This strikes me as truly bizarre. They control the servers, yet they allowed anyone who could get their hands on a copy of the game to authenticate and play regardless of whether or not they purchased it? Why on earth wouldn't they track actual payments for the game and check that against requests to the servers? Or better yet, make the game a pay-to-play service like World of Warcraft? Sounds like a huge missed opportunity.
Go find the Apple API that let's them know if this device belongs to a person who really bought the app. To my knowledge (not saying that is super-impressive by any stretch!), it doesn't exist.
It's the same reason you basically have to "repurchase" IAPs when you get a new device. There is no way for the developer to track that information and get you your rightful bits.
This has been going on long enough that I don't think Apple is going to do anything about it, either. I think they'd rather developers take the hit than have their customers get ugly interactions, even if they deserve it for pirating the games.
There are different sorts of IAPs. Consumables need to be bought for each device but non-consumables are recoverable to any device logged into the account. If you try to purchase them again they are free and the developer SHOULD implement a 'Restore Purchases' UI to allow you to recover them all without accidentally buying ones you don't already own.
With IAP the developer can also retrieve a receipt from the device that can be verified by Apple's servers (process different in the Mac App store). This does not apply to the original purchase of apps from the store, only in-app purchase.
You don't need to use the phone's identity for this. Force the user through a login screen on startup - if they have a paid for account, serve the requests, otherwise sever.
I'm not sure what you mean by "repurchase" IAPs, but the IAP API provides server-server cryptographic verification from Apple that is not crackable. Not all apps properly verify purchases, so there is mention of pirating IAPs, but done correctly they ensure that a user has paid. This developer should push a free application with a recurring IAP subscription, and somehow make users who have already paid happy.
I completely agree with you. For any service that has continuing costs, you need to find a way to have continuing revenue. A single purchase for a game that has continuing server costs is a very poorly thought out model.
What I mean by "repurchasing" IAPs: Every app I've interacted with forces you to go through the motions of purchasing IAPs when you get a new device. You aren't actually charged, since Apple knows you already bought the item.
I also fully recognize that my familiarity with these APIs is cursory at best.
I didn't look at how they make users pay but if it's not in app purchase they do not have a way to distinguish between legitimate and illegitimate users therefore they must accept all server requests or none.
That was my thought too. Nonetheless, that's a technical misfeature (they assumed the walled garden provided all the authentication they needed, and it doesn't), and technical misfeatures happen all the time. Now they have to decide whether to implement that feature or not, and that's a business decision: they know what the (legitimate) sales numbers are already. If those aren't enough to justify the cost, then it's simply not worth it and they should just shut it down.
Or, more cynically, they know they can get a bunch of press (and thus, more sales) by "shutting down" the game temporarily while they implement the authentication layer.
It would be hard to do with a paid download since AFAIK Apple does not include some sort of receipt on an app purchase. What I would have done was implement the game as free to download with an unlock IAP. With an IAP Apple returns a receipt to the client that is tied to the users account. The game server could then verify the receipt with Apple on each client connect.
This would also give the developers the ability to track the receipts and know if it had been hacked and shared. If the same receipt is being used to connect 100s of times simultaneously then it's time to ban a user. So while the IAP method isn't perfect, it would make it a lot harder for casual piracy to succeed.
Discussion earlier with about 70 comments if anyone wants to read them.
This is my comment from that thread:
Probably the best solution would be to switch to recurring in-app subscription to the online service. This is I think easier to verify and harder to pirate and should align the revenues with the costs (avoiding getting nice sales up front and not being able to sustain the servers in 18 months time).
Some hacks might work if they don't want to go down this route like issuing an update that contacts the server for a unique ID on first run and treating those that don't update quickly as suspicious - request them to email the iTunes receipt or something.
How quickly is regarded as suspicious could be worked out by looking for when there is a divergence between installs (and unique ID requests) and the daily update totals the app store provides. Duplicated IDs should be easy to detect it they access the service later.
> The high load revealed technical issues which we don’t feel we can fix to the level that our paying customers deserve.
That doesn't scream to me that piracy killed the game. Rather, piracy just revealed the reality that their server software was shit, and they didn't want to invest in fixing it, so they refunded everyone's money.
My interpretation was that they had a budget of $x to run their servers with from y paying customers. $x in no way could provide the services that y+z needed (z being the number of pirates) regardless of infrastructure or efficiency of code. Instead they decided to cut losses and refund without finding a way to block z or monetize it.
They would have had the same problem if this were a free-to-play game.
Actually, they would have had a smaller server load (though it would have still overwhelmed them) because I'm sure a percentage of these people are playing it merely because it was pirated -- like kleptomaniacs, these people want to play the game mostly because they aren't supposed to be allowed to. Some people just want to break laws to show they can, as a latent rebellious streak.
Some pirates like to collect games and I'm sure they try a lot of them, but I don't think they play them just because they're pirated. Not for any length of time, anyway. The game still has to be fun to keep them playing for more than 20 minutes.
In the past, I've analyzed piracy rates to see which games were worth playing.
Black markets are still markets, and still have supply and demand. It's a fallacy when game developers don't use piracy numbers to indicate demand for their games.
> I'm sure a percentage of these people are playing it merely because it was pirated -- like kleptomaniacs, these people want to play the game mostly because they aren't supposed to be allowed to.
I completely agree! What an odd title to the article, and then the company itself goes ahead and basically says, "Yeah, since now there are actually people using the game, we found out that it would be too much work to fix the serious problems that were there in the first place."
If they were willing to work on their product further this would have been a good event for them as a wakeup call in order to know what to expect later when the load gets heavier.
Apparently, they developed iteratively and failed to do "premature optimization." Fact is, hosting servers costs money, and developing optimized software costs money and time. The pirated copies are costing them money without giving them anything in return. On top of that, a lot of these people might have paid for the game if they had not been able to get it free.
As a game dev you are going to have an awful lot of things on your mind that are more important than optimizing a system that currently works. This is business reality. Obviously, this could have been an "excuse" to shutter a poorly-constructed game, but I totally believe that the load from copies freely obtained (against the developers' wishes) made their product untenable. All their blood, sweat, and tears, wasted.
I feel deeply about software piracy.
Piracy disrespects the software developers. The developers worked hard to produce something and you tell them that there code is worth $0.00. I'm extremely offended that people pirate code.
The key is that they asked for money and you told them no. It's one thing for someone to offer their software for free, it's another thing for someone to say, "I need money to develop this," and you tell them "No, your software isn't worth that." Maybe you didn't mean that. It's like slapping someone in the face and telling them that you really didn't mean it that way.
I'm absolutely shocked that comments in this thread insist that it's the responsibility of the developers to either throw up an authentication wall (think about the conversion losses!) or just handle thousands of people using their software for free. That's precious development time that they've spent on premature optimization when they could have built better features for paying customers.
I'll wager that 95% of the developers commenting here actually get paid for their code in some way, shape, or fashion. Why wouldn't you want to pay for someone else's code? Why do you have a kneejerk reaction when other people don't want to pay to use others' code?
I go out of my way to support free code if there's a donate button. Nearly every time I see a donate button I click it. I used Readability before their donations fell apart. I have a gittip account. I respect developers and the time it takes to create code, so I pay the price.
I assume the people reading this are like me. You also donate to open source projects and buy the paid version when possible, once you've tried the game. However, the rank and file of people who are pirating software probably do not.
Even though copying code is cheap, piracy takes a toll on the company:
- It often takes away potential sales.
- Pirated copies are often sub-par and can tarnish your brand. Some developers might not realize how important brand is, but just consider how many millions of dollars are spent to build brand for these companies.
- In this case, pirating imposed an unbearable load on servers. They had to shutter the game.
I am all about open source and donate whenever possible. I totally understand that, for example, patents are just ridiculously overplayed in today's world. However, software piracy offends me deeply. I think it ought to offend other developers as well, but you are free to hold whatever opinion you like.
> they developed iteratively and failed to do "premature optimization."
You're just throwing out buzzwords. People who write game servers understand the basics of scaling and memory management, or they don't. Unless you're Notch Persson, you can't release shit multiplayer and expect people to play your game (and Minecraft still had the singleplayer experience during that time).
Actually in this day and age scaling you code (to a moderate level) is maybe not the hardest part, I think the hardest part is to have the ressources to pay for hosting, bandwidth, cpu and ram. Thus if your model was not to provide a free app and have indirect incomes, in this case having non paid users is a major problem. But I think they should have thought about this problem before launching their app and implement anti-piracy measures.
You're right.. It's not all that hard to scale, and on top of that a single server really can support a lot of users. I built the back-end for an app in the App Store with well over 100k downloads and tons of active users.. It runs on 2 servers with a load balancer, and is total overkill. I could dispose of the load balancer and just run it all on one server.
I have a real problem with them blaming piracy for this, when there are many things they could have done to address the issue, as you mentioned.
They mentioned that the increase happened after a pirated .ipa was released; plus I imagine that they could look at their sales numbers, and then look at the number of people logging in, and realize that something was amiss.
Not sure if it's "couldn't" or just didn't want to, if they really made little money on the game.
But, there seems like there's more to this story. I haven't played the game... but having a popular free-to-download game and making money on consumables is the new App Store model.
So seems if it was a very popular pirated game, they could easily make money promoting it to the broad free-to-download audience and make money on in app purchases. I'm guessing the game will come back retuned as a free-to-play game. (looks like it already had IAP, not sure how effective it was).
Seems to me if I was in their boat, I'd change the server API to require some sort of passive token in order to get a response, push an update at the App Store(1), and force all legitimate users to upgrade. Maximum downtime, one week. The .ipa hackers/leakers will have to get into an arms race with the main company by putting new revs out every week.
(1) along with code in the app to make it either highly annoying or completely unplayable unless you upgrade if it detects from the server that an upgrade is indeed available.
That seems like a poor use of time compared to making the service scale, which is something you'd probably need to do anyway if you expect to get more legitimate users. And it you don't expect to get more legitimate users then maybe ongoing development really doesn't make any sense.
An arms race (your description) is not actually 5 minutes, even if it somehow remains a case of simply revving every week.
And my point was that you can't get out of making it scale for your paying customers anyway, unless you never expect to get them. So your way is however much effort your way takes plus however much effort my way takes.
If they refund the customers full price they're actually refunding 30% more than they received due to Apple's sales cut.
Disappointing to see this happening but there has to be someway they can authenticate users who have purchased the app. Seems easier than just shutting down and wasting so much money.
At this point, anyone who writes an iOS application should expect it to be pirated. Same as desktop applications, same as movies.
The response here, though, makes me suspect that the app authors simply weren't doing a very good job of planning for load. If an influx of pirates was enough to make them decide to throw in the towel, how long would they have been able to commit to keeping the servers running after sales plateaued?
No but some limited functionality could be possible I think. Maybe a limited free play period or the ability to watch others play but not take part until they have subscribed.
The costs of running a server with even 20x the expected traffic for a few weeks is more than all the time and moey it took to develop the game? This does not pass the smell test at all
On iOS a paid download is a transaction that is 100% managed between apple and the user, and as a developer you receive daily aggregate statistics. You don't receive any user identifiable information that you could use to limit accounts. There is no way to supply serial codes as part of a purchase. There is no way for them to create a single account as a part of the purchase.
The only thing they could have done is to change their game to a free download and make multiplayer an in app purchase. This would, of course, require that they also make something that is playable outside of multiplayer (since apple won't allow you to ship something that is non functional in the default state). Also, the server-side verification of IAP receipts can fail, which if they do strong checks can block potentially valid users from playing, through no fault of either the player of the developer. (notably, there have been cases of apple's verification server going down or incorrectly reporting receipts as invalid)
So please, before you eviscerate the devs, please realize they were trying to do the best they could for the consumer, and as a result got thoroughly screwed over. I wish them the best and hope they recover.
They could simply have adopted what games like Minecraft do - the game client is free(perhaps with free single player version too) and require people to have an account to play online.
Ah yes, and this is the part where common sense runs head first into Apple's walled garden.
This is how almost every multiplayer game does it to great success - tie your copy of the game into an account that the game developer can verify (possibly via a third party, like Steam). This makes it such that it's pretty much impossible for a pirated copy to hit your server.
Except, Apple does not allow you to take payments outside their channels for services provided in an App Store app. You don't have any personally identifiable information as the developer - nothing that can indicate if the user is a legitimate, paying user.
Administering IAPs and subscriptions is a huge pain due to the opaqueness of Apple's APIs. When customer service gets a complaint, like, say "I subscribed to your shit but I don't have premium access!" you cannot do any verification whatsoever, since you don't know their Apple ID, and their Apple ID was never visible during the transaction, so there's no way for you as the third party to back-trace anything.
I think this is the only way to go if you have significant server expenses necessary to support the game. Still it sounds like Apple doesn't let you know who legitimately bought the app, and they also prohibit in-app purchases that don't go through their system. So I'm wondering how people actually deal with this?
I've explained to clients: never charge a fixed upfront price for an app with free ongoing server access. Doesn't matter if it's a game, social network, dating site, or anything else. Give the app away, and either subsidize server access with ads, or charge a subscription via IAP.
This is also another reason why developers choose to go the freemium route.
With apps that have their own backend its trivial to verify receipts with your server. It's hard(impossible?) to verify actual purchases with your server but In App purchases can easily be verified.
