It should also be obviously wrong and illegal for any app secretly to inventory everything in your phone and then impersonate you on a Twitter broadcast in which you're wrongly accused of pirating things.
Evidently, the people who made this dictionary app think it's perfectly legal to do that, and must not see anything wrong with it.
Our laws, regulations, and societal norms have a long way to go before they catch up with technology.
Oh, that remains to be proven. Impersonating someone else to have them describe themselves as a criminal is pretty clearly legally actionable, both in a civil and criminal sense. There's every likelihood that the laws and regulations will work just fine. And judging by this post, societal norms are also working just fine to disapprove of the behavior.
The guy has come up with a new way to violate laws/social norms, to be sure. But that doesn't actually mean they aren't working. They are flexible enough to adapt to most new situations and this is certainly one covered by them.
I don't think it's so cut-and-dry as you are making it out.
It's definitely shady, but I dare say there's nothing illegal here.
So the granting of permission is conditional on that permission being used responsibly, and if the app fails to work without that permission and then breaks trust with its users in that dramatic of a fashion...
I know that I won't purchase or use any Enfour inc. product in the future on the basis of this; there's plenty of easier dictionary apps that won't falsely accuse me of piracy.
It is exactly the same thing. If you give something access to your twitter account, you are giving it the ability to post, and therefore, tacit permission to post.
If I walk up and stand two feet infront of someone I have given them the ability to try to punch me in the face, I have not given them permission to do so.
If I utilize a computer repair service and I grant them remote access to a computer at their request I have likely given them the ability to run the equivalent to rm -rf /, but I have not given them permission to.
I can grant a friend access to my house by giving them a key that does not mean I give them the permission to do what ever they want in my house.
In the above three cases there are legal consequences for a party when overstepping their permissions.
Apps cannot transmit data about a user without obtaining the user's prior permission and providing the user with access to information about how and where the data will be used"
Moreover, the app was apparently locking out paid users from any access at all unless permissions were granted, which in itself shouldn't have made it through Apple's vetting process in the first place (exception: twitter clients). The majority of apps will only need access to the "share sheet" for posting to twitter, which AFAIK doesn't require explicit permissions (similar to sending an email; the user must hit send)
Also the app appears to be in violation of the iOS guidelines (see another post upthread), which means that it is not generally understood that apps can post on your behalf without telling you just because you give them access to your Twitter account.
You may find it surprising but it is actually illegal to trick someone into agreeing to something that harms them. You can't just say "Can I do this to you" if the person you're doing something to can't reasonably be expected to know the implication of "this". That's why we use phrases like "informed consent".
I wouldn't say that what this app is doing is within societal norms. Just like laws, societal norms get broken, which is what happened here. The publisher will suffer consequences (both from Apple and potential customers), as they should.
Booby trapped software is NEVER a good idea. No matter how clever you think you are, you're not clever enough.
Popping a message like this would be good: "Sorry, this section of the app is incompatible with IAPCracker. Please contact support if you have received this message in error."
Personally, I prefer the pragmatic approach to the idealist. It's far less stressful.
> How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession
If you have a jailbroken iPhone, odds are that you did so to pirate "iOS apps" and are hence a "software pirate". That sentence looks like it was carefully crafted to be correct and generalizable.
This is probably not good for the dev's PR though, because accusing customers of being criminals doesn't go down too well (Music/Film) - unless of course you are a lawyer (MPAA/RIAA) - then you make fat stacks.
Collateral damage is not a justification for this.
The correct way to check if your app has been pirated requires two steps:
1) You must be running on a jailbroken system. Check this by trying to read from outside the sandbox.
2) Check if your app's signature is invalid. Checking this is fairly involved. Look around for code.
If either of these two are false, then you've not been pirated (point (2) will be true when your app is checked by Apple but point (1) will be false).
For Mac App Store apps, only point (2) is required.
The author of the app in the article has only checked point (1) (and additionally checked an irrelevant point by checking for Installous).
Incidentally, the preferred action if you've detected a pirate situation is to exit(173).
Although I've definitely had non pirate users report this error to me because they've drag and dropped the app onto another machine instead of reinstalling from the App Store -- so you're right, it's not a guarantee that they're a pirate in an absolute sense.
The main question is: what exactly lays outside the sandbox? A good thing to search for could be Cydia, but there are alternative package managers. MobileSubstrate isn't a sure bet either, but I suppose it's a far cry safer than Cydia. An additional method could be trying to map a page you can both write to and execute, which should fail unless specific kernel patches indicative of a jailbreak have been applied (or you're a webview with Nitro enabled.)
The best method, however, is to not care, because if you do it's for the sake of either tracking/analytics or screwing over your users.
Less than half a millisecond?
Nit: I'm almost certain that they checked for MobileSubstrate.
At least they only posted to twitter instead of  something a lot worse (think file deletion, etc).
Generally a bad idea, if you're of the leet warez d00d type, to give any illicitly acquired app your credentials to anything important, at least until you've verified that it's safe.
The armchair lawyer in me wonders if someone could get a libel/defamation suit going because of this. The average user wouldn't probably have much to go on, but the head of a company perhaps.. yikes.
why yes that *is* a geocities address!
As a professional certified internet laywer I'd also add impersonation.
Which means that, regardless of the technical point that "access to the Twitter account" gives the app the ability to post, the user did not give the app permission to post.
I am sure that Apple has a standard checklist, and am not surprised that this is not on it.
"I would add that this problem seems to be happening with many, if not all of the Enfour dictionary apps, not just the Oxford app that this story is about. And Enfour seems to be attacking customers who post low reviews on their App Store pages.
And this has nothing to do with having a jail broken iPad or iPhone. It is happening to everyone."
".. Enfour is attacking people leaving bad reviews in the App Store, but not by triggering their Twitter accounts. Enfour is actually responding to the bad reviews by posting negative comments about the reviewers themselves on the description pages of Enfour’s apps. You can see these when you access the iPad store, but you have to click “more” for them to appear. I don’t think they show up in the iPhone app store."
Sounds like a great company all around.
They will have to do some heavy backpedaling for me to believe it was a bug. I'm a developer. Ive created bugs and fixed bugs. This is not a bug. This is a "feature".
So, it's a feature, but the bug could have been that it was unintentionally 'enabled'.
There are lot's of other verification links on google, just look for "tracey northcott enfour"
Sorry, I'm sensitive to this kind of thing. As if her life suddenly has meaning, so now she has to compensate for all the lost time. Congratulations, though.
And what's wrong with "staging" a photo? Pregnancy is a pretty big deal, some people feel it's worth celebrating. I don't see anything wrong there at all.
Good job. I came to this thread ready to crucify this woman and her company based on their unbelievably bad design decision. Now I feel like I need to defend her from sexist creeps...
I'm sorry if I offended you guys, especially the poster (I see why you picked the link, and it's totally fine with me). I know how this seems like another excellent example of "HN going downhill with rudeness".
To clarify my post: The article seems entirely lacking of substance with fluffy self-helpy answers, with no point but for her to needlessly glorify her pregnancy. Further, it fits with a recent fad, by "helping" you making that old-school-biological-baggage of yours fit with your fast paced modern lifestyle, a subject I really do not appreciate as the articles regarding it are, as the piece in question examplifies, usually just fluff for pageviews. "How to cook excellently in 3 min", "How to raise a family and be a CEO" etc...
Another issue was with the aesthetics: http://www.being-a-broad.com/wp-content/uploads/2010/10/6_61...
It seems absolutely awkward, especially if it was made for humorous purposes as that is, to me, unclear.
My point regarding self esteem, stems from the third photo. There is no reason for you as pregnant woman to wear a bellyshirt, unless you're desperately attempting to call attention to yourself. I feel it does it overly so, which I trace to some insecurity in other areas of life. When I see stereotypical behaviour like that, i have a need to call it out. Perhaps to feel superior and establish my dominance or whatever....
(Of course she could be wearing it because the photografer asked for it. For the staging part. To me, it looks unnatural and stupid if that is the case, leading back to the aesthetics part)
I thought of deleting my post, as I did not want to make anyones day worse but this is indirectly a discussion about me, and, as such, an opportunity for me to learn more about myself, how i should improve. Social life hacking if you will. Please flag the post, if you feel it is the right thing to do, though.
Sorry everyone, at least I sparked some discussion, making up for the poor form through this post i hope.
We live in a day and age where in order to make ends meet, both parents need to work. Not only that, but some women actually have aspirations outside of just being a mother and they have every right to do so. If women need to make blog posts about shortcuts they've found in order to streamline their lifestyles, so be it. This woman's blog is also probably how she connects with family and friends, not a place for some random passerby to make a judgment on her life.
Moreover, pregnancy is a huge ordeal mentally, physically and emotionally. In the grand scheme of time, it's also relatively recently that we've been able to ensure you won't die from it. Some people find giving birth to be the very purpose of life, so she has every right to "glorify" it.
How can you possibly post this sort of nonsense and expect to be taken seriously?
* This is on a site for expatriate women in Japan.
* This page belongs to their monthly series of profiles on various women living in Japan.
* A substantial part of her profile discusses how being pregnant and taking maternity leave affected her experiences at work.
* Nobody made you read it.
The pregnancy focus seems entirely relevant to me. And, come on, it's a major life event. Why shouldn't she be allowed to be excited about it?
If she had something more professional I would have linked that and will happily edit my post with something like a LinkedIn profile or similar. I wasn't trying to embarrass or show up their spokesman, she just Tweeted from a non-company twitter account and frankly she could have been "anyone." So I wanted to verify that this person could speak for that company and share my findings.
Yes, you can get away with calling a uterus a "stomach" in some contexts. If you're going to flame about it, get it right.
They are or have been the most highly valued company in the world.
The walled garden is not for our benefit.
The latest version displays "I'm a software thief" as a notification, says to run the app in safe mode and then crashes.
Oh, and I'm not jailbroken.
Why isn't the app given an opaque 'twitter handle', which may be a real account, a no-op, or has a moderated posting ability? And why is the app allowed to view general properties of the system, looking for system software which it deems unfavorable?
Because Apple decided that instead of implementing the above security features (and giving their UI designers the task of making such capabilities understandable and non-overwhelming), they would simply only allow "good" apps. Well guess what - "good" doesn't scale.
If there was a way to see expanded permissions before allowing a program to update perhaps he would have not updated at all?
You really can't do that on the App Store?
The long answer is that good dictionaries, such as American Heritage Dictionary, the Shorter Oxford English Dictionary, and the OED itself, are produced by scholars and experts, guided by editorial panels comprised of scholars and experts, require a great deal of work to produce (the first edition of the OED took something like 71 years to complete!), and contain more data (i.e., more words and more definitions per word) and generally higher quality data than free dictionaries. You're probably willing to pay $50 for software that solves your problems, because you probably make software yourself, and you know that it costs money to create software; an analogy can be made here. But if a barebones dictionary works for you, then it works for you, and don't worry about it.
So what is a good dictionary? Here's a tentative answer. A good dictionary provides pithy, useful definitions that reflect the words' differing meanings over time and differing contexts. Most good dictionaries also provide style and usage guidelines (e.g., "When should I use 'lie' and when should I use 'lay'?"), and a good dictionary will also provide a word's etymology. Many free dictionary apps use data from WordNet, which is an amazing resource, but its focus is on tagging words with taxonomic properties (sorry, a better phrase isn't coming to me right now) and defining the relationships between those words, all of which is very useful for general linguistics and NLP research. The quality of the definitions fall short, and you should be able to confirm this by comparing just about any WordNet definition to a definition from a good dictionary at your library.
I was hoping to find a better example, but to give yourself an idea of the research problems that can be solved with a good dictionary, consider reading this brief student's guide to using the OED:
It's probably a bit much, but I'm going to go ahead and say...
It seems somehow fitting that a company which feels entitled to $50 for a dictionary app would also feel entitled to commandeer a supposed pirate's Twitter account for public embarrassment or do something equally smug .
Their website is interesting - http://enfour.com/
Honestly, just let the quality of your app speak for itself.
1. Stopping piracy of a single app in China is very unlikely to result in increased sales of that app.
2. There's no Twitter in China.
I'd say it is similar to piracy on game consoles. It exists but you need to do something unusual to enable it, so most people don't do it.
Get users' permission before sending Tweets or other messages on their behalf. A user authenticating through your application does not constitute consent to send a message.
http://news.ycombinator.com/item?id=2447485 (I won't copy over my full complaint, read it there)
http://en.wikipedia.org/wiki/Copy_protection#Notable_payload... (for a very comprehensive list, but without comments about false positives)
They are all similar: they are dangerous when gone wrong, damage your brand, expose paying customers as if they were sad idiots and - at worst - ensure that they are ridiculed on support boards even when they have an actual problem.
Implementing such a system shows that either the programmer or the project owner in question is a smartass that thinks of himself as more infallible and better than all the others that programmed such systems that subsequently went haywire. Sorry for the harsh words, but after being bitten multiple times by such schemes, I have no nicer ones.
I guess the tipping point is the 'tweet back' feature. At its worst it seems like a narcissistic 'I want to have public conversations with another individual.'
If twitter id's were all anonymous I suppose it's no worse than a forum like this except that the content is most likely far more personal and far less technically valuable. I use HN to keep up on the latest technology and to some extent business trends.
Why do people like twitter?
Mostly I see it used for quick conversations, funny remarks, organizing small events, saying when you're going for a trip...
That is a very useful public conversation to have; indeed 20 years ago it could have happened on usenet.
They are most likely teaching users a lot more about privacy than all the warnings of us "paranoids" can achieve.
"iPhone app goes rogue and starts defaming users via twitter"
That's not and issue people had to deal with 50 years ago haha.