[mr_donk]

There's 2 parts to AirTunes (the part of AirPlay that Airfoil and AirFloat use), Sending and Receiving. Up to now, AirFoil only used the AirTunes protocol to SEND streams to AirPlay devices. If you reverse engineer the protocol you can send to any AirPlay device. No problem.

It's harder to make an AirPlay receiver, because iTunes won't send anything to an AirPlay receiver that doesn't encrypt the request with the proper private key.

You can only get this key legitimately by licensing AirPlay from Apple (which is why all AirPlay compatible speakers are licensed by Apple).

Someone managed to extract the private key from an AirPort express by removing the flash chip and reading it externally. They then published this "stolen" key on the web. Prior to that, it was impossible to make anything that would receive AirPlay streams from iTunes, even though the protocol was widely understood (it's basically just RTSP).

A bunch of open source implementations on other platforms (PC/Mac/Windows) were released.

Rogue Amoeba's AirFoil speakers for Mac/PC included this functionality. However, up until this last update, they never included it in their iOS application. Their stated reason for this was they couldn't figure out a revenue stream to make this work (AirFoil implements it's own music transmission protocol. You bought the Mac software for $20, then got the receiver software for free. Under this model, making the free product able to receive streams from iTunes without the Mac software would have cut out their revenue producing server from the picture). The latest release included this AirPlay receiving feature as an in-App purchase. Since they've had the code to do this for a while, and it seems like this method is probably preferable to most users and therefore likely more profitable, the delay seems odd.

My speculation is, they've been using the "stolen" key, and were hesitant to draw attention to themselves by trying to get software using it approved on the app store. Eventually potential profit won out, and they went for it. It got approved by the (probably) less technically savvy app review team that doesn't know about the requirements of a licensed key to make AirPlay reception work. It was noticed later by some Apple engineer who is familiar with the protocol and was then pulled.

Since the private key is necessary to make this feature work, they either needed to license it or use the "stolen" AirPort Express key. If they licensed it, I don't think Apple would be pulling it. Since Apple does license this to people, it would be unfair to their licensees to turn a blind eye to people using the "stolen" key. If it became apparent they were letting it slide, it would lead to a proliferation of unlicensed (potentially crappy/flakey) devices that might not meet Apple's quality standards.

I think the speculation about Apple wanting to include something similar in a future iOS release is irrelevant here. Maybe they would, but I think this reasoning seems more likely.

[fpgeek]

> There's 2 parts to AirTunes (the part of AirPlay that Airfoil and AirFloat use), Sending and Receiving. Up to now, AirFoil only used the AirTunes protocol to SEND streams to AirPlay devices. If you reverse engineer the protocol you can send to any AirPlay device. No problem.

How do you know there's no problem with AirPlay sending?

Other than Apple's past behavior (which, as shown here and many other places, is no guarantee of future results) I'd have thought the correct assumption is that Apple wouldn't want anything to do with unlicensed implementations of either side of the AirPlay protocol.

[mr_donk]

That's a good point... I based my assumption on the fact that they require a private key for receiving, but not sending.

I guess that doesn't necessarily prove anything...

[shawnc]

Really good reply. Thank you.

[mikeash]

I object to your continued use of "stolen" etc. I believe extracting the key for the proposes of interoperability is still legitimate, even if Apple doesn't like it.

Let's say that's the reason, in any case. Why would Apple pull the whole app rather than simply making them remove the key and reverting back to the old functionality? Some petty sense of retribution?

[mr_donk]

I did put stolen in quotes every time I used it because I'm not sure that is the correct term.

Here's how I see it. AirPlay is something Apple sells a license to. Assume Rogue Amoeba didn't buy a license, but used someone else's, and then sold the functionality that buying the license would have entitled them to.

What's that? Piracy? DMCA violation? Within Rogue Amoeba's rights? I don't know. Is Apple allowed to lock things down by requiring keys? Maybe they're in the wrong.

To me, this is similar to trying to sell software that uses DeCSS to play DVDs rather than licensing CSS. Regardless of my opinion, it doesn't seem to be legal (in the US, anyway).

Is that legitimate? If so, how is it different than other forms of piracy?

[mikeash]

DeCSS is only illegal because it circumvents the copy protection system on DVDs. Absent that, there would be nothing allowing the DVD people to force companies to license CSS rather than simply cracking it.

As far as I know, Apple is allowed to lock things down by requiring keys, and other people are allowed to crack Apple's lockdown if they can.

[mr_donk]

That's my point. Isn't getting the private AirTunes key equivalent to the DeCSS case?

If Apple had just made a proprietary undocumented protocol, that'd be one thing, and I'd agree that Apple wouldn't be able to force licenses on people. Absent the private key, there wouldn't be anything to stop you.

However, they made a proprietary protocol, sold licenses to use it and implemented a key enforce the license. Isn't circumventing the private key equivalent to circumventing copy protection? They obviously intended to restrict it to licensees, the way the DVD people intended to restrict CSS to licensees.

Wasn't there some case where printer manufacturers were doing something to stop 3rd parties from making cheaper ink/toner? How did that go? Maybe it's a more apt comparison (for the record, I honestly don't remember how this case turned out, so I don't know if I'm helping or hurting my argument).

[mikeash]

The key long predates any licensing deals. In fact, the system used for licensing is different from the one that the key in question applies to. The AirTunes/AirPlay system has changed over the years, and the key that was extracted is for an older (but still supported) system than in used for third-party licensees.

I don't see how it would be covered by the DMCA like DeCSS is, as the encryption is not for a DRM system.

Even if it is, well, I think most of us will agree that cracking encryption for the purposes of circumventing DRM for legitimate purposes should be allowed. But of course that gets us into discussions of how things are versus how things should be.