Why the Hackulous, Installous shutdown won't end iOS app piracy
When Seungoh Ryu said dryly that he was "blessed" with having his app pirated the day after it was first released, it's not hard to tell he's being a little tongue-in-cheek.
The developer behind iStormApps, whose titles include games such as Doku and Honk, is in the same boat as many of his peers. Ryu worked hard to create something new, only to find it ripped off the moment he began promoting it with a simple press release.
"At the time, I didn't think much of it, as it seemed confined within the small community of jailbroken users," he said. "To this day, I do not have a good idea how bad an impact that it had."
That's the other challenge for developers. The nature of mobile app piracy is that those who perpetuate it do so in a way that makes it particularly challenging to track and evaluate whether or not they are losing business or merely attracting interest from early adopters. This issue came to a head again earlier this month when Hackulous, a longtime hub for piracy within the iOS community, abruptly announced it was shutting down. In a one-paragraph statement posted on its Web site, the administrator behind Hackulous claimed that it had run out of steam.
"After many years, our community has become stagnant and our forums are a bit of a ghost town," the statement said. "It has become difficult to keep them online and well-moderated." This was disputed by Torrentfreak, among others, which claimed Hackulous was still highly active before it closed.
Hackulous was not merely an online discussion forum but a service that included its own app, Installous, that could transfer cracked apps to devices running iOS. It also maintained Apptrackr, a Web-based index of cracked apps.
Last year Arxan, a provider of app security products based in Bethesda, Md., released a research report that claimed more than 92 percent of paid iOS apps have been pirated. That's still better than paid Android apps, 100 percent of which have been pirated according to Arxan's data.
Here be the app pirates
Free apps are not immune from hackers: 40% of popular free Apple iOS apps and 80% of the same free Android apps were found to have been hacked.
Less than 5% of popular apps contain professional-grade protections to defend against hacking attacks.
Mobile app hacking is becoming a major economic issue with consumer and enterprise mobile app revenues growing to over $60 billion and mobile payments volume exceeding $1 trillion by 2016
Although the lack of an iOS 6 jailbreak when Hackulous shut down has been suggested as contributing to its demise, Arxan Vice President of Marketing Jodi Wadhwa said some hackers have already been bragging about jailbreaking iPhone 5s running iOS 6.0.2.
"It is always an arms race for the hacking community," she said, adding that many global developers support such hacking as part of maintaining a "free" development environment. "They view jailbreaking as being about innovation."
Shilo White, a freelance iOS developer based in San Francisco, suggested some degree of app piracy is inevitable, but not all developers necessarily need to live in fear of being ripped off.
"I found it was definitely easy to pirate apps via Hackulous' services, which I don't support," he said via email. "It seems the pirated apps were, for the most part, widely popular and/or apps from major developers, and the majority of those apps were games alone. I think as a small indie developer, it would be pretty rare that your app would become pirated."
For those that do get stung, Ryu said, it's hard to figure out the best course of action.
"Given the tight control that Apple (NASDAQ:AAPL) maintains on the developers across the board, I think it is primarily Apple's responsibility to make the security thief-proof," he said, "but on the other hand, I don't want the measures to add too much hassle on the development process, which is already quite complex."
That could change with the recent raise of new services that facilitate app piracy without jailbreaking. These include Zeusmos and Kuaiyong, which offer one-tap, instant installs. Although both of these emerging services, which appear to have been created by teenagers, have already been shut down, Wadhwa said sites hosted in minimal or unregulated territories such as China "will continue to be plentiful and widespread as alternatives sources for jailbroken apps," and that the end of Hackulous may not mean much in the long run. "Software publishers can't expect piracy levels to decrease."
While Axran and Cambridge, Mass.-based Mtiks offer some tools to mitigate against piracy today, it's possible that more vendors will enter the space as enterprise-level products around mobile device management get packaged with consumer developer interests in mind. Atlanta-based AirWatch, for example, recently released an SDK that can alert IT departments of compromised apps or jailbroken devices. These could also be used to help protect consumer-based apps developed by corporations, said Airwatch Chairman Alan Dabbiere.
"We haven't really gotten down to the level of looking at piracy of the apps," he admitted, "but don't get me wrong. We're very interested in helping developers have a proper audit of usage, so that someone who is paying for 1,000 users isn't actually using it for 2,000."
White offers a potentially even simpler solution: go freemium first to cut off the incentive for pirates.
"As a gamer, I absolutely hate most freemium games, since they seem to milk money out of me left and right," he said. "But as a developer, that seems to be the most logical solution. Even over this past year, freemium is still widely popular and successful for developers."