----- Original Message ----- > From: "Anant Narayanan" <an...@mozilla.com> > To: "Jim Straus" <jstr...@mozilla.com> > > How do native apps deal with this? My limited understanding is that > they implement some DRM scheme based on information they get about > the uniqueness of the device they are running on (example: MAC > address). Steam, a popular game store, requires internet access at > the time of install (but not at the time of launch), if we can get > details on how they pull that off it would be informative. >
Steam generates a custom binary for each user. See CEG Overview on https://partner.steamgames.com/documentation/api I'm guessing that some sort of receipt / decryption key is stored on the local machine when you enable offline mode. They also use DPAPI on Windows for key storage, possibly KeyChain on OSX but I haven't looked into that. > Going all out by signing code like Apple does on iOS is out of the > question, I think. But we could consider an opt-in scheme where apps > worried about piracy can choose to trust the runtime (in this case, > specific B2G phones) to only launch the app if the signature & > receipt match. It would be easy to bypass this by recompiling B2G > with the checks turned off, but maybe that's ok, because only > "advanced users" will ever do this (it's the equivalent of "rooting" > your iPhone). > I agree that there isn't much we can do with the "rooting" scenario. The opt-in scheme sounds promising. Would the opt-in be contained within the receipt? The decision to launch or not launch an app should be made at the runtime level in my opinion. An app developer should be able to decide what to do with an invalid receipt without relying on callbacks in "untrusted" app code. Proposed change to receipt 1. Add a boolean field exitOnVerficationFail 2. true - app doesn't launch on receipt verfication error / failure 3. false - app launches normally on receipt verification error I'm not concerned about the case where a user has a valid receipt then modifies the appcache version of the app. The server should be checking user input in that case. Also this doesn't address the offline scenario. David Chan _______________________________________________ dev-security mailing list dev-security@lists.mozilla.org https://lists.mozilla.org/listinfo/dev-security
