{"id":6933,"date":"2012-12-11T10:01:12","date_gmt":"2012-12-11T09:01:12","guid":{"rendered":"http:\/\/www.itwriting.com\/blog\/?p=6933"},"modified":"2012-12-11T10:01:12","modified_gmt":"2012-12-11T09:01:12","slug":"trial-apps-and-in-app-purchases-easy-to-hack-on-windows-8-says-nokia-engineer","status":"publish","type":"post","link":"https:\/\/www.itwriting.com\/blog\/6933-trial-apps-and-in-app-purchases-easy-to-hack-on-windows-8-says-nokia-engineer.html","title":{"rendered":"Trial apps and in-app purchases easy to hack on Windows 8 says Nokia engineer"},"content":{"rendered":"<p>A principal engineer at Nokia, Justin Angel, has <a href=\"http:\/\/justinangel.net\/HackingWindows8Games\" target=\"_blank\">written a piece<\/a> showing how to hack apps on Windows 8, undermining their potential revenue for the app vendors. \u201cThis is an educational article written in the hope both developers and Microsoft can benefit from an open exchange of knowledge,\u201d he says, adding that the article was written in his own time and has nothing to do with his employer.<\/p>\n<p>The hacks he describes cover:<\/p>\n<ul>\n<li>Compromising in-app purchases by modifying data held locally, such as app currency. <\/li>\n<li>Converting trial apps to full versions without paying <\/li>\n<li>Removing ads from games <\/li>\n<li>Reducing the cost of items offered for in-app purchase <\/li>\n<li>Injecting Javascript&#160; into the Internet Explorer 10 process in order to bypass trial restrictions <\/li>\n<\/ul>\n<p><a href=\"http:\/\/www.itwriting.com\/blog\/wp-content\/uploads\/2012\/12\/image7.png\"><img loading=\"lazy\" decoding=\"async\" title=\"image\" style=\"border-left-width: 0px; border-right-width: 0px; background-image: none; border-bottom-width: 0px; padding-top: 0px; padding-left: 0px; margin: 0px; display: inline; padding-right: 0px; border-top-width: 0px\" border=\"0\" alt=\"image\" src=\"http:\/\/www.itwriting.com\/blog\/wp-content\/uploads\/2012\/12\/image_thumb7.png\" width=\"244\" height=\"132\" \/><\/a><\/p>\n<p>There is an inherent security weakness in any app that has to work offline, since the decryption keys also have to be stored locally; this inherent weakness is not unique to Windows 8. However, Angel argues that Microsoft could do more to address this, such as checking for tampered app files and preventing Javascript injection. Code obfuscation could also mitigate the vulnerabilities.<\/p>\n<p>Although Angel is writing in his own time, the issues are relevant to Nokia, which makes Windows Phone devices and may make Windows 8 tablets in future.<\/p>\n<p>Should Angel have revealed the cracks so openly and in such detail? This is an old debate; but it is sure to increase pressure on Microsoft to improve the security of the platform.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>A principal engineer at Nokia, Justin Angel, has written a piece showing how to hack apps on Windows 8, undermining their potential revenue for the app vendors. \u201cThis is an educational article written in the hope both developers and Microsoft can benefit from an open exchange of knowledge,\u201d he says, adding that the article was &hellip; <a href=\"https:\/\/www.itwriting.com\/blog\/6933-trial-apps-and-in-app-purchases-easy-to-hack-on-windows-8-says-nokia-engineer.html\" class=\"more-link\">Continue reading <span class=\"screen-reader-text\">Trial apps and in-app purchases easy to hack on Windows 8 says Nokia engineer<\/span> <span class=\"meta-nav\">&rarr;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[2,26,55,59,80,97],"tags":[586,642,810,999],"class_list":["post-6933","post","type-post","status-publish","format-standard","hentry","category-net","category-development","category-microsoft","category-nokia","category-software-development","category-windows","tag-microsoft","tag-nokia","tag-security","tag-windows-8"],"_links":{"self":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/6933","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/comments?post=6933"}],"version-history":[{"count":0,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/posts\/6933\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/media?parent=6933"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/categories?post=6933"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.itwriting.com\/blog\/wp-json\/wp\/v2\/tags?post=6933"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}