Chinese Installous Alternative Lets Users Pirate Paid Apple AppStore Apps Without Requiring Jailbreak
Shutdown of Apple iOS piracy service Installous seems to be a short lived relief for App developers as a new Chinese application is suddenly in limelight offering an "easy-to-use" alternative for "Installous" - and the kicker is that now the device does not even have to be jailbreaked in order to use this one.
The Windows desktop application and iOS application offered by Chinese startup named kuiayong enables any user to simply plug-in and download paid AppStore applications for free, no matter which iOS version and whether jailbroken or not.
Couple kuiayong.com with the AppStore InApp Purchase hack and we have a fully breached Apple iOS AppStore.
It appears they own a few dozen iTunes user accounts and buy the apps for these accounts. They then write something over USB which fools the iDevice into passively accepting signed apps which belong to these accounts as if they belong to the account which owns that iDevice. Apple engineers certainly know a lot more about their own USB protocol and DRM system than I do, so hopefully the details we sent them will help them quickly narrow down the exact problem.
As for the question of whether kuiayong is “safe”: I have not seen any deliberately user-hostile code in what it installed; it’s just mildly allergic to debuggers. However, it has an open-ended update system and a EULA that clearly states they can do anything they want at any time. If you go on their site they have another EULA that says they reserve the right to force ads and charge money in the future. (I autotranslated all of this but the intent is clear.) Additionally, the User ID forging technique seems to be a bit glitchy, as many pirates have reported strange problems with the App Store after using kuaiyong. On top of that, you can be sure that someone will come out with unambiguously user-hostile imitationware, so don’t just go around installing whatever. Same advice as always.
And just to crush your hopes, no, I don’t think this is a jailbreak vector. It only works with things that are properly signed. This means no random malware and no cydia. Sorry! :)