Mac App Store makes piracy easy: experts
Some apps can be modified to include 'any sort of executable code'
The new Mac App Store has a flaw that makes it easy to pirate applications and raises security concerns, experts say.
Popular apps such as the Angry Birds game can be downloaded from the store and then easily modified to run on the Apple IDs of people who have not purchased the app, technology and internet security websites reported Friday.
"While this clearly should be a concern for Mac App Store developers who don't want their software stolen, and of course Apple, who does not want to lose out on App Store revenue, it also raises some security concerns around how applications are validated as coming from the App Store," wrote Chester Wisniewski on Naked Security, the blog of internet security firm Sophos Ltd.
He added that some applications can be modified to include "any sort of executable code you wish…. It wouldn't surprise me to see a surge in markets for pirated applications that might just be booby-trapped to include unexpected surprises" such as Trojan malware that allows hackers to take control of the computer.
An update to the Snow Leopard operating system released this week, OS X 10.6.6, opened the app store to Mac users Thursday. By Friday morning, more than one million apps had been downloaded, Apple announced.
Apple declined to make any formal comment about the issue.
App can run on any Mac
The alleged flaw has to do with the software validation system Apple has made available to developers.
Developers can require the software to check for a purchase receipt before launching, but they can also choose not to have it implemented.
Sophos reported that developers of applications like Angry Birds "appear to have ignored Apple's advice on validating App Store receipts."
That means the app can run on any Mac computer if three specific files are copied into the app from a legitimate download from the App Store, including free downloads, reported The Next Web technology news website.
It detailed the procedure, although it did not specifically name the three files. However, it noted that information is widely available online.
"While the idea of receipt checking is great, it's obviously not enough in this case," the website reported. "Unless Apple or developers implement some other system for a direct check of purchase, apps in the Mac App Store are about to become a lot less expensive."