I've seen the other side of too many of these stories not to be skeptical, if not outright cynical. Let me explain.
1. There are no absolute sales figures here. It may be that the game sold dismally and a story about piracy might have gotten them developer a ton more PR than the game ever would've;
2. The issue in this particular case is not number of copies (pirated vs non-pirated) but the amount of hours spent from pirated vs non-pirated. Even that doesn't tell the whole story. Perhaps this game required a critical mass of users (some do)? If so, pirated users might ultimately be beneficial.
Also, when it comes to piracy there are a lot of people who download a lot of pirated content and then never look at it or they might try it once. Just getting the pirated content itself becomes a game;
3. How expensive is it to maintain a server on a per user or per user hour basis anyway? It seems quite likely a single machine can serve thousands if not tens of thousands of users as a conservative estimate; and
4. Are they shuttering the game or just overhauling the authentication model? If they plan on rereleasing it then the publicity of (1) becomes even more likely.
Like I said, I've seen a number of one-sided stories now where I've known something about the other side and as sympathetic as someone can make their case, believe me--generally speaking--there is a lot they don't tell you.
Also, don't discount the possibility of internal politics. It's a lot easier for a product lead to say "we had to pull this because of piracy" to his or her boss or board than it is to say "we made a game that no one bought".
The other huge thing to note here is how few current users are jailbroken. The current jailbreak is a version behind the current OS, so the number of people running it is waaaay lower than it could be. If this was posted while a jailbreak was easily available for the current os, then I could totally believe that the number of pirated copies was an actual issue (as its happened in the past.) but right now? I highly doubt it, especially since those who pirate apps are a smaller subsection of jailbreakers, and with fewer jailbreakers it's just too unlikely.
Was there no registration or anything to join the servers? If they have a browser game business, there must have been some sort of account management in place already?
Are they going to re-release with a different user scheme, or are they reimbursing customers now?
In any case, it's pretty shitty for them. Tbh I wasn't even aware that piracy was such a big issue in iOS. Good to know.
Precisely. Surely you can give each purchaser a unique code (hash of transaction number?) to connect to the server with, and only allow one connection per code at a time. (I don't do iOS dev, but I assume this is trivial.)
If they can tell who's pirated vs who hasn't (I assume they can), it seems like something is missing. Is it too cynical to suspect a marketing ploy to grab headlines?
They don't necessarily know who has pirated and who hasn't. They might just see that there are e.g. 100K people registered on their servers, and they only had 10K sales.
The code given to Apple is not modified at any point before sent to a device. The code is also duplicated onto itunes, which is how you can so easily crack it.
The only way I know of to identify each and every purchaser is to use in-app-purchases.
The problem is that it is hard (impossible) to tell from within an iOS app if it has been purchased legitimately. If you want to give users the convenience to buy the app for $.99 and then start playing, then I don't think you have a chance to add any meaningful validation. I wonder how it would've worked with subscription IAPs. I would guess that they are a big psychological problem to potential legit players. This would have been a great chance to find out.
In my experience, piracy on iOS varies a lot with the region, too. The majority of my analytics come from China with only one(!) copy ever being sold there.
I have seen a lot of small shops in Thailand that feature iMac's with iTunes accounts that are loaded with apps. People go there, pick out the apps they want, leave their phone there for an hour or so and then pick it up again for a very low fee.
I'm not sure if all of those phones are jailbroken, or if they just use a single iTunes account to synchronise with hundreds of phones.
I believe the restriction is that each iTunes account can be synced to 10 devices, and each device can sync with 5 iTunes accounts. So it's very likely that those shops are jailbreaking the phones and installing pirated apps.
Apple Game Center is heavily integrated into iOS and provides all sorts of validation features. Surely the devs could just re-release and force users to authenticate through Game Center?
Also - any idea if the honest paying game payers are going to be compensated? In future they'll see paying for a game as i) paying for a weeks worth of play ii) pirating it for a weeks worth of play. You mustn't punish genuine users because of others behaviour...
Why can't they distribute the game app as a free client for an online service with paid accounts? That would seem to be the simplest and most obvious way to curtail the piracy. Especially given that they do have an online component of the game anyway.
It complicates the process,and when you make paying for something more difficult, people are less likely to do it.
I'm surprised that the company can't simply do a 'phone home' procedure when online services are tried though, verifying through App Store API's (if they exist) or by making their own things. Does anyone know how feasible that is ?
It's totally feasible, the problem is whether the people who are distributing the pirated version are also capable of cracking the client the same way e.g. Photoshop cracks work to nullify phone home checks.
Fighting piracy always comes with an effort/reward calculation like that.
If it's an online game, the license check is performed on the server side and no amount of clever client cracking won't get around that. When you buy a license, the licensing server associates some sort of ID with your installation, the same ID that must be presented to the server for an online play. No valid license -> no valid ID -> no online play. That's how all massive online games with free clients work. Easy-peasy. The question here is what can be used as an ID in case of iOS games, but, again, this is a solvable problem.
Moreover, the same scheme applies to the standalone software, except there's an extra step involved with strengthening the executable against any modifications. What Photoshop did is the lamest thing possible (and I think it's a valid theory that they did it on purpose to facilitate the piracy rather than to curtail it). A simple option is to sprinkle 100s of conditionals around the code (with a simple pre-processing script if need be), do not issue any sort of messages, but instead just make the code corrupt heap, stack and do other things that would cause the program to go down after a while. Then simply sign the executable. This is very effective. For every complain in the support forums that the program crashed (and a crash dump that shows the absence of a valid file signature), there's a automatic reply that it's a cracked copy, you get what you paid for.
It sounds like you have a lot of experience in this area. I admit I've only really touched on it before on projects I've worked on. Do you know if there's any good books or online guides on this subject, as I find it quite hard to devise these systems myself?
You may want to go through fravia.org archives. It's old, but basic protection principles don't change that quickly (or, looking at it from the other end, rudimentary cracking techniques are the same as well).
I've seen games do that, mostly Gameloft's, but it's not perfect (the message was shown to me when I restored my backup with a legitimate copy to another, new device, and wouldn't let me play it. Needless to say, I was annoyed).
I'm guessing they're using the device's UDID (or some roll-your-own analogue).
One solution might be to let the user tie their copy to an external authentication service (Facebook, Google, some other OpenID provider). If you wanted to minimize user hassle, you could only require this step if the user wants to move the game to another device (and of course you could limit the number of devices allowed at any one time, similar to Apple's authorize/deauthorize for devices). An inconvenience, sure, but not as annoying as not being able to move the app at all.
Note that I'm not saying that this is THE solution, just the one that comes to mind immediately.
It is funny, I without hesitation felt sorry for the devs. But then I recalled sighing at the attitudes of News Corp with The Daily.
It's the same principle, taking a business model that might have worked in the past and forcing that square peg in to the round hole.
They have a good game, that engaged people, even at a price point of zero that seldom happens. Hopefully they will be able to think of a way of making money to sustain it.
Hopefully not the whole freemium thing, as a gamer I hate that.
What was wrong with the business model of The Daily? What business model should they have chosen? They were using (then brand new) subscription IAPs in the App Store, which were designed as the square hole for their purpose.
I agree that the business model of the game devs is "wrong" because they were trying to charge one-time fees for lifetime server support. What if there had been no pirates, but paying players had played for 10 months instead? Would that have caused the same server issues?
But that is a calculation that seems to work okay-ish with better DRM (or at least it worked great for Diablo 3 in the first weeks - I stopped tracking it after that).
I don't get why he pulled it. Surely N / 10 (where N is some positive integer) will always be better than 0?
What is more interesting here though is that (AFAIK) the only way to run pirated iOS games is to jailbreak your phone/tablet. I'm going to assume that waaay less than 90% of iOS users jailbreak their phone.
So this either means that people who are interested in iOS games are far more likely to jailbreak that people who aren't gamers (not an unreasonable hypothesis but 90% still seems high).
Or there's something about this particular game that makes it especially appealing to jailbreakers?
I wonder if a solution to that might be to take what I will call the "counterstrike model" where the game developer doesn't necessarily have to run all of the game servers themselves.
In other words , when you run the game you get a selection of servers to play on. If you want to play on the official servers you need an account from the developer (which you get when you buy it) but if you are a pirate user you get to run on any of the unofficial servers only. Of course paying customers will be able to use either official or unofficial servers.
Simplest way would be to automatically email the customer a link with a long randomly generated number (only valid once) when they purchase, when you hit that URL it prompts you to set a username and password.
I have no idea, not an iOS developer. I assume there must be some API or email proxy that you can use to contact customers if they don't reveal the actual address.
I don't think there is a way to get any details at all about a specific purchase on the app store except when using in app purchases.
When using in app purchases you will get a receipt from apple that is signed with their certificate that you can process and send to your own servers to limit pirates from accessing the servers.
That depends on whether or not there is a cost per user. If there is a server-side component checking for cheating or multiplayer functionality (from what I gathered by skimming, there is), and whether they are using 3rd party support services (bug reports, notifications, whatever).
If any of the above are true, they are paying for people to steal from him. On top of that, there's nothing worse than knowing you spent a lot of time building something to have people steal it from you because they're too cheap to drop $1, $5, $10 despite how much time or return it gives them.
One of my company's most popular (Android) apps has a 50% piracy rate and it irritates me to no end.
Regarding your first line, my initial response was exactly the same on reading the title of the submission on here. But before commenting I read the article and came across this:
"A multiplayer game like Battle Dungeon requires servers to host matches – servers that Hunted Cow has to pay to maintain. ”If they were all legitimate sales, it would have given us the resources to work on it further, however the way it was going it just wasn’t viable.”"
That seemed like a reasonable explanation to me. Since I assume you too read the submission before commenting, I'm interested what part of the above explanation you disagree with.
I'm not an iOS dev, however I remember that games on the playstation sometimes requires updates to be allowed to play on the servers.
So one way of combating piracy would be to release updates weekly and disable access for the old version after another week. Yes, the pirates would be able to keep up, but updating apps is a much bigger hassle for pirates than for those who purchased the app.
There's starting to be a pushback against developers releasing games for free and monetising through IAP if appears 'excessive', and required for the game. I've seen more than a few comments levied about it, essentially there's a reasonably vocal group who don't want to pay more than 79p for games, and don't want IAP to be necessary for their enjoyment.
I don't think they were naive, but they probably didn't expect the piracy level to be quite as high as it would be. Doing server-side blocking for pirated stuff is reasonably difficult, as successfully detecting who's pirated and who's not can occasionally go wrong and burn the paying customers.
> There's starting to be a pushback against developers releasing games for free and monetising through IAP
If a free app is a demo and IAP is a one-time upgrade to the full version, then it's reasonable and perfectly acceptable. This is, arguably, what the IAP were actually designed for - a nextgen support for try-then-buy software.
The pushback is typically aimed at tacky milking practices - "a satchel of coins for $5.99, a pot of gold for $15.99, etc". You either release a limited, but self-contained playable demo, or a fully functional game. Anything that falls into a stretch between these two feels like a sleazy bait-n-switch kind of deal, hence the pushback.
Hmm... I personally don't have a problem with a game that requires significant ongoing expenses on the part of the company (e.g., servers) charging for that, whether through IAP or some other means. Otherwise you'd have to charge enough up front to pay for the servers in perpetuity (or at least as long as the expected lifetime of the game).
If the game is self-contained, sure, I see your point, but even there I'd make an exception for "major version"-level changes -- you should let your existing customers have a price break if possible, but maybe not give it to them for free.
That seems to be one aspect, but I've seen games getting railroaded for having a limited aspect with a pay to access additional functionality, and people saying "I'd prefer to have paid X amount for this app not IAP", even in cases where devs have made it free to get more traction.
I personally think companies releasing apps now should be bold enough to stake it and go "it's $10". Square Enix are, it seems to be working for them, sometimes.
For what it's worth I personally don't even look at free games anymore, because there's always a catch. So, yeah, I guess it's a form of a pushback due to the massive abuse of IAP that doesn't align well with user's genuine interests.
Payment models like the one Carcassonne do: one payment for each "expansion" sound entirely valid. We're not talking $0.99 items, more like $2-$5 per expansion.
I have paid for the app and for each expansion, as I love the game. Still a low fixed-fee, as opposed to the MMO "buy virtual crap" model that seems to give IAP a bad name.
Perhaps there's a middle ground? More like "pay to attend events/quests/goals where the MMO part is accentuated (think virtual concert), but "most other stuff is free"? Something that gets those who like the game more to pay into it gladly while still leaving something on the table to get the casual person interested.
I imagine if they've pulled the app they'll probably have to go through a refund procedure, but I'm not 100% on that as it's a pretty rare and odd situation.
You nailed it.
The most viable business models seems to be when a product is free to obtain and the revenue comes from advertising, in-product additions and/or selling services which are connected to a server.
I agree, but you cannot just take a product and apply a business model to it. If you want to milk IAPs, you need to design your whole game around it. Cramming ads onto a 3.5" phone screen isn't always easy either. Subscriptions (the fair model to pay for a server) might scare people away.
Looking at the top grossing games on the Oz App Store, I wonder if the trick is not simply "don't be a small player": http://i.imgur.com/9S1yx.png?1
Could a small team handle the traffic and meintenance needed for a freemium game?
Whether that's true or not, I hate most freemium games. Sell me the game or find a way to have me endure ads, but I won't be buying in-game points soI can make my brown cow purple or whatever. I also don't like spamming friends to earn the points needed to purplefy my cow. In general I've never met a freemium game that compelled me to pay after install.
Or rather you're so difficult to sell too that it's not worth the effort. Perhaps there are a load of people out there who will pay for the things you won't, even if they're relatively small in number they're potentially much more lucrative?
There's other models besides Zynga and facebook spam.
Giving the client software away for free and charging for access to official servers has been done for years successfully by Eve online and other games.
I can't believe their solution is to not run an online multiplayer game. That's the ONLY kind of game you can assure 100% payment for. They just fail at development. This is a known and solved problem. Look at WoW. You have to log in with a valid account to the game server to play online with people. Yes, it's a slight barrier to entry. Oh well, deal with it, it gets you 100% paying customers. This is not hard.
No, if the authenticity check is client side you can hack the asm to neuter it.
If it runs server side you can redirect those packets (often as simple as changing HOSTS file) to a server that you control which can be set to always say "yes, you are legit!"
This is why a lot of games are now removing LAN play, because if you can run the pirated game on a LAN you can use a VPN to turn it into an internet game etc.
The issue with games however is that often all the actual content and game that you want to get access to actually lives on the client. For example Call of Duty singleplayer campaign. If you have most of your interesting stuff on the server (e.g WoW) then of course it makes sense to do checks server side.
This is why DRM is fundamentally broken for singleplayer games (or music , or movies) in that you have to trust the client.
Your choice is either to do as these guys did and run all the servers themselves in which case you need to factor the lifetime cost of running the servers into the purchase price or charge subscriptions.
If you ever take the game servers offline the game then becomes unplayable and will preclude modded servers (which were fun in games like CS) and LAN play. There's till a risk that if your game is popular enough someone will reimplement the server.
So the other way to do it is to allow third party servers or build the game to work on a type P2P system (I think a lot of xbox games still work this way). At that point you are basically back to the original problem.
I was wondering the same thing. If there's a central server, I presume you need an account to access it. The it seems you'd just check for having purchased the app and limit the number of simultaneous per user 1 (or a small upper limit).
If the game is fundamentally built in such a way that the gameplay requires everyone to be on one set of servers (e.g WoW) then you can prevent piracy by strictly controlling access to those servers.
For example if you wanted to pirate WoW you would have to reverse engineer the game to the extent where you could implement your own WoW server from scratch which would be a huge amount of work and you would have a situation where pirates would only be able to play with other pirates.
If on the other hand the server is used only to verify authenticity then you simply have to re-implement the authenticity part (easy because you only need to genereate a 'yes' response). You also have to make the client redirect some of the traffic to the fake server (easy to do).
Many games with centralised authenticity servers still run on a fairly P2P system for running the multiplayer itself (i.e the game is actually hosted by one the players). This means that you already have the server software built into the client so that part doesn't need reimplementation.
And there was ways and means around that, the problem being it's a partially solved problem. Every step that's taken to solve it is broken pretty shortly after, short of sending a man with a gun to watch every single person playing and establish ownership it's not going to be a completely solved problem.
Probably the best solution would be to switch to recurring in-app subscription to the online service. This is I think easier to verify and harder to pirate and should align the revenues with the costs (avoiding getting nice sales up front and not being able to sustain the servers in 18 months time).
Some hacks might work if they don't want to go down this route like issuing an update that contacts the server for a unique ID on first run and treating those that don't update quickly as suspicious - request them to email the iTunes receipt or something.
How quickly is regarded as suspicious could be worked out by looking for when there is a divergence between installs (and unique ID requests) and the daily update totals the app store provides. Duplicated IDs should be easy to detect it they access the service later.
The game could have an in-app payment, whose receipt is checked server-side. Then access to your game is as secure as your server (and its interaction with your app). Still hackable, but not trivially.
> and if this story serves to scare off would-be iOS devs, then we’re all poorer for the actions of a few.
According to these numbers, the few seem to outnumber the many 9-to-1. As a software developer and someone who doesn't mind paying for good games, the state of affairs saddens me a great deal, but it would be hypocritical to blame this on the fringe "one-per-centers".
The great fallacy here is the notion that you would sell more without piracy.
Piracy at least brings you publicity. Even if you would somehow be able to ban all piracy, in the best case you still would only have that one sale out of 10.
Pulling the game from the store was a pretty stupid move. If I really wanted to play that game now I have no other choice but to - you guessed it - pirate it.
That's not obviously a fallacy. You're assuming that it's impossible that some percentage of the pirates would pay if piracy was eliminated. That seems like too strong an assumption.
If even 10% of the pirates end up paying, that's a 100% increase in sales, so the implications of that assumption are not small.
1. There are no absolute sales figures here. It may be that the game sold dismally and a story about piracy might have gotten them developer a ton more PR than the game ever would've;
2. The issue in this particular case is not number of copies (pirated vs non-pirated) but the amount of hours spent from pirated vs non-pirated. Even that doesn't tell the whole story. Perhaps this game required a critical mass of users (some do)? If so, pirated users might ultimately be beneficial.
Also, when it comes to piracy there are a lot of people who download a lot of pirated content and then never look at it or they might try it once. Just getting the pirated content itself becomes a game;
3. How expensive is it to maintain a server on a per user or per user hour basis anyway? It seems quite likely a single machine can serve thousands if not tens of thousands of users as a conservative estimate; and
4. Are they shuttering the game or just overhauling the authentication model? If they plan on rereleasing it then the publicity of (1) becomes even more likely.
Like I said, I've seen a number of one-sided stories now where I've known something about the other side and as sympathetic as someone can make their case, believe me--generally speaking--there is a lot they don't tell you.
Also, don't discount the possibility of internal politics. It's a lot easier for a product lead to say "we had to pull this because of piracy" to his or her boss or board than it is to say "we made a game that no one bought".
I'm just saying.