Intel AppUp Store update: I found a security hole

You might recall my post from Friday about my attempts to download games for AppUp and how intel's DRM kept blocking me from playing the free games. The DRM is still broken (when I break something I really break it), and they're going to hand the case off to a specialist on Monday.

I downloaded a few more free games on Friday and Saturday. I know it sounds masochistic, but I wanted to see if all the games had the same DRM problem. They didn't, and now the problem is really interesting. I love intermittent errors; they are much harder to isolate.

One of the games I downloaded kept wanting to check for authentication before it allowed me to play it, which means it has to have access through my firewall. The problem here is 2-fold:

  • AppUp is supposed to check for authentication, not the individual apps
  • Intel let this app  into AppUp without catching this rules violation

How do we know that the next app uploaded to AppUp isn't a Trojan? Obviously we can't trust Intel to do basic code checks.

But wait, you say. Surely the average user won't just let an app do whatever it wants.  No, I think a significant percentage will. Some users wll trust Intel, and they'll trust the app because they got it from Intel.

Now that I've brought it to everyone's attention, I suppose Intel will fix this problem before it blows up in their face. Pity. On the one hand, I always enjoy a DRM debacle; but on the other hand I'd rather not have people get hurt.

P.S. I'd like to point out that I've found all of the games with broken DRM on the web as free legal downloads on other websites. I mention this because I want to highlight the fact that the Intel AppUp store does not actually do anything that has a positive effect on the user experience. No, all they've done is punish me (a legitimate user) with their DRM.

P.P.S. Here's a summary of the Intel AppUp Store's DRM procedure. They apply to both free and paid games.

  • the AppUp client is supposed to check for authentication, not the individual apps
  • If you're online when the AppUp client is running, it will check
  • if you're offline but you've authenticated sometime in the last 30 days then the app will run
  • if it's been more than 30 days since the last time the AppUp client checked for authentication, no app will run (until the AppUp client checks again)

About Nate Hoffelder (11464 Articles)
Nate Hoffelder is the founder and editor of The Digital Reader: "I've been into reading ebooks since forever, but I only got my first ereader in July 2007. Everything quickly spiraled out of control from there. Before I started this blog in January 2010 I covered ebooks, ebook readers, and digital publishing for about 2 years as a part of MobileRead Forums. It's a great community, and being a member is a joy. But I thought I could make something out of how I covered the news for MobileRead, so I started this blog."

Leave a comment

Your email address will not be published.