Glitch spotted in Windows Phone Store, allows installation of Nokia exclusive apps on all phones [Updated]

At last count, Nokia had well over 50 exclusive apps or games in its Collection, giving Lumia owners a slight edge in features.

But that advantage may be no more, at least temporarily. According to Chinese site WPDang, there is a freshly spotted glitch in Windows Phone Store that could enable everyone to download exclusive apps from the Nokia Collection.

Yes. The picture above shows Nokia Glam Me being installed in a Huawei Ascend W1. Not photoshopped.

Basically, the server glitch is exploited like this:

  1. Someone sets up a proxy server which disguises itself as a Lumia phone.
  2. Users anywhere connect to the Windows Phone Store through said proxy, effectively disguising themselves as Lumia phones too.
  3. Users perform search via the proxy in the Store, searching for Nokia-exclusive apps by name. Normally a device model/brand check would be performed by the Store server, and refuse to offer any result upon finding model/brand mismatch. But since now those users are cloaked, the server will spill app descriptions and download links without a fuss.
  4. However, the proxy server is not able to pass file download streams to each user request, therefore non-Nokia users who just managed to get app download links are not able to really buy or download stuff.
  5. This is where the server glitch actually exists: in common sense of this universe, the Store should perform a model/brand check upon each search AND download request, to make sure what's supposed to be exclusive will stay exclusive, no matter how hard people try. However in Microsoft's case, download requests are NOT FILTERED AT ALL.
  6. Therefore if a user switches into WiFi setting, turn the proxy off, then switch back to the app description page and click the download button, he/she just gets the app. Microsoft is assume that if this button is displayed on your screen at all, your device must be well qualified, what could possibly go wrong? Just go ahead and make yourself comfortable.
  7. End of story: Nokia-exclusive apps ending up on non-Nokia phones.

Yes I agree with many of you in the comment thread, this is technically not a glitch. But no, I won't call it a hack, which emphasizes efforts on the client end. I'd say this is more a server-end problem, a design flaw, a loophole, and a rather naive one. It's like protecting confidential files in your computer by putting them into a hidden folder, instead of having them properly encrypted.

Unlike some are concerned about, I don't think this problem will cause Lumia phones to devalue for losing the advantage of exclusive apps. Because: 1) the loophole seems rather easy to patch up; 2) even if one manages to load a Nokia app to a HTC or Samsung phone, quite likely it just won't work, because most of these OEM-specific apps utilize special drivers, APIs, or even hardware modules to run.

And there's another effect of this loophole. If a user on a low end Lumia (like 520 or 720) connects to the Windows Phone Store through a proxy disguised as a top notch Lumia (920 or 925), he/she easily gains access to all apps that are originally hidden to them for not meeting RAM size requirement. That means being able to try out some of the most impressive apps and games on Windows Phone with merely an entry-level device. But again, there's no promising that blockbuster apps installed through this trick will actually run smoothly on low end phone, if they run at all. Microsoft decided to hide them for a good reason: those functions, features and graphic charms just do need more horsepower and RAM size to come into full life. Trying to force them onto weaker devices might result in hellish user experience, or even crash phones.

Update:

  1. Yes I saw the outcry in the comment field. Personally I don't think it's piracy, because all it does is to let the minority of the Windows Phone ecosystem get access to some free apps freely, in a more often than not very buggy way. Nothing is stolen, just a cluster of people having a bit geeky fun in endless trial and error. But thanks for the reminder, guys. I'm all ears.
  2. Still, after thinking better of it, I've basically rewritten this post. The tutorial for exploit is no longer there. Instead, I've decided to explain how exactly it works, and why Microsoft is to blame in this matter.
  3. If any of you still wants to try the trick out, click into the source link and puzzle the Chinese stuff out.
  4. I'm a proud Lumia 920 owner like many of you guys. But I'm kind of in support of this exploit. So often I want to show my wife how awesome Nokia's exclusive apps are, and why it's wise to ditch her HTC 8X for a 920 or the EOS, despite the bulky form factor. Nothing says the endorsement better than getting a few of Nokia's killer apps onto her own phone, and make her grown dependent on them.
  5. I'd suggest Nokia release a stripped down version for all of its key apps (panorama, music, Glam Me, etc) to all Windows Phones, like a free trial. Except that these trial apps won't remind users to buy the full function, but rather ask them to consider buying a Lumia. That would be very powerful advertising. Just pack all those apps into one, and name it "THE Lumia Experience" or something like that. Windows Phone makers differentiate themselves in apps and services instead of user interfaces, so let the apps and services do the talking. 

Source: WPDang, Sina Weibo

Kane Gao