lolloj - Fotolia

App development companies fight back against digital piracy

How can digital companies protect their IP against a tidal wave of smartphone boosted piracy? Is digital rights management software effective enough, or is it better to adapt your business model?

This article can also be found in the Premium Editorial Download: Computer Weekly: Keeping app pirates at bay

With the rise of the smartphone, so too has there been a rise in digital piracy. While some organisations claim piracy is rampant across all platforms, design product studio Ustwo announced earlier in 2015 via Twitter that only 5% of its Monument Valley installations on Android were paid for, compared with 40% on iOS.  

So how can developers protect themselves from piracy?

One tactic developers can employ is to install digital rights management (DRM) in an application. However, although DRM can be successful, it is also a notoriously unpopular method. Author and digital rights activist Cory Doctorow believes DRM removes ownership from the user as they can be locked out of their own purchases due to registration problems, for example.

Nonetheless, installing DRM does offer some protection against attempts to reverse engineer the code and acquire the developer’s intellectual property. These tools are run after the coding is finished to inject protection software that changes the code (using control flow obfuscation) and detect any attempts to change it.

Harnessing the update cycle of smartphone applications improves app security, says Winston Bond, the European technical director at Arxan Technologies.

“If someone is trying to reverse engineer [your code], they will keep getting knocked back to the beginning each time a new build is released,” he adds. 

If there is an update every two weeks, then users are forced to use the update, meaning someone would only have a narrow window of opportunity in which to crack it. The more often the app is updated, the more secure it will be.

However, a drawback of DRM is that it can lock content into using a specific system, which can cause issues for customers when they try to use a different system.

Another method of protection is threatening legal action against people found to be illegally downloading, as it allows developers to seek compensation, while also acting as a deterrent for those considering it. 

But one must go about this with care, as the tactics once employed by intellectual property law specialists ACS:Law in 2009 have since been widely criticised and described as “blackmail” by Lord Lucas in a debate at the House of Lords.

Targeting website owners, initial uploaders and repeat offenders is a further tactic, but these require additional time and costs, which the subsequent settlements cannot always match.

“Legal systems have not caught up with the interconnected modern world,” says Patrick Klug, co-founder of Greenheart Games. “I don't think there is any value in suing someone. The answer lies in education, not punishment.”

An example of this philosophy lies with the targeted landing page of the website for Greenheart Games. 

“It is often the most visited page on our site and we hope it convinces people that paying for games is worthwhile,” says Klug.

Piracy as indirect marketing

Although digital piracy means a loss of sales, it can also serve as an indirect form of marketing. 

Foo Fighters vocalist Dave Grohl has said in an interview that the band is not selling as many records as before, but continues to sell out stadiums “because the people are getting the music somehow and coming to the shows”.  While not a software developer, Grohl nonetheless operates in an industry that is similarly adapting to piracy by seeking new revenue streams.

Of course, piracy does not purely equate to a loss of income, as it can also impinge on the developer’s intellectual property, with some applications being downloaded and cloned. 

The subsequent downloading of cloned versions often comes with embedded malware, which infects the user’s smartphone. While this may seem like a justifiable consequence of downloading these cloned apps, it can also negatively reflect on the developers.

There are currently no robustly secure methods of preventing cloning, as once the application has been downloaded people are able to examine the code. Pocket App’s client director Milo Trzcinski recommends all clients should “introduce a level of security that is industry-standard encryption”.

When it is a proprietary algorithm that needs protecting – which some might wish to steal or re-use in their own applications and sell – Trzcinski recommends moving the algorithm from the app code to the server. 

Read more about fighting digital piracy

  • Organisations can prevent software piracy and protect intellectual property with licence keys and anti-piracy packages.
  • The CPS drops its case against a teenager charged with illegally uploading music to a file-sharing website. 
  • France ends its controversial policy of cutting off suspected pirates from the internet.

“The algorithm is not stored in the code, but in the cloud. That way people cannot get their hands on proprietary information,” says Trzcinski. 

However, installing algorithms in the cloud means users will need to connect to the internet to use the apps. This will not be a problem when users have access to Wi-Fi, such as at home or in the office, but when they are using mobile internet it will be dependent on signal strength and the capacity of their mobile data plan.

Developers will need to weigh how and where the user will typically want to access the app against how important it is to protect their algorithm. For apps typically used at home, such as health or media apps, this cloud method is an effective form of protection

However, if navigation apps were to connect to the cloud for map data, then users could find themselves burning through their data allowance or being unable to connect due to poor signal coverage.

Regardless, Arxan's Bond advises caution in becoming overly reliant on the cloud for app security. 

“We have customers protecting their server software because they do not trust the people who run the datacentre. If you want to keep your software secure from IP theft wherever it goes, you need to protect it,” says Bond.

Freemium model

Andrew Ferrett, managing director of Brightec, recommends clients follow the freemium method. 

“I had one client who placed a high value on their data and therefore applied a significant price on their app. The result was that the final number of downloads was incredibly low. If it had been distributed for free with premium options, it would have been quite different,” says Ferrett. 

Venture capitalist Fred Wilson famously summarised the freemium business model on his AVC blog in 2006.

“Give your service away for free, possibly ad-supported, but maybe not. Acquire a lot of customers very efficiently through word of mouth, referral networks and organic search marketing, for example. Then offer premium-priced value-added services or an enhanced version of your service to your customer base,” he wrote. 

Companies such as EverNote and Dropbox have embraced the freemium business model for their applications. Casual and small business users are able to use the basic version of these applications for free, with larger companies and those wanting the full version offered a monthly subscription service.

There are a multitude of avenues by which users can pay to upgrade the apps for premium content, from credit and debit cards to PayPal and bitcoins. However, Trzcinski believes “running everything through the app stores and using their payment methods is the recommended revenue stream for freemium”.

This freemium business model ensures the intellectual property for the developer’s applications remains untouched, as the service has been offered for free. Furthermore, the brand is spread further than any promotional campaign could reach. 

The key to a successful freemium strategy is to use this enhanced visibility to demonstrate not only how useful a service is, but also to convince people of the benefits of subscribing to the enhanced features.

Trzcinski similarly endorses the freemium business model, observing it has been “shown to reduce piracy and improve revenue rates for quite a lot of companies”.

Adobe Systems is another company that has abandoned the one-off payment, opting instead for a subscription system. 

Rather than a single initial payment of £1,800 for the latest version of its packages for professional creators, which would need to be renewed approximately every three years, Adobe Systems is instead offering users various subscription models. These subscriptions vary from £8 a month for the latest version of Photoshop, to £45 a month for the entire package, which includes mobile applications.

This subscription method means businesses will no longer need to buy the latest version of the software. It also offers a more attractive pricing policy for users who may have been deterred by the initial high expense. 

Despite the early scepticism of existing users, Adobe Systems Software has been reporting an annual increase in its profits.

Yet, the online subscription method is not without its flaws. Adobe suffered an outage to its online subscription system in 2014, which meant customers were unable to access the products they had bought until the back-end service was restored. 

Developer Six to Start has had little trouble with app piracy, despite the success of its app Zombies Run and the subsequent media attention it accrued. It is also exploring the viability of new revenue streams with branded merchandise, such as T-shirts, which further increases profits, as well as raises awareness of the app.

The merchandising route is not just available to games developers. Evernote similarly offers branded products, such as the Scansnap scanner, Jot Script stylus and Isar Rucksack.

Like in-app advertising, merchandising must be an appropriate and thematically suitable accompaniment to be successful. For example, a fitness application offering water bottles would be more appropriate as merchandise than cushions.

The ad-supported route is another means by which developers can freely distribute apps, while also seeking to monetise their app. 

Such as with the freemium model, this reduces the risk of your intellectual property being infringed, as the app is freely distributed yet maintains a constant revenue stream from the adverts. Care must be taken to ensure the content is appropriate for the intended audience and the adverts do not impinge on the users’ experience of the app by dominating the screen. 

Piracy is here to stay, whether we like or not. It has become such an endemic part of our culture that attempting to fight it has ultimately become cost-prohibitive. 

Instead, seeking ways to embrace these digital distribution methods and discovering new revenue streams, as well as employing freemium payment models, will allow innovative companies to not only survive, but thrive in this land of the free.

Read more on Content management