Late last year, the closure of the uber-popular Installous marked the end of a promiscuous era in iOS app piracy. Now, several new services are on the rise that are filling the gap and offering easy installation of pirated apps, even on devices that have not been jailbroken.
The two that have risen to the forefront are Zeusmos and Kuaiyong. While the former has been around for a few months, it has gained significant steam since the exit of Installous. The latter has appeared seemingly from nowhere over the past couple of weeks.
Both of these services are dangerous for app developers because they offer simple, one-tap installs of pirated apps and do not require that devices have been jailbroken in order to do so. This is an enormous problem, as it opens up the arena for their use from the relatively small fraction of users with jailbroken devices — as was the case with Installous — to any unscrupulous users of iPhones and iPads.
If you’re looking to steal apps from developers — lets not kid ourselves about what’s happening here — it is now easier than ever to do so.
Zeusmos is a service offered for free on jailbroken devices as well as for a fee on devices that have not been jailbroken — yes, that’s right, it’s charging users to download pirated apps. It charges this fee for a ‘cloud plan’ to install ‘cracked’ apps and to provide users with a license and provisioning profile that allows them to install these pirated apps. The creator of Zeusmos, a 15-year-old named Kevin Ko, offers it as a way to ‘try before you buy‘. But also seems unapologetic about the nature of what the app does: enable piracy.
There appears to be a connection between Zeusmos and the reseller of developer testing slots UDIDRegistrations.com. Selling developer device testing slots is something explicitly forbidden by Apple, which has been cracking down on these resellers for the past several months.
Here’s how the site’s FAQ describes Ko’s two products including Zeusmos and the Mac-only InstaSign:
Both InstaSign and Zeusmos are applications that allow you to install cracked applications on your iDevice without jailbreaking. InstaSign requires a Mac as it signs iPAs on your computer. Zeusmos requires no computer at all as it signs iPAs directly on to the device (like Installous for jailbroken iDevices) Because of this, both Mac and Windows users can use Zeusmos.
It’s unclear exactly how Zeusmos achieves its goal, but judging from the pricing and the correlation between UDIDRegistrations, it appears to utilize a developer licensing certificate to install ‘cracked’ apps which have had their DRM (copy protection) stripped.
In addition to users installing cracked apps themselves, the tool allows them to ‘share’ them with their ‘friends’ who are other Zeusmos users by email or even a link on Twitter.
The Chinese site Kuaiyong is also offering a similar service: allowing you to install apps for free, from your device, without paying for them. But it goes about it in a different way and is completely free.
There are two components to the tool, one which allows for installation of apps directly from your iOS device and the other which is a desktop application that allows install over a cabled connection. Once you use either, iTunes syncing ceases to work, but that hasn’t proved to be too much of a deterrent.
The apps appear to have been purchased under an Apple enterprise license, which allows for installation to multiple devices. There could also be a bundle of smaller developer accounts being used, which max out at 100 ‘slots’. They are then being re-distributed to other users through the two tools. There are some indications, however, that the issues go further than a single enterprise license.
We’ve been in contact with developers who have provided us with logs showing pirated installs of their apps. Some of the logs are showing thousands of users installing the ‘same’ copy of the app. Not the same app, mind you, but the exact same copy. This indicates that the same exact copy is being distributed with the same set of (encrypted) credentials.
The apps being installed via Kuaiyong may be utilizing bulk enterprise licensing, where the ones distributed by Zeusmos (or other copycat services, which are already springing up) are showing a variety of IDs, each of which is being installed multiple times.
So we’ve got two things going on. Services like Zeusmos have figured out how to ease the process of purchasing a developer slot and using its certificate to install ‘cracked’ apps, which are widely available on the internet. And ones like Kuaiyong are somehow bypassing Apple’s licensing rules to redistribute the same copy of an app over and over.
Security researcher Stefan Esser has been speculating about the Kuaiyong service on Twitter, noting that it could be an excellent way for them to distribute malware to iOS devices. Though the apps themselves are limited in what they can access due to sandboxing, specialized malware could be developed for certain popular apps that collected information and logged activity on your device. And there’s a strong likelihood that whatever they’re doing is using illegally obtained licenses at the least, and credit-card fraud at the worst.
The end result is the same in any case: people with a low moral threshold are cheating developers out of money and, in the case of Twitter apps, permanently removing a chunk of their possible revenue.
Drawing attention to these apps and services presents somewhat of an ethical quandary. By writing about them, we will no doubt draw more attention to them and therefore more acts of piracy from people who simply don’t care. But, hopefully, we will also see action taken by Apple to curtail these habits.
Make no mistake, these products are already being used widely, with thousands of stolen apps in the last few weeks alone. Twitter searches present endless results for people sharing information about them and looking for help in getting the hacked sites to work.
And these two are just a couple among a dozen high-profile options for users looking to steal apps. The seedy underbelly is there, and ignoring it doesn’t do anyone any favors.
We have reached out to Apple on the issue, but due to the holiday, there will likely be a delay before any reply is forthcoming.