App Store Bug Corrupts Binaries; Angry Birds Crash

First time accepted submitter bargainsale writes "Many recent updates from Apple's App store are crashing immediately, including Instapaper. Instapaper's creator, Marco Arment, thinks this is due to corrupt binaries being distributed. As Angry Birds Space is among those affected, there is some hope that Apple may acknowledge the problem and fix it ..."

This.

[kiriath]

This is going to RUIN my workday =\ How can I work without my Angry Birds?

Another Apple first

[GameboyRMH]

iOS - the first operating system with package management that doesn't run hash-checks on installer packages to check for corruption. That's right, Apple did it first!

Re:Another Apple first

[samkass]

iOS - the first operating system with package management that doesn't run hash-checks on installer packages to check for corruption. That's right, Apple did it first!

That's the weird thing, though... Apple not only DOES check it, they require the developer to cryptographically sign the entire package with keys they provide, and apps won't run unless it matches. There should be nothing in between that could modify code without tripping that up.

Re:Another Apple first

[tlhIngan]

Huh, then you have to wonder whether the signature process failed or the hash process failed...if the signature process failed and the App Store not only passed incorrectly signed apps onto devices but allowed them to be installed, that's a security vulnerability.

I'd suspect something a bit more innoculous.- like data center storage corruption.

iOS apps are encrypted - or rather, parts of them are. The executable has portions of its code and data segments encrypted, and the list of encrypted parts and the decryption key are then encrypted with the user's Apple ID key. That key is transferred to the device so that iOS can decrypt the binary encryptoin key and the list of encrypted segments (there aren't any headers).

The reason apps can crash would include either the encryption table is blank and iOS decrypts the binary incorrectly (probable cause - disk full) thus causing corrupt code and data to be executed, or perhaps everything IS encrypted properly, but the binary is corrupt.

The former would be erratic - some people would find it works correctly, others not, and it wouldn't matter if updates happened because it would occur on any download. The latter would mean the storage system has failed and thus during the DRM process, it's DRM'ing corrupt binaries.

Since it's specific binaries that do this, perhaps some of Apple's massive storage servers have failed catastrophically. (they use iSilon/EMC storage servers at their NC datacenter I believe). And also why re-uploaded versions of same work - they were put on more stable storage.

FYI - the way pirated apps work is they run the app, then use GDB to halt execution. Then they use GDB to dump the running image back out to get the decrypted version which then replaces the encrypted chunks with the decrypted versions.

I would also guess that Apple's "fixing it" because I kept running into issues downloading ("This application is not currently available").

Sent from my mortuary temple:

[fuzzyfuzzyfungus]

You're coding it wrong.

-Steve

App-arently fixed

[k(wi)r(kipedia)]

From the linked blog by app author Marco Arment:

I emailed App Review less than an hour after the update went live and yelled about it on Twitter. About two hours after the update went live, a correct, functional version of it started being distributed on reinstalls. As far as I know, the problem hasn't recurred since then.

I haven't yet received a response from App Review, so I don't know whether the fix was because I made noise, or simply because time passed, which may, for instance, expire a cache with the bad data.

He now just wants Apple to acknowledge that there was a problem.

Flamebait submission much?

[93+Escort+Wagon]

Seriously, updated/fixed Instagram downloads were available within a few hours. Having read various issue reports - this only affects certain apps and apparently only for certain users in certain regions - just how fast is the submitter expecting an official response? How fast would the submitter offer up an official statement if his software exhibited a bug under similar circumstances?

If the publisher makes the last good apk available

[tepples]

This is why Apple and Android need a good way for you to easily revert to a previous version.

Android already has this. Mainstream Android devices support distribution of application packages (.apk) on the application publisher's web site.

(And no, you don't need a hosts file to get this APK.)

Apple?

[MAXOMENOS]

As Angry Birds Space is among those affected, there is some hope that Apple may acknowledge the problem and fix it

Fix it, maybe. Acknowledge it? Not bloody likely.

Apple is finally finally DOOMED

[alen]

this did it i upgraded all of my wife's 50 some apps because she never does it and i'm waiting for her to call that she can't play angry birds. she's finally going to go android.

oh wait, she can't call because the phone app won't work. I'M SAVED

Re:What's the difference?

Simple: package managers are for filthy Linux users. No cool, hip Apple connoisseur would want to be associated with these social outcasts.

If you think I am joking you're only half right. Remember the outrage when Instagram came out on that disgusting Android thingy. Good times :D

Re:Oh Noez..

[Higgs+Bosun]

Angry Birds crashing users' iPhones? Must be from the Russian app store, it's normally the user that crashes Angry Birds into things.

They are supposed to crash.

[140Mandak262Jamuna]

What is the issue here? Aren't angry birds supposed to crash? You are supposed to pull the catapult and release it and the angry birds crash into structures built by pigs and destroy them. Don't get upset, there is a never ending supply of angry birds. So what is the problem here?