Windows Phone Marketplace Anti-Piracy Model[1]

Windows Phone Marketplace Anti-Piracy Model Marketplace Anti-Piracy Model
Microsoft Corporation November 2010 Version 1.0 Applies To: Windows® Phone 7

© Microsoft Corporation. All Rights Reserved. This document is subject to updates.

Information in this document, including URL and other Internet Web site references, is subject to change without notice. Unless otherwise noted, the companies, organizations, products, domain names, e-mail addresses, logos, people, places, and events depicted in examples herein are fictitious. No association with any real company, organization, product, domain name, e-mail address, logo, person, place, or event is intended or should be inferred. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. © 2010 Microsoft Corporation. All rights reserved. Microsoft and Windows Phone are trademarks of the Microsoft group of companies. All other trademarks are property of their respective owners.

© Microsoft Corporation. All Rights Reserved. This document is subject to updates.

Contents
Windows Phone Marketplace Anti-Piracy Model....................................................................................... 4 Introduction .......................................................................................................................................... 4 Application Lifecycle in Windows Phone Marketplace ........................................................................... 4 Leak Prevention ................................................................................................................................... 6 Leak Containment ................................................................................................................................ 6 Future Anti-Piracy Enhancements......................................................................................................... 7 Conclusion ........................................................................................................................................... 7

© Microsoft Corporation. All Rights Reserved. This document is subject to updates.

Windows Phone Marketplace Anti-Piracy Model
Introduction
Anti-piracy protection is important for application developers who want to protect their investments and intellectual property (IP) from those seeking to install their software without the expected payment, to steal and reuse proprietary code or resources, or otherwise to benefit illegally from their software. Microsoft understands the importance of IP and has a long history of developing protection strategies for its own software and services and those of third-party developers. Windows Phone 7 and Windows Phone Marketplace are no exceptions. This whitepaper provides an overview of the application lifecycle and components of the anti-piracy strategies offered by Windows Phone and Windows Phone Marketplace. Here is the list of sections: y y y y Application Lifecycle in Windows Phone Marketplace Leak Prevention Leak Containment Future Anti-Piracy Enhancements

Application Lifecycle in Windows Phone Marketplace
To better discuss anti-piracy features for Windows Phone applications, let¶s start with an overview of the application lifecycle, followed by leak prevention and containment. Throughout the submission and publishing application lifecycle, measures are taken to contain applications in the service and on the phone. 1. Developer Registration The first step for a developer is to register in App Hub. As part of this process, the developer provides contact, tax, and payout information. The process includes identity validation and verification of developer information. This is an important step in helping to reduce piracy and IP theft by knowing who we are doing business with. When identity validation is completed, the developer can start submitting applications for certification and use the device unlock service to enable testing. 2. Application Submission Process When a developer is ready to release an application, the next step is to submit it to Windows Phone Marketplace. During the submission process, the developer specifies the target markets, pricing, whether or not the application has a trial mode, application metadata, and whether the application should be automatically published to the Windows Phone Marketplace catalog after the application has passed certification and static validation. App Hub uses technologies to help securely upload the application. The application is initialized with metadata that is linked to the publisher, whose account information is already validated. 3. Certification and Static Validation Once the application is uploaded, it passes through a series of manual and automated tests to check compliance with the requirements specified in the Windows Phone 7 Application Certification Requirements. The application code is tested and repackaged, but the code in proprietary assemblies is not examined directly or modified. If there is any failure during certification, the developer is notified and provided with details and recommendations.

© Microsoft Corporation. All Rights Reserved. This document is subject to updates.

4. Publishing When the application passes certification testing, the application is repackaged and signed. Windows Phone can only run applications that are signed in this manner, unless they have been unlocked for development purposes or specifically modified to circumvent this protection. The signed application can only be installed on retail devices (unless it has been modified for the purpose of circumventing this restriction). The signed application is now eligible for publishing to Windows Phone Marketplace, which is the single distribution channel for all applications and games that can be installed on Windows Phone. Providing a single distribution channel helps to reduce piracy and it increases the discoverability of applications and games that are available for Windows Phone. 5. Installation and Execution Each application is installed and executed within its own unique sandbox. Any state or data stored by an application is held in isolated storage that is tightly bound to the application. During installation, a license that validates execution rights is acquired for the application. The license is issued for the specific device and the specific Windows Live ID account associated with the Marketplace account through which the application was acquired. The license is stored on the device and contains information identifying the actual code delivered as part of the download. When an application is invoked, the loader obtains the license and verifies (a) that the application code matches the application code indicated on the license and (b) that the license specifically allows for running the specific application on the specific device. If the match is successful, then the application is loaded and run on the phone; if no license is matched to the application code, the application invocation fails and the application will not run. 6. Updates A developer can publish updates for free to their published applications. Updates appear to users within the Marketplace experience, and are optional for the user to download. The application lifecycle of an update is the same as the original, except that the isolated storage of the previously installed application is retained and bound the newly installed update. For users who never installed the original, the update is installed as if it were the original. 7. Developer Registered Devices To run on a phone, an application must be signed with a Microsoft certificate and matched to a license acquired from Windows Phone Marketplace at installation and the license must specifically allow running of the specific application on the specific device. However, a developer who has a valid registration in the App Hub can unlock a phone to run unsigned applications. To unlock a phone, you must register your phone using the Windows Phone Developer Registration tool. The number of phones that a developer can register to unlock is limited, typically between one and three devices. Phone unlock is intended to allow a developer to deploy their own application to their own phone tethered to a PC for testing purposes. Like retail phones, these unlocked phones require a license to download and run signed applications (whether acquired from Windows Phone Marketplace or from an unauthorized source). In addition, the number of unsigned applications that can be installed to an unlocked phone is limited to discourage any abuse of phone unlock for non-development use. 8. Removing an Application from Windows Phone Marketplace Catalog A developer may decide to remove or un-publish a currently published application from the Marketplace catalog, which makes it unavailable to new users browsing the Windows Phone Marketplace. Previously downloaded versions of the application remain on the users¶ phones.

© Microsoft Corporation. All Rights Reserved. This document is subject to updates.

9. Application Revocation Microsoft reserves the right to remove applications from Windows Phone Marketplace and to disable installed versions from running on the phone. Removal of an application from the Marketplace catalog prevents any new user from acquiring the application from Marketplace. Disabling or revoking an application prevents it from running on phones on which it is already installed. Microsoft will only consider disabling applications in circumstances specified in the Windows Phone Marketplace Application Provider Agreement.

Leak Prevention
Leak prevention is intended to keep the contents of an asset or secret, in this case the application package, protected for as long as possible. Leak prevention systems are not perfect, however, and their effectiveness typically is sustained for only a limited period of time. Investments in leak prevention systems must be justified by a cost-benefit analysis, taking into account the costs of additional enhancements and the risk that individual(s), acting with malicious intent, will actually dedicate resources to attempting to defeat the leak prevention system. Microsoft has implemented many steps outlined in this whitepaper to help prevent unauthorized access to applications. We believe that these steps are consistent with industry standards, and Microsoft has entrusted its own applications to this system. That said, we do not encrypt applications stored on the Content Delivery Network (CDN), and it is possible that someone could discover the unpublished and unique URL at which the CDN is accessed. Publication of the URL could allow users to download unencrypted applications. However, for retail Windows Phone users, these applications will not be usable because they are not obtained through Marketplace, and do not have the license needed to run on the phone; unlocked and jail broken phones could run these files if they were further modified. To reduce the risks associated with the circumvention of the Marketplace leak prevention system, Microsoft recommends that developers obfuscate their applications prior to submitting them to Windows Phone Marketplace. Obfuscation tools, like the Dotfuscator product recently announced for Windows Phone 7 applications, are currently available at no charge from PreEmptive Solutions. The use of obfuscation tools on applications is recommended as time-tested best practice for protecting IP developed in a managed code environment (although it is widely recognized that obfuscation cannot completely prevent reverse engineering). The obfuscation of Windows Phone 7 applications does not affect compliance with the Windows Phone 7 certification requirements.

Leak Containment
If a leak prevention system is circumvented or compromised, leak containment measures statistically mitigate the impact of the content leak (in this case, an application) by reducing the usability of that content. The goal of leak containment is to require a significant effort before an individual can use the leaked application. For Windows Phone 7, the requirement that each application on the phone is matched to a license acquired from Windows Phone Marketplace during installation provides significant leak containment because it generally renders applications obtained through a leak unusable on an unmodified (or non-jail broken) Windows Phone 7. This leak containment measure is altered slightly in the case of developer registered phones described above. However, the number of developer registered phones is limited, the number of unsigned applications that can be installed on an unlocked phone is limited, and all signed applications on an unlocked phone still require a license acquired through Marketplace to run.

© Microsoft Corporation. All Rights Reserved. This document is subject to updates.

Future Anti-Piracy Enhancements
As Windows Phone evolves, we will continue to evaluate and invest in enhanced anti-piracy measures to respond to contemporary threats. The goal is to continue enhancing both Windows Phone and Windows Phone Marketplace as industry norms evolve and to continuously improve the value proposition of the application ecosystem for our developers.

Conclusion
The current and future Windows Phone and Windows Phone Marketplace anti-piracy strategies for application developers help to protect their creation from unauthorized copying and distribution. The main benefits of this solution are: y y y y Leak prevention and leak containment features that are consistent with industry standards. Recommended best practices for the use of obfuscation for applications developed in managed code. There is a limited surface area for developer registered phones. Microsoft is always working on updates to our products and services, and security improvements are part of our work.

© Microsoft Corporation. All Rights Reserved. This document is subject to updates.