Yeah, This would be superior way. I doubt google would go that far though. We are all too used to doing things instantly.
On Oct 25, 4:31 am, Al Sutton <[EMAIL PROTECTED]> wrote: > Better solution; > > 1) App developer registers supplying postal address & credit card details. > 2) Google does an auth on the card details including an AVS check (AVS > can be done outside the US). > 3) Google sends a PIN/Password to the supplied postal address. > 4) Developers have to enter the PIN/Password before being able to list apps. > > This gives a few advantages; > > - Google does an auth but doesn't send the transaction for settlement. > This means the developer isn't charged. > - The use of AVS and sending a PIN/Password to the address by post means > that if something bad does happen the police have a place to start > looking with a reasonable level of certainty that someone at that > address knows something. > > If Google wanted to cover their costs they could charge $5 instead of > just doing an auth. > > The big problem as I can see it with the current system is that there is > not verification of the information used to log into the AppStore, so a > malicious developer could register using a credit card, supply the card > holders address, but because nothing is sent to that address the real > card hold may know nothing about it. By sending a PIN/Password to the > address and requiring it's use before the account is live you get a > higher level of confidence that the card holder is the developer. > > Al. > > P.S. for more on AVS > seehttp://www.outsidethecode.com/faq/address_verification.aspx, and despite > what the article says you can get AVS in non-US countries, the UK had it > in place before it was widely adopted in the US. > > > > Incognito wrote: > > Yeah, I guess there are a lot of ways to defeat this. But that still > > leaves a trail. Is better than just leaving the doors wide open. > > Notice that rather then just posting the bad app the developer still > > has to go through the extra steps of stealing the clone card. Every > > extra step just makes it a bit more dificult and probably increases > > the chances of getting caught. For that matter, $25 dollars and $199 > > dollars is not that big of a difference for somebody creating a > > malicious app if they have the potentail to make thousands of dollars. > > It is still to soon to tell but so far I have not heard of any > > malicious apps posted in the Apple AppStore. Rather, they are trying > > to attack it from the outside. > > > On Oct 25, 3:52 am, Al Sutton <[EMAIL PROTECTED]> wrote: > > >> Incognito, > > >> Following scenario; > > >> 1) Malicious developer registers using cloned card details. > >> 2) Approval takes a day (much longer and Google are going to start > >> getting complaints). > >> 3) Straight after approval developer posts "useful" app which uses > >> contacts database. > >> 4) Whilst doing useful functionality it posts contact details to a > >> server in Russia/China/Nigeria/..... > >> 5) Once cloned card details or app functionality are discovered app is > >> pulled. > > >> or you could replace 3 and 4 with; > > >> 3) Straight after approval developer posts dialler application which > >> dials premium rate calling service (not necessarily in the US). > >> 4) Every call made using costs the user and benefits the developer > > >> Between 1 and 5 they could make a lot of money. > > >> See my point? > > >> Al. > > >> Incognito wrote: > > >>> AI, > > >>> I'm going under the assumption here that if they use a payment method > >>> that does not hide their identity we will at least be able to keep > >>> track of the bad guys. Spammers never give out their identity if they > >>> can help it because they will get black listed very quickly. > > >>> On Oct 25, 3:30 am, Al Sutton <[EMAIL PROTECTED]> wrote: > > >>>> Personally I don't think $25 is going to protect anyone, as has been > >>>> said already $25 isn't a lot of money, and all the fee will do is > >>>> attract malicious software which is aimed to make money quickly to cover > >>>> the cost. > > >>>> Spammers will pay upto $1 per email, and premium rate call routing > >>>> services can cost the earth per minute. I think that when we see malware > >>>> (and it will be a when not an if), it'll hit hard and hit fast to ensure > >>>> the $25 is recouped as quickly as possible. > > >>>> Al. > > >>>> Muthu Ramadoss wrote: > > >>>>> Here's my take: > > >>>>> 1. Google, take the 25$.. keep the market clean. > >>>>> 2. Run a monthly contest, and award say like 100$ for the best app of > >>>>> the month. > > >>>>> On Sat, Oct 25, 2008 at 4:17 AM, Incognito <[EMAIL PROTECTED] > >>>>> <mailto:[EMAIL PROTECTED]>> wrote: > > >>>>> Guys, > > >>>>> First of all, I'm back! Second of all, what is up with the whining? > >>>>> $25 dollars is not bad at all. It will help keep everybody honest. > >>>>> Specially if anybody is trying to to post malicious apps. As > >>>>> mentioned > >>>>> by other people, you do not have to post your app in the android > >>>>> market. Go ahead and host it in your own website. > > >>>>> On Oct 24, 5:22 pm, "Shane Isbell" <[EMAIL PROTECTED] > >>>>> <mailto:[EMAIL PROTECTED]>> wrote: > >>>>> > The problem is less the money but more the situation. You had a > >>>>> lot of > >>>>> > developers come in last November when Android was nothing but a > >>>>> buggy SDK. > >>>>> > These developers worked their tails off (in part because of the > >>>>> money Google > >>>>> > was dangling in their faces), some quit there jobs, wreaked > >>>>> their lives for > >>>>> > it. Then when the ADC was over, Google had a bunch of apps and a > >>>>> largely > >>>>> > tested SDK. Google could now go to the carriers and say, "We > >>>>> have something > >>>>> > to offer." > > >>>>> > Then Google clammed up, withheld the SDK, didn't tell the > >>>>> community about it > >>>>> > and refused to respond to answers when it became known. Strike 1. > > >>>>> > Then the developers waited for the open system to deliver their > >>>>> apps and be > >>>>> > able to compete against those on the inside track. Google > >>>>> witheld that > >>>>> > option as well: Strike 2 > > >>>>> > Now we find out about the 30% witholding and 25 dollar fees. > >>>>> It's not that > >>>>> > these are very different than industry norms, but to some > >>>>> developers, who > >>>>> > were sacrificing so much, to find out they were a tool for > >>>>> validating > >>>>> > Android for Google, only to have to start shoving money out of > >>>>> their pocket, > >>>>> > adds salt to the wound. Maybe Google should donate that 25 fee > >>>>> to a good > >>>>> > cause, if its just to discourage bad apps from the app market. I > >>>>> also think > >>>>> > Google should wave the fee for all ADC entrants, after all > >>>>> haven't they > >>>>> > proven their commitment to the platform? > > >>>>> > Shane > > >>>>> > On Fri, Oct 24, 2008 at 2:04 PM, Ed Burnette > >>>>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]>> wrote: > > >>>>> > > Not to worry, you can always host a .apk file on your web site > >>>>> (taking > >>>>> > > care to give it the right MIME type) and educate people to > >>>>> turn on the > >>>>> > > "Allow install of non-Market applications" option. Or use one > >>>>> of the > >>>>> > > other app stores. Or stick a Paypal donate button on your site > >>>>> and > >>>>> > > collect $25 from fans then use that to pay Google. Lots of > >>>>> options. > > >>>>> > > On Oct 22, 3:12 pm, "Ewan Grantham" <[EMAIL PROTECTED] > >>>>> <mailto:[EMAIL PROTECTED]>> wrote: > >>>>> > > > Well, I'm going to have to seriously rethink releasing a > >>>>> free application > >>>>> > > if > >>>>> > > > I have to pay for the privilege. Yes, I know I can use the > >>>>> alternate > >>>>> > > markets > >>>>> > > > if I don't want to pay, but that cuts out a lot of potential > >>>>> users. > > >>>>> > > > Would have been nice to have been told about this before I: > >>>>> > > > a) coded the app > >>>>> > > > b) put it in the wild on a couple of the alternate > >>>>> marketplaces > > >>>>> > > > because now I either have to withdraw and resubmit, or > >>>>> decide it's not > >>>>> > > > something worth the trouble. > > >>>>> > > > Anyone who has pulled down a copy of "Mars Lander" care to > >>>>> tell me > >>>>> > > > (privately at my email address, not through the list) if you > >>>>> think it's > >>>>> > > > worth a couple of bucks or not? > > >>>>> > > > On Wed, Oct 22, 2008 at 12:14 PM, Mark Murphy > >>>>> <[EMAIL PROTECTED] <mailto:[EMAIL PROTECTED]> > >>>>> > > >wrote: > > >>>>> > > > > Al Sutton wrote: > > >>>>> > >>>>> >http://android-developers.blogspot.com/2008/10/android-market-now-ava. > >>>>> > > .. > > >>>>> > > > > Even more than the $25 is the 30% cut for the carriers. > >>>>> That definitely > >>>>> > > > > leaves plenty of room for competing markets, particularly > >>>>> if developers > >>>>> > > > > pass some of the savings on to the consumers. > > >>>>> > > > > -- > >>>>> > > > > Mark Murphy (a Commons Guy) > >>>>> > > > >http://commonsware.com > >>>>> > > > > _The Busy Coder's Guide to Android Development_ Version > >>>>> 1.3 Published!- Hide quoted text - > > >>>>> > - Show quoted text - > > >>>>> -- > >>>>> take care, > >>>>> Muthu Ramadoss. > > >>>>>http://mobeegal.in-mobilesearch. redefined. +91 98403 48914 > > >>>> -- > >>>> Al Sutton > > >>>> W:www.alsutton.com > >>>> B: alsutton.wordpress.com > >>>> T: twitter.com/alsutton- Hide quoted text - > > >>>> - Show quoted text - > > >> -- > >> Al Sutton > > >> W:www.alsutton.com > >> B: alsutton.wordpress.com > >> T: twitter.com/alsutton- Hide > > ... > > read more »- Hide quoted text - > > - Show quoted text - --~--~---------~--~----~------------~-------~--~----~ You received this message because you are subscribed to the Google Groups "Android Discuss" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [EMAIL PROTECTED] For more options, visit this group at http://groups.google.com/group/android-discuss?hl=en -~----------~----~----~----~------~----~------~--~---
