Sabtu, 15 September 2012

Aliyun App Store Confirmed To Be Distributing Pirated Android Apps, Many From Another Pirate Site


A couple of days ago, we ran a story about a circulating rumor that Google had expressed strong concerns with the launch of an Acer phone powered by Chinese Internet firm Alibaba's Aliyun OS. As the post explained, Alibaba claimed that Google had warned Acer that releasing the CloudMobile A800 could result in the search giant "terminating its Android-related cooperation and other technology licensing with [Acer]." These rather strong words led to speculation over just what the issue could be with Aliyun, and whether Google had issued the warning at all. Google quickly confirmed its stance, indicating that Aliyun was an incompatible version of Android, and one that could "weaken the ecosystem."

Aliyun OS, for those wondering, is a Linux-based operating system built by Alibaba Group, China's largest Internet firm by transactions. While the OS doesn't u se Dalvik, it is, for all intents and purposes, an Android clone. The OS is heavily focused on cloud storage, and at launch, Alibaba promised users 100GB of free storage space for media, files, and of course applications.

Anxious to find more information or some clue as to what spurred Google's alleged "concerns," I began digging. A reader commented on the original story that something seemed fishy about Aliyun's app store, which evidently launched earlier this year.

After doing just a bit of research, it would seem our reader had a point Aliyun's app store appeared to be distributing Android apps scraped from the Play Store , not only downloadable to Aliyun devices as .apk files, but also provided by third parties not involved with the apps' or games' development. What's more, we've received independent confirmation from the original developers of some of these apps that they did not in fact give consent for their products to be distributed in Aliyun's app store.

In this post, we'll take a quick look at some of the evidence that Aliyun may be illegally distributing apps, our confirmation from developers, and what this could mean for Android, Aliyun, and piracy in general.

The Clues

After digging around in Aliyun's app store for a bit, I tracked down several clues to just what is going on. The following is a brief rundown of the pile of evidence.

'Download to Computer'

The first clue was the set of buttons that appears in every app listing:

androidpolice.com/wp-content/uploads/2012/09/nexusae0_image32.png">image

The "download to computer" button, while sending up a red flag initially, isn't necessarily surprising on its own after all, the standard licensing method for apps now functions in such a way as to allow the download of .apk files and simply check licensing with a server when the app runs. What's interesting here though is that in most cases, each app store requires its own type of verification. For example, while the Play Store handles licensing one way, Amazon's App Store offers different guidelines for developers submitting to the market. What this means is that .apk files submitted to Aliyun's store are, at least in some sense, tampered with to support the store's own licensing procedure (if there is one).

Whether this involves cracking the existing licensing method is as yet unknown, but it doesn't bode well when we know that many of the apps' original developers are not the ones submitting the apps to Aliyun's store. The first clue I noticed to suggest that the apps were submitted by third parties was the varying app names and "Developer" or "Provider" names for each app or game. The presence of root apps, particularly those used to install custom Android recoveries and ROMs also seemed suspect given Alibaba's "virtual machine" claim. The following a re a few examples of suspect apps.

Google Apps

First up is Google apps. Soon after Google released its statement on the Acer/Aliyun issue, Andy Rubin posted to Google+ specifically calling out the OS' incompatibility issues and the presence of Google apps which he confirmed are pirated. Considering Google's stance on Aliyun, there's zero chance the giant would provide its apps or services, but take a look at what a search for "Google Inc." turns up:

image

The list goes on to include Google Indoor Maps Tool, Finance, Pinyin input method, Voice Search, Maps, Earth, and just about everything else Goo gle.

Temple Run

Next is Temple Run. The first clue here is that the app is listed as "Temple flee" in Aliyun's store. This, however, could be chalked up to translation. What can't be attributed to poor translation is the "Provider" name Eloquent. Temple Run was originally created by Imangi Studios, and "Eloquent" is a Provider name that shows up time and time again in Aliyun's app store, along with a few others.

Next, the actual details of the app Aliyun's listing was published August 8th, 2012, the date the Play Store's Temple Run was last updated. What's weird is that the version found here is 1.0.3, whereas Imangi's 8-28 release is version 1.0.7. Further, the app is 26368KB, which translates to roughly 25.75MB, 2.75MB heavier than Imangi's Play Store app.

image

bqjHXunnamed (1)

Both listings contain the same promotional screenshots, but Aliyun's shots are extremely low res and like with most of Aliyun's listings distorted when viewed inline.

Granny Smith

Granny Smith, from the maker s of Sprinkle, is a paid app in Google's Play Store, costing users $0.99. Its listing in Aliyun's store faces the same set of issues this time, the Developer is listed as leiguang888 a name that also shows up over and over, and probably doesn't translate to Mediocre (the original devs behind Granny Smith). The game was published to Aliyun September 11th under version 1.0.0, while its Play Store counterpart was updated to version 1.0.1 five days earlier on the 6th.

image

aliplay

Again, both stores share the same promotional screenshots.

ROM Toolbox Pro

ROM Toolbox Pro is an especially interesting case. Given Aliyun's limited ability to even deal with Android apks in the first place, it's surprising to see an app listed that aides in the altering of system files and firmware on Android devices. As Andy Rubin stated in a post to Google+, Aliyun is not even fully "successful" at being compatible with Android apps, let alone firmware.

Another interesting facet of this l isting is that the Developer listing is almost right it lists JRummy16, the Twitter handle for JRummy, the actual dev behind the app. The version published at Aliyun is 5.0.5, published August 17th. ROM Toolbox Pro has been at version 5.2.7 in the Play Store since 9-2, and weighs 7.2MB, compared to Aliyun's version which is just over 4MB.

image

aliplay

Again, the screenshots are the same (Aliyun's low-res answer to the Play Store's original shot), though this time the Aliyun shots feature a nearly illegible watermark for a Chinese website.

Endomondo Pro

Endomondo Pro, likewise lists the familiar "Endomondo" as developer, yet version 8.2.0 was published to Aliyun September 3rd 2012. The Play Store's 8.2.0 was published August 27th. The file size is on target, but this time the app's screenshots were a giveaway.

image

imageimage

Despite the parity of version numbers between the two listings, Aliyun's listing still shows screenshots from Endomondo's old interface which was ditched back in July.

We can also see that watermark again, but this time it's legible the watermark belongs to NDUOA, another Chinese app market that openly, freely distributes pirated .apk files for paid Android apps. This is bad.

The OTHER Pirate Site

Nduoa is "the other pirate site" mentioned in the title of this post. Nduoa is an "alternative" Android market mainly localized for Chinese users. The site appears to be based in Shanghai and is owned by the elusive Ndoo Inc., providing thousands of free .apks (many of which would otherwise be paid) for direct download. The site even features a version of Google's Play Store cleverly named "G O O G L E Play."

While one would need to have a working Chinese SIM to register for Aliyun's store, absolutely no registration is needed for Nduoa.

Of course Nduoa is far from being the only international site offering free downloads of pirated apps, but it would appear that a large number of the otherwise paid apps available from Aliyun's store we re yanked directly from Nduoa for the benefit of those set to use Alibaba's new Android clone.

The Confirmation

The first, and perhaps most important confirmation available was found in Andy Rubin's post to Google+ I mentioned earlier, plainly stated that Aliyun facilitated piracy:

However, the fact is, Aliyun uses the Android runtime, framework, and tools. And your app store contains Android apps (including pirated Google apps). So there's really no disputing that Aliyun is based on the Android platform and takes advantage of all the hard work that's gone into that platform by the OHA.

Aliyun's app store featuring pirated Google apps is, as one commenter put it, "really awkward," but in investigating this issue, I wanted to confirm the suspicion that Google apps weren't the only ones illegally listed in the Android clone's web front.

To that end, we asked a number of developers if they or their teams had given any form of consent for their paid apps to be distributed there.

The response we've gotten so far confirms that Aliyun is distributing pirated apps, more importantly without developer permission. A member of Mediocre, the development team behind hit games like Granny Smith and Sprinkle, had this to say:

This is the first time I've ever heard of Aliyun, so the answer no we had no idea that our games were available there.

We are still waiting on confirmation from a handful of other developers, but this essentially closes the case on whether or not Aliyun is distributing apps il legally.

The Implications

The implications of Aliyun's app store providing what are essentially pirated apps are pretty big. To start with, we know that Chinese piracy accounts for a rather considerable chunk of the Android piracy pie China is home to about 170 million Android users. Why is piracy such an issue in China? It's likely due to the fact that Google is yet to get paid apps to China in the Play Store. Whether this is due to legal issues (probably), or some other factor is unknown right now. That being said, part of the problem can also be attributed to the development and distribution of Android splinters or incompatible clones like Aliyun, which have no access to the Play Store in the first place. Either way, in this writer's opinion, the lack of an ability to pay for something does not validate the illegal distribution of that thing.

Next, Aliyun's app store is, as the name implies, the app store for an entire emerging OS in China, one that is essentially a "fake" version of Android. The presence and distribution of pirated apps through the store not only makes Alibaba Group complicit to app piracy, but extends the complicity to any company who chooses to partner with the firm in bringing Aliyun OS to mobile devices and by extension to the hands of customers.

In essence, the presence or emergence of an OS like Aliyun which relies on an app store filled with piracy hurts all involved with Android first, it undermines the meaning behind the Open Handset Alliance itself. If Aliyun were to be successful, it would put off developers who find that their hard work is being carelessly distributed for free internationally. Once that happens, end users can suffer from a lack of quality apps, a poor de velopment ecosystem, and general dissatisfaction.

Though Google's statement on the recent Acer/Aliyun debacle went directly for the (extremely valid) "incompatibility" argument, the evidence presented here may compel one to think that there might have been a second reason behind Google's strong response, which itself was an almost unprecedented reaction from the Mountain View giant regarding the Open Handset Alliance and the protection of Android's ecosystem.

Final Thoughts

So what happens now? First, it's important to recognize that totally stomping out app piracy is a pipe dream. Jelly Bean saw the introduction of device-s pecific app encryption in an effort to slow piracy, but the latest available distribution numbers show that just 1.2% of Android devices (approximately 4.8 million devices) are running Jelly Bean so far. Further, existing licensing methods can be broken.

As Eric explained in his analysis of the Android piracy problem, when and if Google manages to open up paid apps to China, it will still have piracy issues to face. It is unlikely that existing piracy sites and markets like Nduoa and Aliyun's app store will simply zap out of existence, and there will still be Android forks floating around with users that are willing to get a hold of Play Store apps however they can.

The overall point here is that, despite the probable persistence of piracy, Google's response to Acer's proposed union with Aliyun is completely understandable while Google may not be able to quash piracy once and for all, it recognizes that turning a blind eye while an Open Handset Alliance member releases a platform that copies Android and steals from its app and developer ecosystem is not a good starting place.

0 komentar:

Posting Komentar