iPhone App Hijacks Tweets, Wrongly Shames Users
A Japanese maker of expensive dictionary apps for iOS has earned the scorn of many customers after the apps hijacked their Twitter accounts and posted shameful "confessions."
"How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession," reads the offending tweet, which was replicated on thousands of accounts.
The embarrassing tweets affected purchasers of several apps made by software developer Enfour, whose apps sell for as much as $55 — a high price to pay to have your Twitter account hacked.
The Twitter trick was aimed at outing only those who actually had pirated the software, but a "glitch in the anti-piracy measures," as vice president of communications Tracey Northcott described it, meant it hijacked paid users' accounts as well.
At first the "glitch" was thought to affect only jailbroken iPhones whose users had patronized an unauthorized market for pirated apps. But it soon became clear that non-jailbroken iPhones were also affected.
"The latest version displays 'I'm a software thief' as a notification, says to run the app in safe mode, and then crashes," wrote a Hacker News commenter who said his phone had not been jailbroken.
An open letter of apology from Enfour states that the "anti-piracy module" of the affected apps was replaced with patched versions on Nov. 1. However, some users have reported the unauthorized tweets continuing to appear even after updating to the latest versions.
"We can't thwart truly determined hacker & crackers," Enfour said in its letter. "We wanted to possibly shame those who were opportunistically stealing our software. Just like installing a shoplifting alarm in a store, we thought we were being creative with a notification and a timed tweet for users of a cracked app."
Enfour makes one thing clear: Its apps were built to intentionally trick users and post to Twitter without their consent. So why are they still in the App Store?
The anti-piracy "feature" would appear to violate Apple's own App Store Review Guideline (rules 2.3 and 2.4), which say "apps that do not perform as advertised will be rejected" and that "apps that include undocumented or hidden features inconsistent with the description of the app will be rejected."
But instead of simply removing the offending apps and temporarily banning the developer, as it has done in the past, Apple helped Enfour quickly replace them, according to Enfour.
Apple did not immediately return a request for comment.
"As soon as we realized there was a problem, we corrected it by removing the anti-piracy module and [are] working with Apple to get the patched version online for download," Enfour's letter said. "It was available before close of business on November 1."
To explain Enfour's actions, Northcott tweeted stark numbers.
"Only 25 percent of our apps in use are legitimate copies," she wrote. "Piracy is threatening the survival of all independent devs."
But when software companies hijack customers' Twitter accounts to combat piracy — or for any other reason — it's hard to tell who the bad guys really are.
Follow Ben on Twitter @benkwx.