The Myth Of iPhone App Piracy

People rarely talk about iPhone app piracy, but when they do, it's sounds devastating: 90 per cent piracy rates, $US450 million in lost sales, etc. Here's the truth: App Store piracy isn't a big deal - and it never will be.

With these shockingly high reports comes the general air that developers are being marauded and pillaged by Viking hordes and that Apple isn't doing enough to stop it. This resonates! Developers don't control much about the App Store, so if the entire app protection system has been cracked - which it has - you'd expect the looting to be wholesale; the impact on developers to be immediate and devastating; and the problem to be grave indeed.

And yet the piracy issue seems to be dying. The story behind the lack of a story, it turns out, is that iPhone piracy is nowhere near as serious as many people say it is, and that before long, it may not be a problem at all.

How It Works It's tough to talk about iPhone app piracy without tacitly endorsing it. The mere mention of DRM cracking methods and application sources is - or rather, was - enough to send people looking, and presumably, stealing. But look at the piracy subscene today reveals that, like the jailbreak scene it's a part of, it's just not the same as it used to be.

Kicking off your career in app theft isn't too hard, and it'll only take a few minutes of Googling to get the full instructions. Still, I'll keep this as abstract as possible. Here's how you do it:

• Jailbreak your iPhone or iPod

• Open Cydia, the jailbreak equivalent of the App Store, and add a particular download source that isn't part of the default lineup

• Download two apps: One that lets you crack apps you've purchased for the benefit of others; and another that lets you install cracked applications yourself

• Download cracked apps to your heart's content, from various sources around the internet

At the peak, there were sites that aggregated huge numbers of download links together into an easily browsable website, which meant that once your phone was cracked, you could tap through these websites like you'd browse the App Store - links to the latest apps were plentiful, and you could snag that game you just read about on Gizmodo within a day or so, tops.

The most popular of these sites, called, disappeared just last month, leaving pirates without a centralised resource for apps. Soon, torrent sites and second-tier link-dumps picked up the slack, at least for people dedicated and savvy enough to find them. So, yeah, piracy is alive, to be sure. But how serious is it?

The Problem I wanted to find out how bad piracy was, so I went straight to the developers. I started with the types of apps I thought would be least vulnerable, just to set a baseline: Productivity apps. The verdict? Yes! Piracy happens!

"Roughly 10 per cent of our paid app users are coming from piracy." That's Guy Goldstein, CEO of PageOnce, the company behind Personal Assistant, a top-selling organisational app.This is pretty stunning, if you think about it. Personal Assistant is available in a fairly full-featured free version, and as useful as it is, it's not the most glamorous of apps - it's a utility, not a flashy game. The paid version tracks a little high for a productivity app, at $US7, but not matter how you slice it, Personal Assistant isn't the most obvious target for piracy. Nor, apparently, is it a serious victim: "Although i think piracy is generally bad and negatively effects companies, for us it's not big issue - our business model is based on purchasing, but also advertising. The more users we have, the better." Right, so piracy is happening here, but it doesn't really matter. Let's move onto the people who you'd really expect to be getting ripped off.

I contacted TomTom, whose navigation apps start above $US50. They were cagey. Cagey and brief:

TomTom takes piracy very seriously. Per corporate policy, we do not disclose information about our ongoing efforts to disrupt software theft.

So I moved on to their direct competitor, Navigon, whose MobileNavigator North America app runs $US90:

Navigon is well aware of hacked iPhone Apps. As with any other software, it is only a question of time when applications are being hacked and distributed illegally. There's no security mechanism available to prevent this 100%. Since hacking of additional application functions, which are available through Apple's In App Purchase mechanism, is more difficult, this helps to better secure Apps from software piracy. Our legal department is watching this very thoroughly and Navigon will fight piracy with all legal means.

Less cagey, and more ragey. But this is an official position - a conversation with a Navigon rep left me with the impression that while they don't condone piracy, obviously, it wasn't exactly the Issue of the Day. Ripe targets that they are, nav companies don't seem to be losing sleep over this. Which leaves the game developers.

What apps are more pirateable than games? They're shiny, they're extremely popular, and they're often expensive. Surely the EAs and Gamelofts of the world are the hardest hit, right?

On record, they basically clammed up. Off the record, though, they were a bit more free. A rep from one of the largest studios - you've probably played one of their games if you have an iPhone - told me "It happens, but I don't think it's that big of an issue". I couldn't coax out any specific stats, but in relation to total sales, piracy figures are "small".

In fact, it was hard to come by hard piracy figures from any major developers, but one thing is certain: The occasionally reported 50 per cent + piracy rates are rare among major developers. And overwhelmingly, major devs are underwhelmed by the problem. So, where are all the pirates?

The Jailbreak Factor

Peter Farago, a VP at iPhone analytics firm Flurry - the guys who spotted the iPad in their logs days before it was announced - track roughly one out of every five apps purchased from the App Store, and their software runs deep: Though it doesn't collect individualised personal data, it can tell if a device running a tracked app is jailbroken or not. In other words, Flurry knows exactly how many of the millions of devices its tracked apps are installed on are jailbroken. Take a guess.

It's... as low as you might expect. Lower, even.

"Under 10 per cent of the iPhone installed base is jailbroken."

Just to make this clear, a company that at any given time is tracking five out of the top 10 most downloaded apps in the App Store is detecting a jailbreak rate of under 10 per cent. Less than one out of 10, and often significantly less. The figure tends to bottom out at just above 5 per cent after every time Apple issues a software upgrade, slowly creeping back up to previous levels as the Dev Team and the like issue updates to the jailbreak software. Bear in mind, jailbreaking is a prerequisite for app piracy, but not every jailbreaker is running even one pirated app. Start peeling off the people who jailbreak just to enable multitasking or Wi-Fi tethering, or to skin their iPhone, or just to see what all the fuss is about, and "under 10 per cent" starts to looks even slimmer.

Given the state of jailbreaking, I find these numbers easy to believe. Back in 2007, before there was an App Store, jailbreaking was as easy as opening a website in Mobile Safari. Today, it's a bit more difficult, and depending on which iPhone you have, sometimes impossible. (Sorry, late model 3GSers!) And Farago says it's always under siege: "There's a cycle that exists, but basically, it's this kind of thing that happens - every time there's an OS swap, it goes away for a while," dipping by "a few per cent" before creeping back up to previous levels.

Now, I don't want to play down these numbers, because even a tiny percentage of a user base as large as the iPhone's is enough to throw a developers' pirated/paid stats out of whack - this can happen, and cases in which pirated downloads exceed paid downloads have been documented - but such stats are misleading. Without even having to speculate about what percentage of pirates would have otherwise purchased the app, they represent a small portion of the app-buying population. They simply can't screw a developer over, except in those rare cases where the developer has to pay significant continuing costs to deliver data and services once an app is installed. Even then, Flurry finds that pirated apps are often launched just a handful of times after they're downloaded.

With the App Store offering most - though not all - of what the jailbreak scene used to provide, cracking your phone, going through the trouble of ducking regular upgrades and enduring the constant fear of rendering your phones permanently useless just isn't that attractive anymore. To be a pirate right now, you really have to want to be a pirate. This isn't Napster. This is Usenet. And pirates aren't potential customers. They're pirates.

Why Developers Don't Care At first I found many developers' silence on the issue curious. But after talking to a few, and finding out the scale of the problem, it makes sense: An app developer has nothing to gain by taking their fight public - Apple is clearly aware of the issue, and it's not like you can somehow convince hardcore pirates to start paying for all the dozens of apps they steal, because they were never going to buy them in the first place. To these people they're literally just free samples, and are most frequently treated as such. Developers do have something to lose, be it investor confidence (a lot of studios are heavily funded by VCs, who probably don't want to hear about any theft problems), a relationship with Apple (who would most likely prefer that developers discussed app DRM cracking and piracy privately), or the goodwill of the public, who aren't usually going to feel sympathy for a company anyway.

Most importantly, if developers do have a problem with piracy - say that, like PageOnce, they found themselves prominently featured on one of the more popular pirated app repositories - they can do something about it.

When an app is cracked, that is to say that its DRM has been stripped, and the app has been reduced to an unprotect .IPA file, ready for sideloading through a jailbreak utility. But in the middle of 2009, Apple introduced a system by which app developers could sell services or add-ons from within their apps. This was good way for paid apps to extend their profitability, and the in-app purchases were effectively unpirateable.

Then, in October, Apple changed the rules: In-app purchases were allowed in free applications as well, meaning that developers could provide free trial apps that could be upgraded to full versions by way of in-app purchases. Popular apps could consolidate their free and paid versions into one app, and on the way, make piracy all but impossible. After all, what's the point in cracking and bootlegging an app anyone can get for free?

Apple even says as much (albeit with no lack of redundancy): "Using In App Purchase in your app can also help combat some of the problems of software piracy by allowing you to verify In App Purchases."

Ngmoco took their fight against piracy public last year, quoting impressively high unauthorised download figures during new apps' first days in the app store. Today, nearly their entire product lineup is based on on the in-app upgrade model. And even after the transition, Ngmoco insists that piracy wasn't the motivating factor in their switch. In an interview with TouchArcade, it was the massively high download rates for free apps, vs paid apps, that lured Ngmoco toward in-app purchases. The elimination of piracy was a pleasant side effect, at best.

The moral of the story for developers? If you think you have a problem with piracy, you probably don't. If you still think you have a problem with piracy, you can stamp it out. Simple as that.

In-app purchases change the way developers market and sell their apps, and just as much, the way we consume them. Downloading a single app and then purchasing expansions for it is a superficially different procedure than downloading a free trial followed by a full app, or just taking a risk on a full app in the first place. But the way in which your transaction happens is different, too.

When you buy an iPhone app, it can be synced to multiple devices, as long as said devices are authorised on your iPhone account - the cap here is five, but that's enough to share amongst your family or friends, or to enable an easy transition from an old iPhone to a new one. In-app purchases, however, don't work the same way, at all. Here's what Apple says about syncing in-app purchases across devices:

&bull Consumable products must be purchased each time the user needs that item. For example, one-time services are commonly implemented as consumable products.

• Nonconsumable products are purchased only once by a particular user. Once a nonconsumable product is purchased, it is provided to all devices associated with that user's iTunes account. Store Kit provides built-in support to restore nonconsumable products on multiple devices.

• Subscriptions share attributes of consumable and nonconsumable products. Like a consumable product, a subscription may be purchased multiple times; this allows you to implement your own renewal mechanism in your application. However, subscriptions must be provided on all devices associated with a user. In App Purchase expects subscriptions to be delivered through an external server that you provide. You must provide the infrastructure to deliver subscriptions to multiple devices.

Problem is, this isn't how it works right now. In-app goods are sold on a strict per-device basis, because the only user information available to developers is the device identifier, not the account identifier. As it stands, when you buy something by way of an in-app purchase, it applies to your phone only, and not all the registered devices - iPhones and iPod Touches - on your iTunes account. Maybe that's no big deal now, but when the iPad arrives, this might become a problem.

Pirates... From the FUTURE App piracy today may not be a massive factor in the App Store economy, but it would be wrong to characterise it as nothing. It does exist, and to a developer who makes money selling apps, even one illegally downloaded app is one too many. Still, looking forward, this issue is clearing up almost completely:

• iPhone app piracy is already low, and isn't on the rise in any meaningful way

• The latest iPhone 3GS has proven very difficult to jailbreak, and Apple seems to be actively thwarting efforts with each baseband/software release

• In-app purchasing is coming of age, and effectively eliminates piracy

If you want to call the iPhone pirate a species, he would be an endangered one; if you want to call the jailbreak scene a subculture, it would be passé; if you want to call app piracy a problem, it would be more nuisance than crisis.

Apple's pending extermination of piracy is great news for developers, but for users, it'll come at a cost. And for want of an example as to why, this post couldn't come at a better time, with Apple purging "offensive" apps from its official store, which will increasingly be the only place for iPhone owners to download apps. If Apple wants to be the only provider of apps (and they do!) then they need to be held to a high standard of transparency and consistency, which - trust us - they're nowhere near meeting.