Secure asset api?

Today just for the heck of it I downloaded a free app mentioned on
this website and made with Corona. In seconds after installing I used
iFunBox, selected the app, and immediately had full access to all the
hard work done by the developer in creating the icons, the many sprite
sheets, backgrounds, and all other image assets.

To state that Corona doesn’t wish to protect a developer’s assets
because “where there’s a will, there’s a way” shows a total lack of
commitment to those of us that already pay big bucks for this platform. I
like Corona but I have to wonder how their company were to feel about
their hard work being so easily exposed to the public - totally
unprotected.

As a previous poster on a related thread stated, Cocos2D at least tries to protect the
hard work of developers - and that platform is free! So I ask Corona to
please change your attitude toward our hard work and invested time
(sometimes taking more time than to code) and at least make some effort
that you care.

Just curiously, what did the Cocos2D team do to help developers protect assets?

It was my understanding this asset protection was actually done by TexturePacker on sprite sheets.  Not all images, audio files, or anything else.  Is that incorrect?

I did see where some developers were trying to create encryption routines for assets, but this was all third party developers working on things.  And from what I saw, there was a performance hit to using these routines.

By enabling their code to input the protection provided by Texture Packer. In this scenario a single image can be protected as well - a sprite sheet can be 1 image.

Any performance hit would easily just happen when the app starts and the asset is loaded into memory. That’s what default screens and other imagery is for.

The solution to protecting developer assets must come from within the Corona framework - an expansion of the display.* api that would internally decrypt an asset ONLY in memory, not just decrypt and stick it unencrypted back into device memory.

Hi all,

Let me shed some further light on this topic. If I download a native iOS app, I have access to the assets (graphics, audio) used to create that app. Apple allows that hole in their OS which makes that access possible, so at the core level, you could consider this a bug report that should be filed with Apple. I’m not just trying to point fingers in that direction, but it’s the sheer reality of this industry.

In fact, Corona actually turns your code into byte code, so your code is fairly secure. With other cross-platform frameworks, this isn’t the case and your code can actually (and easily) be decompiled back to the original source, all the way to the original variable names, method names, class names, and everything else.

Having said that, there are ways you can obfuscate your code and assets (although “securing” is much harder). We do provide Bit and Crypto libraries so users can create their own protected assets that the “casual user” couldn’t access. However, it would impact load times and the “where there’s a will, there’s a way” group could still figure a way around it. Leaving the assets unprotected in the Temporary or Documents folder leaves them open and available to those who want to steal the assets with external iPhone access tools. So essentially, from Corona’s side, trying to protect the assets would be a lot of work, impact runtime performance, and would still never be enough to provide true protection.

If you do have specific libraries you want to use to do some sort of strong encryption, you can always use Corona Enterprise as well.

Hope this clarifies the situation,

Brent

Just curiously, what did the Cocos2D team do to help developers protect assets?

It was my understanding this asset protection was actually done by TexturePacker on sprite sheets.  Not all images, audio files, or anything else.  Is that incorrect?

I did see where some developers were trying to create encryption routines for assets, but this was all third party developers working on things.  And from what I saw, there was a performance hit to using these routines.

By enabling their code to input the protection provided by Texture Packer. In this scenario a single image can be protected as well - a sprite sheet can be 1 image.

Any performance hit would easily just happen when the app starts and the asset is loaded into memory. That’s what default screens and other imagery is for.

The solution to protecting developer assets must come from within the Corona framework - an expansion of the display.* api that would internally decrypt an asset ONLY in memory, not just decrypt and stick it unencrypted back into device memory.

Hi all,

Let me shed some further light on this topic. If I download a native iOS app, I have access to the assets (graphics, audio) used to create that app. Apple allows that hole in their OS which makes that access possible, so at the core level, you could consider this a bug report that should be filed with Apple. I’m not just trying to point fingers in that direction, but it’s the sheer reality of this industry.

In fact, Corona actually turns your code into byte code, so your code is fairly secure. With other cross-platform frameworks, this isn’t the case and your code can actually (and easily) be decompiled back to the original source, all the way to the original variable names, method names, class names, and everything else.

Having said that, there are ways you can obfuscate your code and assets (although “securing” is much harder). We do provide Bit and Crypto libraries so users can create their own protected assets that the “casual user” couldn’t access. However, it would impact load times and the “where there’s a will, there’s a way” group could still figure a way around it. Leaving the assets unprotected in the Temporary or Documents folder leaves them open and available to those who want to steal the assets with external iPhone access tools. So essentially, from Corona’s side, trying to protect the assets would be a lot of work, impact runtime performance, and would still never be enough to provide true protection.

If you do have specific libraries you want to use to do some sort of strong encryption, you can always use Corona Enterprise as well.

Hope this clarifies the situation,

Brent