All posts by Sean Christmann

How I would design the perfect desktop app store

Since releasing my first app to the Mac App Store I’ve been thinking about how I wish I had more options available to me as both a developer and consumer. The following is my wishlist for the perfect desktop app store, basically it takes the best parts of Steam and the best parts of the Mac App Store and combines them.

OS/Vendor Agnostic – The perfect app store needs to work consistently across Windows, Mac, and Linux, and the only way to establish impartiality is to make sure none of the big vendors *own* the store. That said, in order to really take off it would probably need support from some of the major cross platform vendors like Adobe.

Platform Integration – The app store cannot be web only, it has to come with an installable store that manages your applications and lets you browse for new apps to purchase. On the flip side, web purchasing should also be enabled and publishers should be able to embed a framed version of the store in their website to make transactions more fluid.

Buy once, run anywhere – Publishers should be able to set options on whether applications are purchased once for all platforms or require small payments for additional platforms beyond the first one. Ideally you wouldn’t have to pay more for a different platform, but enforcing that rule may discourage publishers from putting in the time to port code.

Multi system – A single login should be usable on up to 5 systems.

Multi user accounts – Families should be able to easily add kids to their account and purchase software for them. Companies should be able to add and remove employees from a company account and assign software to different users. No need for separate company logins, everyone can just use their personal accounts.

Simple receipt system – Apple Mac Store pretty much nailed it on this one. Users don’t have to be logged in like Steam in order to run an app. The way it works is every application is responsible for finding and validating a digitally signed receipt when their app starts. Receipts are generated from app name, app version, and system id, and digital signed. Receipts can easily be downloaded when logging in to a new computer and easily voided when no longer valid.

Simple update system – Apple nailed this one as well, provide simple notifications that updates are available for certain apps, and then handle the process of installing that update.

Application upgrades – Publishers should be able to set options for users to get discounts on major upgrades if they own a previous version. Users should be able to enter serial numbers for existing applications to prove ownership of previous copies.

Cloud Storage – Apps can use up to 50mb of cloud storage per user, paid apps can choose to use a percentage of proceeds to pay for unlimited space for their users.

Developer Tools – Developers need strong guidance on how to package their apps and test them before going live. They should be able to download sample receipts for their app and test the installation process through the store itself before going live.

Freedom of Language – There should be no restriction on languages or technologies (think java) that are allowable in the store. Dependencies lists can be built over time into the store to help facilitate getting users the correct packages for certain apps to run.

I’m sure there’s a few other things I haven’t thought of yet, what would you add?

Launching Space Gremlin to the Mac App store

Lately I’ve been on a kick…instead of wishing for software to work the way I want, I’m just gonna build it the way I want instead.

Today one of those ideas has come to fruition and I’m happy to announce it’s launch in the new Mac App Store. Space Gremlin is an app I wrote over the course of Christmas to visualize disk usage on a hard drive to help find and delete “gremlins” taking up too much space. It features a top down view of a disks folder structure and the relational sizes between other objects. It’s easy to drill in to folders or slice up the view to focus on important areas. While there are other apps out there on the Mac platform that address this concept, I’ve never found those other visualizations very usable or readable.

I’m hoping other people out there find Space Gremlin as usable as I do, so I’ve added it to the new Mac App Store to handle the distribution end. Since this is the launch and I’m still new to the whole Mac App ecosystem, I’m setting a launch price of only $3.99 but it will probably settle at a higher price soon after. I’ve also decided to go exclusive to the Mac App Store to avoid setting up my own purchasing and validation system.

Give it a try and let me know what you think. Big thanks to all the fellow developers and designers at EffectiveUI who helped me test this app. If you’re interested there is also a free demo available on the website http://www.spacegremlinapp.com

Mac app store hacked, how developers can better protect themselves

Crude instructions have started showing up online with ways to circumvent Apples Mac App store receipt validation. By simply copying receipt and info.plist data from a free app and pasting it into a paid app, you can run apps copied from friends computers or bittorrent. I myself have a copy of a paid app (not angry birds, but one with stronger protection) running on my system that was purchased by a friend. This is a massive failure in the implementation of Apples receipt system.

So why are all of the app store developers in this position? Apples current documentation on how to validate receipts is fairly complex, but the sample code and Apple own instructions ask developers to validate against data that is entirely external to the binary itself. Worse yet, it instructs developers to validate against plain text data easily editable with any text editor.

If you are an app store developer and you are using apples default security logic, you need to review these validation steps in your code

  • Verify that the receipt bundle identifier matches the value for CFBundleIdentifier in the Info.plist file. If they do not match, verification fails.
  • Verify that the version identifier string in the receipt matches the value for CFBundleShortVersionString in the Info.plist file. If they do not match, verification fails.

And change them to be more in line with this

  • Verify that the receipt bundle identifier matches the value for CFBundleIdentifier that you hard code into your application.
  • Verify that the version identifier string in the receipt matches the value for CFBundleShortVersionString hard coded into your application. If they do not match, verification fails.

At the end of the day, if your app is popular enough it’s going to end up on a pirated site, but for the time being, by following the instructions above, you can avoid having your app easily cracked with TextEdit. For those interested, Angry Birds only implemented 2 of Apples suggested validation steps, so the pastebin instructions will only work for Angry Birds, you need to do a little bit more for apps that handle all 5 validation steps.

Update, if you are using roddi’s receipt checking code from github, here are the offending lines you need to change.

BOOL validateReceiptAtPath(NSString * path)
{
	...
	bundleVersion = [[NSBundle mainBundle] objectForInfoDictionaryKey:@"CFBundleShortVersionString"];
	bundleIdentifer = [[NSBundle mainBundle] bundleIdentifier];
	...
}