In the spirit of “divide and conquer” I’d like to try again to focus on just one out of the many sub-topics that whirl around discussions of Symbian Signed. On this occasion, the particular sub-topic is:
- Is there merit in using (or modifying) Symbian Signed processes to reduce the prevalence of pirated Symbian applications?
I stated the underlying requirement as follows in “Symbian Signed basics“:
c. Reducing the prevalence of cracked software
To make it less likely that users will install “cracked” free versions of commercial applications written by third parties, thereby depriving these third parties of income.
The idea is simple enough:
- A developer D0 creates an application A0, has it signed, and sells it for a fee
- To avoid users making and distributing copies of that application, without paying additional fees to the developer, the developer includes an element of copy protection in the application
- This restricts the application to run on a device identified by (say) an IMSI or an IMEI
- Some users will be developers in their own right, who possess the programming skills to alter the application to bypass the copy-protection code, creating a cracked version A1
- In principle, A1 can be copied and will run on a wider number of devices, thereby depriving the developer of additional income
- However, because A1 is a tampered version of A0, the original signature is no longer valid, so A1 will fail to install.
On the other hand, any developer D1 can access the Symbian Signed mechanism to put a different signature onto the application A1, thereby completing the circumvention of the copy-protection mechanism. The lower the expense of obtaining a signature, and the easier that process becomes (for example, by removing an independent testing phase), the more likely it is that cracked but installable applications (like A1) will circulate.
This is where the requirement to “make it easier for developers to carry out widespread beta testing” comes into tension with the requirement to “reduce the prevalence of cracked software”.
OK, having laid out the context, it’s time for me to state my own opinion on the matter.
I suspect that piggy-backing on Symbian Signed is probably not the best route for a developer D0 to avoid pirate versions of their application A0 circulating. That’s for the following reasons:
- It seems inevitable that the Symbian Signed mechanism will continue to become cheaper and easier to operate – in order to address the huge demand to “make it easier for developers to carry out widespread beta testing”
- The only kinds of apps which will be difficult for cracker developers D1 to re-sign are those which make use of some high-powered capabilities (like AllFiles or DRM or TCB), which in turn only apply to a small proportion of applications like A0.
So developers D0 ought instead to seek to use other copy-protection mechanisms – such as those involving DRM.
At the same time, the pressure for users to seek free copies of applications will reduce, provided the prices levied for these applications seem reasonable to large numbers of users. In turn, one thing that will allow these prices to remain low is if the population of users buying the applications is large, and if there is an efficient marketplace mechanism (akin to the iPhone AppStore) for users to discover and purchase applications.
(Aside: One more avenue to explore is if mechanisms could be put in place for developers to earn a proportion of ongoing network data or advertising revenues from the use of their application.)
To summarise: I’d like to take the question of “Reducing the prevalence of cracked software” off the Symbian Signed discussion table. (But I remain open to being persuaded otherwise.) That table is already cluttered enough, and the more we can remove from it, the easier it will be to reach a satisfactory consensus view.
Footnote: This posting is #3 out of N I expect to be making about Symbian Signed, where N could become as large as 10.