Better solution; 1) App developer registers supplying postal address & credit card details. 2) Google does an auth on the card details including an AVS check (AVS can be done outside the US). 3) Google sends a PIN/Password to the supplied postal address. 4) Developers have to enter the PIN/Password before being able to list apps.
This gives a few advantages; - Google does an auth but doesn't send the transaction for settlement. This means the developer isn't charged. - The use of AVS and sending a PIN/Password to the address by post means that if something bad does happen the police have a place to start looking with a reasonable level of certainty that someone at that address knows something. If Google wanted to cover their costs they could charge $5 instead of just doing an auth. The big problem as I can see it with the current system is that there is not verification of the information used to log into the AppStore, so a malicious developer could register using a credit card, supply the card holders address, but because nothing is sent to that address the real card hold may know nothing about it. By sending a PIN/Password to the address and requiring it's use before the account is live you get a higher level of confidence that the card holder is the developer. Al. P.S. for more on AVS see http://www.outsidethecode.com/faq/address_verification.aspx, and despite what the article says you can get AVS in non-US countries, the UK had it in place before it was widely adopted in the US. Incognito wrote: > Yeah, I guess there are a lot of ways to defeat this. But that still > leaves a trail. Is better than just leaving the doors wide open. > Notice that rather then just posting the bad app the developer still > has to go through the extra steps of stealing the clone card. Every > extra step just makes it a bit more dificult and probably increases > the chances of getting caught. For that matter, $25 dollars and $199 > dollars is not that big of a difference for somebody creating a > malicious app if they have the potentail to make thousands of dollars. > It is still to soon to tell but so far I have not heard of any > malicious apps posted in the Apple AppStore. Rather, they are trying > to attack it from the outside. > > On Oct 25, 3:52 am, Al Sutton <[EMAIL PROTECTED]> wrote: > >> Incognito, >> >> Following scenario; >> >> 1) Malicious developer registers using cloned card details. >> 2) Approval takes a day (much longer and Google are going to start >> getting complaints). >> 3) Straight after approval developer posts "useful" app which uses >> contacts database. >> 4) Whilst doing useful functionality it posts contact details to a >> server in Russia/China/Nigeria/..... >> 5) Once cloned card details or app functionality are discovered app is >> pulled. >> >> or you could replace 3 and 4 with; >> >> 3) Straight after approval developer posts dialler application which >> dials premium rate calling service (not necessarily in the US). >> 4) Every call made using costs the user and benefits the developer >> >> Between 1 and 5 they could make a lot of money. >> >> See my point? >> >> Al. >> >> >> >> >> >> Incognito wrote: >> >>> AI, >>> >>> I'm going under the assumption here that if they use a payment method >>> that does not hide their identity we will at least be able to keep >>> track of the bad guys. Spammers never give out their identity if they >>> can help it because they will get black listed very quickly. >>> >>> On Oct 25, 3:30 am, Al Sutton <[EMAIL PROTECTED]> wrote: >>> >>>> Personally I don't think $25 is going to protect anyone, as has been >>>> said already $25 isn't a lot of money, and all the fee will do is >>>> attract malicious software which is aimed to make money quickly to cover >>>> the cost. >>>> >>>> Spammers will pay upto $1 per email, and premium rate call routing >>>> services can cost the earth per minute. I think that when we see malware >>>> (and it will be a when not an if), it'll hit hard and hit fast to ensure >>>> the $25 is recouped as quickly as possible. >>>> >>>> Al. >>>> >>>> Muthu Ramadoss wrote: >>>> >>>>> Here's my take: >>>>> >>>>> 1. Google, take the 25$.. keep the market clean. >>>>> 2. Run a monthly contest, and award say like 100$ for the best app of >>>>> the month. >>>>> >>>>> On Sat, Oct 25, 2008 at 4:17 AM, Incognito <[EMAIL PROTECTED] >>>>> <mailto:[EMAIL PROTECTED]>> wrote: >>>>> >>>>> Guys, >>>>> >>>>> First of all, I'm back! Second of all, what is up with the whining? >>>>> $25 dollars is not bad at all. It will help keep everybody honest. >>>>> Specially if anybody is trying to to post malicious apps. As mentioned >>>>> by other people, you do not have to post your app in the android >>>>> market. Go ahead and host it in your own website. >>>>> >>>>> On Oct 24, 5:22 pm, "Shane Isbell" <[EMAIL PROTECTED] >>>>> <mailto:[EMAIL PROTECTED]>> wrote: >>>>> > The problem is less the money but more the situation. You had a >>>>> lot of >>>>> > developers come in last November when Android was nothing but a >>>>> buggy SDK. >>>>> > These developers worked their tails off (in part because of the >>>>> money Google >>>>> > was dangling in their faces), some quit there jobs, wreaked >>>>> their lives for >>>>> > it. Then when the ADC was over, Google had a bunch of apps and a >>>>> largely >>>>> > tested SDK. Google could now go to the carriers and say, "We >>>>> have something >>>>> > to offer." >>>>> >>>>> > Then Google clammed up, withheld the SDK, didn't tell the >>>>> community about it >>>>> > and refused to respond to answers when it became known. Strike 1. >>>>> >>>>> > Then the developers waited for the open system to deliver their >>>>> apps and be >>>>> > able to compete against those on the inside track. Google >>>>> witheld that >>>>> > option as well: Strike 2 >>>>> >>>>> > Now we find out about the 30% witholding and 25 dollar fees. >>>>> It's not that >>>>> > these are very different than industry norms, but to some >>>>> developers, who >>>>> > were sacrificing so much, to find out they were a tool for >>>>> validating >>>>> > Android for Google, only to have to start shoving money out of >>>>> their pocket, >>>>> > adds salt to the wound. Maybe Google should donate that 25 fee >>>>> to a good >>>>> > cause, if its just to discourage bad apps from the app market. I >>>>> also think >>>>> > Google should wave the fee for all ADC entrants, after all >>>>> haven't they >>>>> > proven their commitment to the platform? >>>>> >>>>> > Shane >>>>> >>>>> > On Fri, Oct 24, 2008 at 2:04 PM, Ed Burnette >>>>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: >>>>> >>>>> > > Not to worry, you can always host a .apk file on your web site >>>>> (taking >>>>> > > care to give it the right MIME type) and educate people to >>>>> turn on the >>>>> > > "Allow install of non-Market applications" option. Or use one >>>>> of the >>>>> > > other app stores. Or stick a Paypal donate button on your site and >>>>> > > collect $25 from fans then use that to pay Google. Lots of >>>>> options. >>>>> >>>>> > > On Oct 22, 3:12 pm, "Ewan Grantham" <[EMAIL PROTECTED] >>>>> <mailto:[EMAIL PROTECTED]>> wrote: >>>>> > > > Well, I'm going to have to seriously rethink releasing a >>>>> free application >>>>> > > if >>>>> > > > I have to pay for the privilege. Yes, I know I can use the >>>>> alternate >>>>> > > markets >>>>> > > > if I don't want to pay, but that cuts out a lot of potential >>>>> users. >>>>> >>>>> > > > Would have been nice to have been told about this before I: >>>>> > > > a) coded the app >>>>> > > > b) put it in the wild on a couple of the alternate marketplaces >>>>> >>>>> > > > because now I either have to withdraw and resubmit, or >>>>> decide it's not >>>>> > > > something worth the trouble. >>>>> >>>>> > > > Anyone who has pulled down a copy of "Mars Lander" care to >>>>> tell me >>>>> > > > (privately at my email address, not through the list) if you >>>>> think it's >>>>> > > > worth a couple of bucks or not? >>>>> >>>>> > > > On Wed, Oct 22, 2008 at 12:14 PM, Mark Murphy >>>>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> >>>>> > > >wrote: >>>>> >>>>> > > > > Al Sutton wrote: >>>>> >>>>> >>>>> >http://android-developers.blogspot.com/2008/10/android-market-now-ava. >>>>> > > .. >>>>> >>>>> > > > > Even more than the $25 is the 30% cut for the carriers. >>>>> That definitely >>>>> > > > > leaves plenty of room for competing markets, particularly >>>>> if developers >>>>> > > > > pass some of the savings on to the consumers. >>>>> >>>>> > > > > -- >>>>> > > > > Mark Murphy (a Commons Guy) >>>>> > > > >http://commonsware.com >>>>> > > > > _The Busy Coder's Guide to Android Development_ Version >>>>> 1.3 Published!- Hide quoted text - >>>>> >>>>> > - Show quoted text - >>>>> >>>>> -- >>>>> take care, >>>>> Muthu Ramadoss. >>>>> >>>>> http://mobeegal.in-mobile search. redefined. +91 98403 48914 >>>>> >>>> -- >>>> Al Sutton >>>> >>>> W:www.alsutton.com >>>> B: alsutton.wordpress.com >>>> T: twitter.com/alsutton- Hide quoted text - >>>> >>>> - Show quoted text - >>>> >> -- >> Al Sutton >> >> W:www.alsutton.com >> B: alsutton.wordpress.com >> T: twitter.com/alsutton- Hide quoted text - >> >> - Show quoted text - >> > > > -- Al Sutton W: www.alsutton.com B: alsutton.wordpress.com T: twitter.com/alsutton --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
