There's been a lot of talk amongst the Mac developer community the past couple of days about preventing piracy in apps found on the new Mac App Store (e.g. here and here). Much of it has implied that developers who chose not to implement receipt validation were dumb or lazy. There hasn't been much argument against that point, likely because developers don't want to publicize the fact that their app can be copied without being purchased. Well, I'll step up and say it:

Pear Note on the Mac App Store does no receipt validation.

This was not done because I'm lazy or dumb (well, I guess you can be the judge of whether I'm dumb). It was a conscious decision done for specific reasons.

When I released Pear Note, I created a license verification mechanism as most developers do. This is a good idea for any app that's freely downloadable on the Internet, as it provides a mechanism to check if a user has purchased the software and encourage them to do so if not. Like most other devs out there, the crackers didn't take long to find me. They released cracked copies of Pear Note for every version I released within hours of my release. I fought back by obfuscating my validation code, but they found ways around it. Eventually I resolved to stop fighting. It wasn't worth my time.

I could have fought harder, but I couldn't have won. The crackers had the advantage. They had full control of the system running my software. All I could do was hope that I'd hidden things well enough that they wouldn't see what was really going on.

The good news is that it was painful for anyone who wanted to use the cracked version. Every time I released a new version (which is fairly often), they'd have to visit one of the scarier neighborhoods of the Internet to find a new cracked version. Legitimate users got automatic updates. I was ok with this compromise, as I doubt anyone willing to endure that pain would ever be willing to pay for the software in the first place.

Mac App Store receipt validation has the same problems as any other license validation. Worse, it's the same basic mechanism for all Mac App Store apps, making it easier to create a tool to crack them. I'd guess we'll see a tool in the wild soon that will be able to crack almost any Mac App Store app. (My bet is that they create their own certificate to sign a fake receipt, then binary patch an app to replace the string for the Apple root CA with the string for their own.)

The same good news from my license scheme applies to the Mac App Store. Apple is authenticating users on the server in order to give them updates. This means cracked copies won't be updated. Regardless of whether you do receipt validation or not, cracked copies won't be updated.

In my opinion, that's enough pain to prevent most honest users from pirating Pear Note. And I don't have to fight a losing battle with the crackers of the world. There will be some pirates, but probably no more than I've had before. And who knows, perhaps some of the pirates that do copy Pear Note are my future customers.