Yesterday we learned of the existence of a flaw in how Microsoft distributes software from the Windows Phone Marketplace and how it tries to protect it with DRM. A developer called Tobias created a demonstration tool supposedly capable of downloading any app, removing all protection, and loading it onto a WP7 device. Some people have been questioning the ethics of revealing his tool to the public, rather than waiting for Microsoft to fix the problem first. Perhaps in response to these critics, Tobias has now published his own fix, letting WP7 developers protect their apps against his own tool.
Tobias suggests that WP7 apps start using a routine that checks for the presence of a specific file, called “WMAppPRHeader.xml”. He notes that WP7 only allows this file to be transferred to the phone as part of a Marketplace download; if you’re using his tool and transferring a DRM-stripped app from your PC, it won’t include that XML file. If an app knows to look for the file, it can tell whether it was pirated and sideloaded, or legitimately installed from the Marketplace.
Of course, like any protection, a dedicated hacker could analyze the code and remove those checks, but that’s not the point. Tobias’s tool was so scary because it was essentially a one-click solution to casual piracy. If every developer implements this XML check in a slightly different way, no tool can automatically crack their apps. Now you can relax, WP7 developers; the sky has not fallen quite yet.