On the current scheme of things, while we are very careful not to talk about the means, piracy is almost effortless for Windows Phone devices. This is because all the XAP applications are stored on a server that freely relays it's contents using unsecured HTTP lines. Originally, this was not an issue, as the only way to use these applications was to have a unlocked device, which required either developer membership for $99 or a series of complicated steps. However, now, thanks to the release of ChevronWP7 Labs, things are becoming more and more interesting.

Obviously, the opposition and issues with piracy are the #1 reason why homebrew has been fought against for so long. Having developers experiment with the phones isn't the issue; rather, the risk of hurting the Marketplace sales, and in turn the developers, is.

Thankfully, according to a fabulous article by Ars Technica that summarizes the homebrew situation, there may be some hope for both homebrew and Marketplace developers alike. Somewhere on the way is a new form of encryption, something that will sit server side and prevent applications from being ripped off as they are today. Ars says:

"...piracy concerns are still an issue. It's possible to download application packages from Microsoft's servers and install them onto a developer unlocked phone without actually buying them.

That will change. Windows Phone 7.5 "Mango" includes support for a new kind of encrypted package that should rule out this kind of piracy. Microsoft is waiting to ensure that a high enough proportion of users have upgraded to Mango before throwing the switch and using these encrypted packages, however."

This is of course good news. But it begs to question why this hasn't been around since the beginning, or at least much earlier. Even requiring a basic token-based login system between the phone and Marketplace server would have put a plug in this, and is SSL really that hard to use? In fact, it begs to question why homebrew has been attacked from the beginning, while Marketplace security has stayed at a minimum. And why is interop-level code disabled, which has nothing to do with piracy? And finally, if Microsoft's is encrypting the Marketplace, why are we still paying for Chevron?

[Via: wpcentral; Source: Ars Technica]