Microsoft pins Windows Store app purchase exploits on insecure code
Attention has swirled around what, at least initially, looks to be a surefire way to pirate Windows Store apps: as a warning to developers, Nokia engineer Justin Angel has detailed how at least some Windows 8 apps can be hacked to avoid paying for full versions or in-app purchases, and even strip out ads in free titles. Several apps he tested are stored in such a way that that it's easy to modify apps' data files and Internet Explorer 10 requests. According to a Microsoft spokesperson we contacted, however, many of the vulnerabilities are common to any app store, and supposedly thwarted with the right code.
The company points to a recent Dev Center document emphasizing Windows 8's optional app receipt system, which can require any transaction be validated on the developer's server. Programmers can also mask content or move the more valuable material to the internet, Microsoft says in the note. While we're wondering why safeguards like receipts aren't mandatory, we wouldn't immediately fret if our livelihood depended on the Windows Store -- at least, not if we were careful. Read Microsoft's full statement after the break.
Any successful software distribution channel faces the challenge of being targeted by people wishing to circumvent the system for ill-gotten gains and we're committed to ongoing protection of both customer and developer interests. Just as they have with other platforms, hackers are proposing ways to compromise the integrity of apps, which can have lots of negative consequences to the system and the customer experience. We have taken a variety of extra measures to help harden Windows 8, some of which are detailed in the following forum post [linked at the source].
