iOS dictionary apps posting false piracy “confessions” onto users’ Twitter accounts

iOS dictionary apps posting false piracy "confessions" onto users' Twitter accounts

A $55 iOS dictionary application has rewarded those who plonked down the cash by hijacking its users’ Twitter feeds to post cooked-up piracy confessions.

As of Wednesday morning, a steady river of Twitter confessions was running through Twitterland.

Twitter messages

All of the messages seemed to come from people who’d spontaneously woken up to the evils of piracy and had all foresworn the sin, all in identical language that suggested the following:

"How about we all stop using pirated iOS apps? I promise to stop. I really will. #softwarepirateconfession."

The company behind the hijacking is Enfour, a Japanese maker of various dictionary applications.

The piracy module was supposed to shame people who actually stole Enfour’s apps, but it ran amok, springing upon a huge chunk of the company’s paid user base.

Enfour posted an apology [PDF] saying that it discovered serious glitches on November 1 that “embarrassed both our users and our company”.

Apology from Enfour

According to the apology, customers who opened the app and then let it go to sleep before closing had the “unpleasant surprise” of forced confessions.

On waking, the app displayed a dialog box showing “Run in Safe Mode”. The app then disabled itself and performed an auto soft close.

A notification appeared locally on the device. If the user had authorized the app to access their Twitter account, the #softwarepiracyconfession tweet was sent out under their account.

The tweet apparently only went out if the user tapped a send confirmation button.

Enfour says that it removed the anti-piracy module as soon as it became aware of the problem and worked with Apple to get a patched version online for download, all before the close of business on that same day.

There was no hack, no unofficial APIs, no compromised users’ personal information, no virus, nor any malware involved, Enfour says: rather, it was solely a case of misguided-intention-ware.

To explain why it would unleash the anti-piracy app at all, Enfour said that its apps are pirated at an “astonishing” rate, with a ratio of 100 ripped-off copies to every legitimately sold version.

Ouch. That smarts, Enfour said.

At the small, family-owned business, where every lost sale impacts their livelihood, they just wanted the thievery to stop, and they thought they had cooked up a clever way to do it:

"We can't thwart truly determined hacker & crackers, but we wanted to possibly shame those who were opportunistically stealing our software. Just like installing a shop-lifting alarm in a store, we thought we were being creative with a notification and a timed tweet for users of a cracked app."

In the Japanese version of the letter, Enfour apologised for the inconvenience, trouble and slighted honor of those who bought legitimate copies of its applications.

That hurt honor was pinched far and wide, given the list of dictionaries affected. Here are just a few, from Enfour’s apology:

  • American Heritage® Medical Dictionary
  • Australian Oxford Dictionary
  • Collins Gem Chinese
  • Collins Gem English Dictionary & Thesaurus
  • Collins Gem French-English Dictionary
  • Collins Gem German-English Dictionary
  • Collins Gem Italian-English Dictionary
  • Collins Gem Malay-English Dictionary
  • Collins Gem Portuguese-English Dictionary
  • Collins Gem Spanish-English Dictionary
  • Collins Polish-English Dictionary
  • Collins Russian-English Dictionary

Of course, like other earnest tweets, such as Muslim rage, the Twitter hijacking has already been turned into a joke.

Some variations on the theme:

I am a pirate. Ahoy, mateys! Yarr! #softwarepirateconfession

How about we all stop using ALL iOS apps? I promise to stop. I really will. #softwarepirateconfession

I cracked a handful of games on C64 when I was a kid and I totally enjoyed it. #softwarepirateconfession

EnfourAccording to Enfour, users who haven’t updated to the fixed version may still be affected.

However, Ars Technica’s Jon Brodkin reports seeing enough complaints floating around that he wonders if the problem is completely gone. And as Brodkin notes, there are still a steady stream of “confessions” being published on Twitter.

In retrospect, Enfour said in its apology, the piracy module “was not the wisest choice.” The bug was “a screwup,” it said, and they accept full responsibility.

All well and good. Nobody, I would hope, wants to see small, family-run businesses go belly-up because of piracy.

But I agree with Ars Technica’s Brodkin on this one: it’s not just the screwed-up implementation that’s at issue here. It’s the concept itself that’s suspect.

Shaming people into behaving responsibly might work if you live in the same village and have extra rotten potatoes to lob at their heads, but there are probably more effective ways to fight piracy on the internet.

This type of vigilante justice will just be laughed off in the Wild West of the Intertubes.

And as Brodkin said, the company at the very least should have tested the module more thoroughly before letting it run rampant, posting false confessions on poor, bewildered, undeserving seekers of word definitions.