore's PC version, or exclusive physical formats such as the PSP's UMD) and it has always failed to stop at least one cracked copy leaking out. And as you say, it only takes one cracked copy for pirated material to spread.r.

There is certainly a lot of truth to that - no platform is completely free of piracy, but there are still various degrees of difficulty in a) obtaining and b) installing unlicensed copies of a product. So the net effect probably depends more on the balance between ease of paying for the software in relation to the difficulty of using an unpaid copy.

The fact that there will be some degree of piracy does not necessarily mean that it should be made unnecessarily easy.

In my book, the possibility of leaking a completely unprotected SIS file that can simply be installed and run as a full version on any phone, with the need for "cracking", "jailbreaking", "modding" etc. would qualify as "very easy". :-)

So this is one part of the Ovi story that I am not quite sure about - has this been thoroughly analyzed by Nokia, or are developers expected to "take a risk" with low-value content, where ease-of-purchase trumps everything, and then see if it all works out?

As a specific example, a roadmap for the support of OMA DRM in S60 apps distributed on Ovi would be extremely helpful, because at this point the issue would be reduced to the security of an established standard, and its implementation on S60.

ciao marcus

[parisn]

And so, 11 days later still no answer to this important question.
I received an email from Ovi saying that I must upload my app
"no later than 11:59pm EST on April 21st."
I even emailed this question to Ovi support directly, and have yet to receive a reply.

Interestingly, I sent (at the same time) another question about trial uploads.
They responded to the trial upload question within 48 hours.
Why haven't Ovi responded to this question?
Is it perhaps - a sensitive issue?
Maybe they can't give an answer?

What a dilemma.
Ovi invites me to upload my app, but nobody from Ovi or Nokia
has provided any info or reassurance regarding the security of the Ovi servers.

What should we do folks?

(a) Just upload, trust Ovi and accept the risks?
(b) Pray to <insert name of favourite God> that everything will be alright
(c) Don't upload because there has been no response at all
(d) Phone a friend

..*DOM* *dom* *DOM*
You have 6 days to decide!
THE CHOICE IS YOOOoouuurrrssss!<-deep menacing voice

[briansmith]

If you want your application to be available at launch then you have to trust the security of the Ovi Store. Or, if you want to wait and see if somebody has found a flaw in the security mechanism, you can wait until after the launch. Or, you can request that Nokia give you early access to the Ovi Store so you can test it out yourself.

(Please don't ask me how to request early access to the Ovi Store.)

[parisn]

Hi Brian,

It's not so much 'my' access I am concerned about but who in Nokia/Ovi has
access to the raw .SIS file holding server.
That I guess is the problem and why Nokia/Ovi haven't responded (or can't respond).

I admit it is not an easy issue to answer.
Nonetheless, in my experience of shareware and software development
there are four types of user:

(a) the user who legitimately seeks to purchase, and avoids piracy

(b) the user who is happy to purchase but if offered a copy for free
then they won't refuse

(c) the user who will actively seek out a free copy in the internet,
but if one can't easily be found - will then purchase

(d) the user who would never pay and will seek out or make a crack copy

So basically - I am concerned about (b) & (c) users who I could still
potentially sell to.

If a free copy exists then I/we are losing somewhere between 20%-40% of
potential sales.

I know there will always be crack-apps on the net c/o the 'hard pirates',
but I don't want to lose the 'soft pirates' if I can avoid doing so.

Some how I don't think I'll get an answer before Ovi goes live next week
so I'll have to make a judgement call.

[parisn]

http://mobile.itnews.com.au/Article....0&showall=true
~~~~~~~~Text if link is broken~~~~~~~
Nokia has confirmed with iTnews that the Finnish phone company will offer Australian consumers the ability to pay for mobile apps from its Ovi app store via their phone bill - but is yet to confirm which local carriers are signed up to participate.

Nokia developers will receive a 70 per cent cut when their apps are purchased from the soon-to-launch Ovi store via credit card - minus taxes, refunds and returns.

But developers will share the spoils with mobile phone operators should the consumer pay for the app using their billing arrangement with their carrier.

In this case, the developer receives a 70 per cent cut, again minus taxes, refunds and returns, but also "minus fixed operator billing charges."

Mobile operators will take a 40 per cent cut of app sales above €3 (A$5.54), a 45 per cent cut for apps sold between €2 and €3, and a 50 per cent cut for apps sold anywhere between free and €2.

Nokia developers will pay a €50 joining fee to submit applications to the Ovi store, but unlike Microsoft or RIM (Blackberry) will not charge developers a fee for every application they submit for sale.

Nokia said there are 50 million phones globally that will be able to access the app store.

For a complete comparison of the app stores of Apple, Windows Mobile, RIM (Blackberry), Nokia and Android, see iTnews' updated analysis.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~