App Store Bug Corrupts Binaries; Angry Birds Crash 116
First time accepted submitter bargainsale writes "Many recent updates from Apple's App store are crashing immediately, including Instapaper. Instapaper's creator, Marco Arment, thinks this is due to corrupt binaries being distributed. As Angry Birds Space is among those affected, there is some hope that Apple may acknowledge the problem and fix it ..."
This. (Score:5, Funny)
Re: (Score:1)
Re: (Score:1)
Time to move to a more interesting game you can also play in your phone.
Have you ever played go [google.com]?
(disclaimer: I have nothing to do with the game nor the server creators).
Re:This. (Score:4, Insightful)
Re: (Score:2)
> Its pretty cler to me that this isn't an issue on apple's end. They're really good out posting
> guidelines for submitting binaries. Maybe app creators should be better about following instructions?
Huh??? Things were working just fine, thank you, before July 3rd. If you had RTFA, you would've seen the bit about...
> Update, July 5: After adding 114 apps to the list with more reports coming in
> every few minutes, it's no longer practical for me to maintain the list. Obviously,
> this is a very
Another Apple first (Score:5, Funny)
iOS - the first operating system with package management that doesn't run hash-checks on installer packages to check for corruption. That's right, Apple did it first!
Re:Another Apple first (Score:4, Informative)
What's the difference? (Score:3)
App Store is not a package manager, it's an application distribution system.
I'm not seeing the difference. Applications come in packages, and a distribution system manages them. A claim of the form "X is not A; it's B" is easier to understand if you explain what essential difference you see between A and B. Otherwise, I call fallacy [logicallyfallacious.com].
Re:What's the difference? (Score:5, Funny)
Simple: package managers are for filthy Linux users. No cool, hip Apple connoisseur would want to be associated with these social outcasts.
If you think I am joking you're only half right. Remember the outrage when Instagram came out on that disgusting Android thingy. Good times :D
Re: (Score:2)
App Store is not a package manager, it's an application distribution system.
I'm not seeing the difference. Applications come in packages, and a distribution system manages them. A claim of the form "X is not A; it's B" is easier to understand if you explain what essential difference you see between A and B. Otherwise, I call fallacy [logicallyfallacious.com].
I guess it would be easier to state that while application are packages, packages are not necessarily applications. So a package manager might be an application distribution system, but an application distribution system is not a package manager. In simpler terms - an application distribution system incorporates a very specific set of functionality, removing several aspects of a general package management system, including things like dependency hierarchies which can cause problems cross-applications, espec
Re: (Score:2)
I was just going to post that I've never had it flag a dependency :)
Re: (Score:2)
It's more of a co-dependency really :-)
Re:Another Apple first (Score:4, Insightful)
It doesn't follow. The binary might be corrupted before being hashed.
You don't need technical reasons to bash Apple, even if their product were technically impeccable, you have too little control over them.
Re: (Score:3, Insightful)
So then they did not test it after building it?
Dev sends app and hash to apple. Apple distributes and has end devices check hash at install time, if hash no match download again.
Exactly where does this problem slip in without anyone noticing?
Re:Another Apple first (Score:5, Interesting)
iOS - the first operating system with package management that doesn't run hash-checks on installer packages to check for corruption. That's right, Apple did it first!
That's the weird thing, though... Apple not only DOES check it, they require the developer to cryptographically sign the entire package with keys they provide, and apps won't run unless it matches. There should be nothing in between that could modify code without tripping that up.
Re: (Score:3)
Huh, then you have to wonder whether the signature process failed or the hash process failed...if the signature process failed and the App Store not only passed incorrectly signed apps onto devices but allowed them to be installed, that's a security vulnerability.
Re:Another Apple first (Score:5, Insightful)
I'd suspect something a bit more innoculous.- like data center storage corruption.
iOS apps are encrypted - or rather, parts of them are. The executable has portions of its code and data segments encrypted, and the list of encrypted parts and the decryption key are then encrypted with the user's Apple ID key. That key is transferred to the device so that iOS can decrypt the binary encryptoin key and the list of encrypted segments (there aren't any headers).
The reason apps can crash would include either the encryption table is blank and iOS decrypts the binary incorrectly (probable cause - disk full) thus causing corrupt code and data to be executed, or perhaps everything IS encrypted properly, but the binary is corrupt.
The former would be erratic - some people would find it works correctly, others not, and it wouldn't matter if updates happened because it would occur on any download. The latter would mean the storage system has failed and thus during the DRM process, it's DRM'ing corrupt binaries.
Since it's specific binaries that do this, perhaps some of Apple's massive storage servers have failed catastrophically. (they use iSilon/EMC storage servers at their NC datacenter I believe). And also why re-uploaded versions of same work - they were put on more stable storage.
FYI - the way pirated apps work is they run the app, then use GDB to halt execution. Then they use GDB to dump the running image back out to get the decrypted version which then replaces the encrypted chunks with the decrypted versions.
I would also guess that Apple's "fixing it" because I kept running into issues downloading ("This application is not currently available").
Re: (Score:2)
Depends on how it's set up. They could have an installer package that includes a manifest of files inside with their hashes, and then that entire package could be encrypted. You don't need to know the hash of the whole package if you can check all the files inside.
Re: (Score:2)
Why would they encrypt the package? Do you mean sign? Because then the whole packages does need to be hashed.
Re: (Score:2)
Yeah I mean signed. It is redundant, although it would make sense in a system where signing is optional, and would be an example of where the signing is dependent on the hash result.
Apple as MITM? (Score:2)
If "they" in the first sentence is Apple rather than the developer (and its not clear what the referent fro that pronoun is), then Apple has the keys and could modify the package after it is provided by the developer. Why they would do so is unclear, but it would
Re: (Score:2)
Well if you RTFA, you will see that it is actually the decryption that fails. The package itself validates as being properly downloaded (the bits sent by the server are the bits received), but the binary is corrupt and not properly encrypted so the OS refuses to run it.
The problem appears to be in the distribution system that signs the binary then distributes the package across the CDNs, after App Review approves it. The current theories are that the signing system is somehow incorrectly signing a mismatch
Re: (Score:2)
IOW, TFS is simply wrong: the application isn't crashing. Everything is working exactly as it should, except for some intermediary storage in the App store.
Sigh.
Re: (Score:2)
Man, when you put it like that, it that sounds so dull and realistic. Can't you rephrase it to make it more exciting and inflammatory?
Re: (Score:2)
I liked your version of this comment with the three trailing dots more
Re: (Score:2)
Re: (Score:2)
Yeah, I'm _really_ confused by this story. In order to publish an app, you have to sign it with your developer key, and Apple has to sign it too. How is it even _possible_ for a corrupted app to run on an iOS device? Wouldn't it just fail the signature check?
Re: (Score:2)
And it's patented. :-)
Need a good way to revert to previous version (Score:2)
Re: (Score:2)
Re: (Score:1)
If the publisher makes the last good apk available (Score:5, Informative)
This is why Apple and Android need a good way for you to easily revert to a previous version.
Android already has this. Mainstream Android devices support distribution of application packages (.apk) on the application publisher's web site.
(And no, you don't need a hosts file to get this APK.)
Re: (Score:2)
(And no, you don't need a hosts file to get this APK.)
The day is young, and yet, I will bet good money that this will be the best comment posted in this daycycle. Well played sir, well played. Now, cue the whining in mixed caps with lots of ellipses in 3..2..1...
Re: (Score:3)
any management dildo that can use marketingSpeak like "daycycle" needs to shove his blackberry up his ass.
Not a big reader of Science Fiction, are you? I'm gonna go out on a limb and guess that you're not a big reader in general, though.
Before there was Twitter, there was Twitter (Score:2)
I will bet good money that this will be the best comment posted in this daycycle. Well played sir, well played.
Yeah, I just wish I could still make jokes about Twitter the microblogging service and Twitter the anti-M$ sockpuppeteer [slashdot.org].
Oh Noez.. (Score:2)
Re: (Score:2)
The world will do what the plurality has already been doing lately: play Angry Birds on an Android-powered touchscreen phone instead of an iPhone.
Yet another reason why Android doesn't poop poop [youtube.com].
Re:Oh Noez.. (Score:5, Funny)
Sent from my mortuary temple: (Score:5, Funny)
-Steve
Re:Sent from my mortuary temple: (Score:4, Funny)
Liar! He'd say something like "Just try not installing it in that way."
Re: (Score:2)
Re:Sent from my mortuary temple: (Score:4, Insightful)
That sounds dangerously close to jailbreaker talk...
Re: (Score:2)
Well obviously since it didn't work it wasn't done the One True Way the first time, and since Steve loves and forgives Apple users, he only wants to steer his flock back onto the path of righteousness.
Re:Sent from my mortuary temple: (Score:4, Funny)
Are you seriously suggesting that Steve would approve of there being ways other than the One True Way to install things on an iPhone?
I think you misunderstand... he would say you're touching the screen wrong. You have to caress it, not just jab at it. I swear, some people.
Re: (Score:2)
You have to caress it, not just jab at it. I swear, some people.
Is that a stylus in your pocket, or are you just happy to see me?
App-arently fixed (Score:5, Informative)
He now just wants Apple to acknowledge that there was a problem.
Re: (Score:2)
From the linked blog by app author Marco Arment:
He now just wants Apple to acknowledge that there was a problem.
Well, it seems to me that they did the correct thing, which is to put their resources into fixing the problem first, and discuss the problem with angry users later.
Re: (Score:2)
Well, it seems to me that they did the correct thing, which is to put their resources into fixing the problem first, and discuss the problem with angry users later.
If Apple is so short on resources they can't afford to work on the problem and simultaniously dedicate 1 person to sending a message out to an email list saying "hey, we messed something up, give us a few to get it fixed," They've got some serious issues.
What's that? More cash on hand than the federal government? In that case, no excuse (other than ego, of course).
Go away, we're busy [Re:App-arently fixed] (Score:2)
Well, it seems to me that they did the correct thing, which is to put their resources into fixing the problem first, and discuss the problem with angry users later.
If Apple is so short on resources they can't afford to work on the problem and simultaniously dedicate 1 person to sending a message out to an email list saying "hey, we messed something up, give us a few to get it fixed," They've got some serious issues.
Dealing with the end users properly should include a statement of the form such as "this is what went wrong, this is how we're fixing it." If it doesn't include information similar to that, the users are going to be just as dissatisfied as they were before, and maybe more so. That means asking the people fixing the problem "what went wrong? How soon can we fix it?"
To which the correct answer is "shut up and stop bothering us, we're too busy to deal with you right now."
In general, you can do work or you c
Re: (Score:2)
In general, you can do work or you can answer questions from management, but you can't do both.
Not buying it; we're not talking about some open-source, crowd-funded underdog, here - If you're really trying to convince me that communicating with customers when things go wrong is too much work for a company that has more money than the government, you've got a tough road ahead.
It becomes even harder to convince me of such when taking into account Apple's history of deny, [pcworld.com] deny, [blogspot.com] deny. [maclife.com]
Re: (Score:2)
Money has nothing to do with it.
You can do work, or you can answer questions from management, but you can't do both. If you think that it's possible to do both just because you have a lot of money-- well, sorry. It would be nice if money solved all problems.
Re: (Score:2)
Money has nothing to do with it.
Money has everything to do with it.
Apple has the financial security to hire nations of customer support people if they wanted to, tasked with answering questions from customers. No need to bother the coders trying to fix the problem, with the exception of maybe pulling one or two aside for 15 minutes to write down exactly what the issue is, so the reps can explain it to irate customers. Of course, this is assuming they don't toe the iLine and pretend like there's nothing wrong, outright lying to customers
Re: (Score:2)
No need to bother the coders trying to fix the problem, with the exception of maybe pulling one or two aside for 15 minutes to write down exactly what the issue is, so the reps can explain it to irate customers.
Oh, that's just so easy! No problem, just "pull one or two of the programmers who are trying to solve the problem aside for fifteen minutes", yeah, that's all! Easy, just fifteen minutes! Twenty, tops! Well, maybe thirty, if they have to explain it in terms management can understand. No more than an hour, certainly, or, anyway, no more than two. Well, unless management has questions, then maybe a little more. Half a day, tops, dead certain.
Idiot. I just hope you're not in management.
Re: (Score:2)
No need to bother the coders trying to fix the problem, with the exception of maybe pulling one or two aside for 15 minutes to write down exactly what the issue is, so the reps can explain it to irate customers.
Oh, that's just so easy! No problem, just "pull one or two of the programmers who are trying to solve the problem aside for fifteen minutes", yeah, that's all! Easy, just fifteen minutes! Twenty, tops! Well, maybe thirty, if they have to explain it in terms management can understand. No more than an hour, certainly, or, anyway, no more than two. Well, unless management has questions, then maybe a little more. Half a day, tops, dead certain.
Yea, and? Like I keep trying to tell you, it's not like Apple is some tiny little startup with only 1-2 guys doing code; they have a veritable fucking ARMY of coders, so having one or two take a day to explain to customer service what sort of calls they should be expecting is not unreasonable. Hell, it would be unreasonable to not give CS a heads up, considering that this little fuck-up (which is likely the coders' fault) probably quadrupled the call volume.
Idiot. I just hope you're not in management.
Fuck. You. Assbasket.
I don't need to hope, I can
Re: (Score:2)
Flamebait submission much? (Score:5, Insightful)
Seriously, updated/fixed Instagram downloads were available within a few hours. Having read various issue reports - this only affects certain apps and apparently only for certain users in certain regions - just how fast is the submitter expecting an official response? How fast would the submitter offer up an official statement if his software exhibited a bug under similar circumstances?
Re: (Score:1, Troll)
How fast would the submitter offer up an official statement if his software exhibited a bug under similar circumstances?
Very quickly, if he wanted to maintain his credibility. Of course, Apple doesn't have any to lose (except among the cult that experiences Apple the way others experience religion [cnn.com]), who can safely be called a cult and be assumed to be brainwashed. Presumably, these people are easy to brainwash; it only took the most trite methods of propaganda to accomplish it.
Re: (Score:2)
Having read various issue reports - this only affects certain apps and apparently only for certain users in certain regions - just how fast is the submitter expecting an official response?
Instapaper's author was begging happy users to write review to balance out the "-3 stars: crashes! this app is teh suck!" reviews that came flooding in as people installed the new update. If my livelihood were being harmed by a publisher breaking my app, I'd want that official response pretty damn quickly.
Re: (Score:1)
Yeah except for the whole Java thing. Try an iOS device side by side with an Android device. Even with a much weaker CPU the iOS is so much smoother and snappy.
Don't get me wrong, iOS still sucks. I hate the UI, the walled garden, the limits, basically everything else is worse than Android but the performance is lightyears ahead of that piece of shit Java crap.
Sheep can't climb ladders (Score:2)
And even if they could they wouldn't go near it unless it had an apple logo or was at least called NextStepLadder.
Wow (Score:2)
Who writes this? If there is an issue, obviously, they will fix it.
Re: (Score:2)
Re: (Score:2)
"there is some hope that Apple may acknowledge the problem and fix it"
Who writes this? If there is an issue, obviously, they will fix it.
Exactly. This is sooo bullshit.
ftp problem (Score:3)
Someone at Apple forgot to type "bin" at the prompt before they uploaded the binaries :o)
Apple? (Score:5, Insightful)
As Angry Birds Space is among those affected, there is some hope that Apple may acknowledge the problem and fix it
Fix it, maybe. Acknowledge it? Not bloody likely.
Apple is finally finally DOOMED (Score:5, Funny)
this did it i upgraded all of my wife's 50 some apps because she never does it and i'm waiting for her to call that she can't play angry birds. she's finally going to go android.
oh wait, she can't call because the phone app won't work. I'M SAVED
Re:Apple is finally finally DOOMED (Score:4, Funny)
Just never ever see her again (lest she complain to your face about the non-working phone) and Mission Accomplished!
fail (Score:2)
Will Apple patent corrupted apps? (Score:1)
Re: (Score:1)
How much you want to bet Apple has already have patented this?
Sorry for my butchering of the language there... English is my first language.
They are supposed to crash. (Score:5, Insightful)
Re: (Score:2)
Not the first time (Score:1)
A while back I was stuck with a corrupted copy of Event Horizon downloaded from iTunes I wanted running in the background while getting some 40K stuff done.
On my main PC hooked up the to the big screen.
Downloaded, stopped at a certain mark.
Deleted, restarted download. Stopped at same mark.
Deleted movie and cache. Restarted download, stopped at the same mark.
Contacted Apple tech support. Told them about the corrupt file on their servers. Suggested my cache was corrupted. I told them I had already cleared it.
Happened to us (Score:3, Informative)
This happened to our product last week. The issue seemed to be that most users who tried to download the application were instead getting the old version (despite app store thinking the product was updated)... You could see this if you pulled the binary off the device and looked into the binary size / info.plist (all the information matched).
There were 2 work arounds we discovered:
1. Users could fix their individual application (If they're app is crashing immediately), by deleting the app, and redownloading it from iCloud (go into purchase history to find the application and download it from there, NOT the app front page).
2. Apple worked for a while on our issue but didn't come up with a resolution, instead we were able to get it back into operation by "Hitting the reset button" -- First, remove the app from sale in the store (set the available regions to none), wait until that propagates (could take a few hours) then, put it back. This fixed our issue. Hopefully now that more people are reporting this issue Apple will actually take the time to fix it.
network issue? (Score:2)
At least you have other sources (Score:2)
for your apps~
Apple acknowledge it's mistakes.... (Score:2)
LAUGH
LAUGH
LAUGH
LAUGH
Seriously, I've wasted about 5 days (day = 24 hours) dealing with Apple's iTunes. Damn near ready to dig up Steve Jobs from his grave just to shoot him.
Yes, I am officially DONE with all things Apple. (Well, I will be once my AT&T wireless lock in ends this month.)
Re: (Score:2)
I'd hate to see how long it takes you to tie your shoelaces.
Absolutely pathetic (Score:2)
In the article, the guy has listed over 100 apps that suffer from the problem. What's the point? One could assume that once you come across the 3rd, you would start to think that it's not really an app-specific problem.
The another thing that sucks here is how desperately he is collecting evidence to point out the problem and sorely hoping Apple to fix it. If correcting problems and actually hearing back from some knowledgeable people is that hard, something is just wrong with the company.