Just heard that Meteor Madness has been hacked to get around the Windows Store provided payment system.
So, what does this mean for Meteor Madness, Microsoft Store and Justin Angel, the “hacker”, that posted the instructions?
Firstly, I’ve been blown away at the coverage of this story. I first read about it yesterday in Venture Beat, but have since seen it covered at Trusted Reviews, Slash Gear, TechSpot and TG Daily. Also, while Justin’s original article has been taken down, someone has loaded the Google archive version of it at Scribd. With Microsoft recently having the honour of not having an exploit in Kaspersky’s Top 10 Vulnerabilities, it seems like people want to find something bad in Windows 8 and this security flaw hits the mark.
So, for Microsoft, this seems like a bit of a problem. They’ve got an easy to use payments system that falls short of expectations. Further, followers of Justin’s on twitter (presumably like-minded techies) think this might not be easy for Microsoft to fix. Microsoft does have a short term solution that pre-dates Justin’s article. In particular, Microsoft has created a receipt system that developers can use to protect their systems which is well documented. In the long run, any fix that Microsoft creates can be retrofitted to existing applications. So, their end result is just a re-prioritization of the backlog of Windows Store work.
In my case, I was aware of the receipt system, but opted not to implement it in the first release. I was aiming for a Minimum Viable Product (MVP) as advocated by The Lean Startup, and frankly coding up a receipt system didn’t make the cut. I was more concerned about getting awesome features like leaderboards working. If I put a high priority on fixing this in the future, I can stop Justin and others from bypassing the store. Before I bother with that though, I’ll measure the percentage of players that have bypassed this mechanism thanks to the data in the aforementioned leaderboards.
So, my thanks go out to Justin, he’s identified a hole in the Windows Store and Microsoft and developers will benefit from this information. In doing so, he listed my game alongside Cut the Rope and Minesweeper which might be the last time it is seen alongside such admirable titles. I hope that Justin didn’t get in any trouble from his employer for this. However, Justin, if you do it again I’ll tell everyone how bad your scores were!