Re: [android-developers] Re: HTTPS access to PlayStore is very very very bad idea!

[Raymond C. Rodgers]

What about the device and possibly user account information that might
get transmitted as part of the download process? Encrypting the package
while leaving meta data exposed will not help keep the application,
device, or user account secure.

On 5/17/2016 2:27 AM, Tourism SecondGuide wrote:
> A better solution would be to secure the package
>
> Le samedi 14 mai 2016 18:03:40 UTC+2, bjv a écrit :
>
> So what you are saying is that Apple is better because they enable
> a MITM attack against your apps when being downloaded, perhaps
> letting criminals replace your app with their modified one?
>
> -- 
> You received this message because you are subscribed to the Google
> Groups "Android Developers" group.
> To unsubscribe from this group and stop receiving emails from it, send
> an email to android-developers+unsubscr...@googlegroups.com
> .
> To post to this group, send email to
> android-developers@googlegroups.com
> .
> Visit this group at https://groups.google.com/group/android-developers.
> To view this discussion on the web visit
> https://groups.google.com/d/msgid/android-developers/392d51b7-25ac-495f-9bc4-ee43b466356e%40googlegroups.com
> .
> For more options, visit https://groups.google.com/d/optout.

-- 
You received this message because you are subscribed to the Google Groups 
"Android Developers" group.
To unsubscribe from this group and stop receiving emails from it, send an email 
to android-developers+unsubscr...@googlegroups.com.
To post to this group, send email to android-developers@googlegroups.com.
Visit this group at https://groups.google.com/group/android-developers.
To view this discussion on the web visit 
https://groups.google.com/d/msgid/android-developers/573B7B24.3040003%40badlucksoft.com.
For more options, visit https://groups.google.com/d/optout.

Re: [android-developers] Testing in-app purchases is incompatible with monotonically increasing Android versions

[Raymond C. Rodgers]

I may be mistaken, but I think that with the first apk uploaded to test 
with, you can then distribute updated debug copies outside of the Play 
Store/developer console and the correct (or at least updated) behavior 
will be exhibited in those debug copies. As far as I know, you only need 
to have an initial apk in the developer console so you can create the 
in-app items and debug prior to release.


I *don't think* you have to continually upload the updated the apk as 
you work on the app.


I also think that if it bothers you to have the version code set at 
something other than 1 when you're ready to release the app that you can 
actually delete the app entry from the console, upload the final apk, 
and recreate the items. I *don't think* you'd have to change the package 
name for that to work properly.


Everything I'm saying here (with the exception of this statement) should 
be taken with a grain of salt; I haven't created an app using in-app 
billing at this point. I could be completely wrong about these behaviors.


Raymond
On 12/15/2012 7:19 PM, Keith Wiley wrote:
Yeah, I know, but I still want to use the versionCode to label public 
releases, not just one-off momentary debug versions.  I'm not even 
talking about officially versioned betas here, I'm just talking about 
pushing the code through a rapid build-test-debug-fix cycle.  Every 
time I want to try another little thing on out in-app purchasing I 
have to delete the entire app profile and start over.


On Saturday, December 15, 2012 1:24:43 PM UTC-8, mbanzon wrote:

In your manifest you should have both android:versionCode and
android:versionName attributes. The versionCode is the one you
need to
increment but the versionName is the one the user sees and that one
can be whatever you like afaik.

On Sat, Dec 15, 2012 at 10:15 PM, Keith Wiley kbw...@gmail.com
javascript: wrote:
 I'm debugging in-app purchases.  This requires me to create the
app profile
 on the console and upload the apk (but not necessarily publish
it).  With an
 invited test gmail account, I can then test in-app purchases.
 The problem
 is, there is no way to upload changes to the app if I have to
fix something.
 Say I upload an apk with version number 1.  Google requires that
I increase
 the apk number with every upload, so I have to increase the
number to 2 to
 change the code, and version 3 to change it again.  I may go
through
 numerous iterations of development getting the final code in
place...but
 none of these are actual new releases, the app isn't even
published yet!  I
 want the first published version to be version 1, regardless of
any initial
 testing and there doesn't seem to be any way to do this.  If I
delete the
 apk from the app description in the hopes of wiping out the
version numbers
 so I can upload an apk with version 1, the ENTIRE app profile is
destroyed
 and I have to create a new one from scratch, including the required
 screenshot uploads and other tedium unrelated to testing.  This
imposes a
 tremendous burden on the debugging process.

 Is there any way to do what I am trying to accomplish here?  I
am at a loss.

 Thank you.

-- 
Michael Banzon

http://michaelbanzon.com/

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en 


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] WTH?

[Raymond C. Rodgers]

Because you're supposed to define that exception handling yourself, just 
like the rest of it?

On 12/11/2012 1:31 PM, Larry Meadors wrote:

This is in the android.test.ActivityUnitTestCase code:

try{
   // do some stuff here to build the activity to test
} catch (Exception e) {
   assertNotNull(newActivity);
}

Why isn't that exception logged, re-thrown, or even it's .toString()
included in the assertion failure?

IMO, this is a text book How not to handle an error ever. example.

Larry



--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: How can I use Google Maps in Android Apps

[Raymond C. Rodgers]

On 4/5/2012 4:51 PM, g...@deanblakely.com wrote:

I don't actually mean I can't get an answer from anyone.  the
answers I have gotten here and on StackOverflow are
that Google Doesn't keep this mapview current.  In other words my
answers were that they just let it go.  A more accurate statement s
that I can't get the answer I want.

So, knowing that they are not idiots, I'm guessing your humble opinion
is right - they don't want to make their best maps available to 3rd
party developers.  Bing Maps for Android hit a wall for some reason.

On Windows Phone 7 Microsoft is breaking their back to provide the
very best tools for free as they are trying to get some market share.

I'll look at your OSMDroid and OpenStreetMap.
Thanks,
Gary
It's my understanding, though I surely don't know for absolute fact, 
that the Google Maps Android API gets its data and tiles from the exact 
same source that the web version does. The API itself likely isn't even 
7 years old; don't forget, Android's SDK has only been available since 
August 2008, and the Google Maps API (while originally included as part 
of the Android SDK) has been updated at least once since then (so that 
it's no longer a part of the Android SDK). Since I started tinkering 
around with Android, GPS, and the Maps API, I've noticed the maps of my 
city  state get updated periodically. Perhaps, for whatever reason, 
they haven't been quite as active in your neck of the woods, but like 
Mark said, you're hardly limited to Google's solution.


Raymond

P.S. Are you using a Google Maps library downloaded from the web or the 
one that's included in the SDK?


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: SSL/TLS and ECC (Elliptic curve cryptography)

[Raymond C. Rodgers]

I don't know much about EC, but if the provided HTTPS support doesn't 
work with it, you could always build your own class to implement a 
simplified version of the protocol over your SSL/EC transport. If you're 
interested in following that path, you can find the HTTP specifications 
at http://www.w3.org/Protocols/rfc2616/rfc2616.html ; but the simplest 
HTTP request header would look something like this:


GET /whatever.php HTTP/1.0
Host: myserver.com

While the simplest POST HTTP request might look like:

POST /responseform.php HTTP/1.0
Host: myserver.com
Content-Length: 25
Content-Type: application/x-www-form-urlencoded

whatever=ahhaahdata=test

Of course, then you also have to interpret the responses from the server 
correctly too, but in general, it's simpler than you might expect to a 
very basic implementation of HTTP. Note that I specify HTTP/1.0 above 
rather than the usual 1.1; this basically tells the servers to be a 
little more lenient with regards to the requests that are made to it as 
the HTTP 1.0 clients rarely fully implemented all the suggested [and 
sometimes required] features of the specifications.  If you follow this 
path, I recommend reading the specs all the way through at least once.


Raymond
On 2/6/2012 4:12 AM, Kosmo Kosmorum wrote:

Thanks for your replay.

We try to run this app on a Android 2.2, because it is the minimum
target we need to handle, so we don't know if this solution works with
other type of clients. We know that the certificates and server
configuration are good because we can test the communication with a
IE7 or with a Firefox client on a PC.

In my previous message I said that there was a link where we can read
that there is a way to have EC working on a 2.2 device, but not
applied to a HTTPS connection , only related to cyphering
functionality.

Do you think this is not supported directly by https?

Thanks in advance



--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Should I buy my own apps?

[Raymond C. Rodgers]

On 12/9/2011 2:35 PM, TreKing wrote:
On Fri, Dec 9, 2011 at 11:34 AM, sblantipodi 
perini.dav...@dpsoftware.org mailto:perini.dav...@dpsoftware.org 
wrote:


Should I really buy my own apps?


Is that rhetorical? You can't do this anyway.


Actually, I needed to do that very thing some months ago and succeeded 
like buying any other app. In my case either my LVL code wasn't right or 
something else was going wrong, and my app was ignoring the Market 
setting to respond as authorized for my email address. I bought my own 
app to get my app to work properly, just pushing the APK to the device 
wasn't enough.


Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: Strikethru Differennt Color Than Text

[Raymond C. Rodgers]

It's probably a font, not code. Most fonts have a strikethru character 
set and the operating  system simply chooses it when indicated. I don't 
have an answer for this particular request other than the possibility of 
using a custom font, and then I'm not sure if it's possible to use it 
within an Android app...


On 11/19/2011 9:41 PM, Zsolt Vasvari wrote:

Get the source code for the class that implements strikethru and
modiify it to your liking.

On Nov 20, 4:43 am, Jayjohnabloodwor...@gmail.com  wrote:

Is it possible to to create a span of text in a textview in which the
strikethru line is a different color than the text. I cannot find much
documentation on the SpannableString interface.

Thanks,
Jay


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Huawei Ascend

[Raymond C. Rodgers]

I mentioned in another thread a few weeks ago that I never managed to 
get it working under Linux via USB because adb never recognized it. (My 
G1 and Nexus One were simple enough to get configured, but the MetroPCS 
version of the Ascend never got there.) I ended up rooting the phone, 
installing the super user app in the Market, and then using the wireless 
adb app also in the Market in order to develop with it.


Raymond

On 3/30/2011 7:09 PM, Mark Murphy wrote:

If that is Windows, make sure you have the proper device drivers:

http://developer.android.com/sdk/oem-usb.html

On Wed, Mar 30, 2011 at 7:03 PM, bobb...@coolgroups.com  wrote:

Can someone tell me if the Huawei Ascend works for Android
development?

I got one, and I'm stuck here in Eclipse:

http://i1190.photobucket.com/albums/z449/m75214/ascend-phone.png

Any ideas?

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en






--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] SharedPreferences.Editor.apply() -- very confused

[Raymond C. Rodgers]

I think what Dianne was suggesting might be something like doing a 
switch on the user's Android version... This isn't necessarily working 
code but should give you an idea:


Edit e = prefs.Editor();
e.put(Whatever,Data);
switch(android.os.Build.VERSION)
{
case Build.GINGERBREAD:
 e.apply();
break;
default:
   e.commit();
}

It's simple enough unless you have your preference writing routines 
scattered all over the place, in which case you could simply write a 
function to write preferences.


Raymond
On 12/14/2010 12:14 AM, shareem sharif wrote:

ture but no

On Mon, Dec 13, 2010 at 8:28 PM, Dianne Hackborn hack...@android.com 
mailto:hack...@android.com wrote:


You should do this based on API level.  If an API is not
documented as available prior to a particular version, there are
no guarantees what any existing method would do in the earlier
versions.  For example, not infrequently a new API is being
developed but hidden from a particular release because it is not
ready yet due to being buggy or other reasons that could cause you
trouble.  (I have no idea if that is the case here, but best to be
safe.)

On Mon, Dec 13, 2010 at 7:59 PM, Zsolt Vasvari zvasv...@gmail.com
mailto:zvasv...@gmail.com wrote:

As per the StrictMode article (

http://android-developers.blogspot.com/2010/12/new-gingerbread-api-strictmode.html
), I devided to switch over using apply() instead of commit()
for my
SharedPreferences.

So I wrote my nice conditional logic based on the API level and to
test to see what happens, I ran it on my 2.2 Nexus One, fully
expecting a VerifyError because of the missing API.  To my
surprise, I
didn't get that error.  So I fired up the emulator and
confirmed that
all the day down to Level 7, the supposedly new API does not
trigger a
VerifyError.  It does level 4 or below as expected.

What's going on here?  Has the apply() method really been
there since
Level 7 undocumented?  If so, is it safe for me to check if the
current API level = 7 and use apply()?

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to
android-developers@googlegroups.com
mailto:android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
mailto:android-developers%2bunsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en




-- 
Dianne Hackborn

Android framework engineer
hack...@android.com mailto:hack...@android.com

Note: please don't send private questions to me, as I don't have
time to provide private support, and so won't reply to such
e-mails.  All such questions should be posted on public forums,
where I and others can see and answer them.


-- 
You received this message because you are subscribed to the Google

Groups Android Developers group.
To post to this group, send email to
android-developers@googlegroups.com
mailto:android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
mailto:android-developers%2bunsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en 


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: EditText and auto-complete/correct

[Raymond C. Rodgers]

Well, I'm just trying to create a memo field in this case, where the 
user can enter arbitrary text as a note to him or herself. From what 
I've seen and read, setting the android:inputType attribute chooses an 
appropriate input method for on-screen typing (for instance on the Nexus 
One). I've been able to get this to work, more or less, in the 2.2 
emulator and on my Nexus One for numbers: I typically get a number only 
soft-keyboard. But what I want for this memo field is the 
auto-correct/auto-complete dictionary to appear at the top of the 
keyboard as seen in Google Search, the Facebook app, and others, but 
regardless of the combination of option flags I use for either EditText 
that does not appear.


On 12/13/2010 11:31 AM, Brill Pappin wrote:

I've been digging around in the keyboard code a bit, maybe I can help.

As I understand it, all text input should give you the options unless 
specifically turned off.
Also, it will be turned off for some input types e.g. phone numbers 
(actually pretty much most things that don't use the qwerty keyboard 
and have specialized keyboards).


If you give me an example of what your trying, and I'll see if I can 
find the logic that enables or disables the autocorrect.


- Brill Pappin
--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en 


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] EditText and auto-complete/correct

[Raymond C. Rodgers]

Thanks, but that's not quite what I'm referring to. I've gotten 
AutoCompleteTextView to work with items I have in a database, but I'm 
meant something more akin to this: 
http://betterandroid.files.wordpress.com/2009/07/preditcive-text.png?w=320h=480 
.


On 12/12/2010 11:57 PM, TreKing wrote:
On Sun, Dec 12, 2010 at 10:16 PM, Raymond Rodgers 
raym...@badlucksoft.com mailto:raym...@badlucksoft.com wrote:


But I'm not getting the auto-complete or autocorrect options. Is
there something I'm missing? Do I need to connect it to a
dictionary, and if so how?


http://developer.android.com/reference/android/widget/AutoCompleteTextView.html

-
TreKing http://sites.google.com/site/rezmobileapps/treking - Chicago 
transit tracking app for Android-powered devices


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en 


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] AppsLib (Archos store) is not legit?

[Raymond C. Rodgers]

A few months ago, I received a notice out of the blue that my app was 
being included at AppsLib and that I could click a link to manage the 
application at their site. They apparently skimmed some apps directly 
from Android Market to build their library, and then retroactively 
contacted the authors to invite them to use AppsLib. It took several 
days of me trying to contact them (during which I watched as my app went 
through their QA compatibility verification process), but they pulled my 
app when I explicitly told them they didn't have permission to use it on 
their site or system.


At this point, I consider them just barely more legal than pirates.
Raymond

On 11/9/2010 4:51 PM, SoftwareForMe.com SoftwareForMe.com wrote:

Hello,

What do you all know about AppsLib?

I know they were a small startup store who partnered with Archos to 
provide them with an app store on their devices.


Recently we found that they are distributing pirated software, 
including an old copy of our product, PhoneMyPC, for free.


We have contacted AppsLib several times, and Archos directly twice, 
only to be ignored by all parties.


We had AppsLib in our list of markets to release products into once 
our licensing mechanism is finalized, but we have now removed them and 
will not do business with them. I sincerely hope Archos device owners 
can download SAM from SlideMe, or some other reputable app market.


What's your experience? Is this unusual for that store, or is this 
just how they do business?


Warm regards,
Scott
SoftwareForMe Inc.
--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en 


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Possible to check .apk signature?

[Raymond C. Rodgers]

 Until now, I haven't really concerned myself with app piracy; I only 
have one app under my belt for Android, it's in beta and it's free. I'm 
about to start development on another app and looking to use ProGuard 
for obfuscation and LVL as I would like to make it a paid app, and I've 
been wondering something ever since the news that LVL had been 
circumvented months ago. Is it possible to check the .apk's signature 
from within the API? If not currently, perhaps Google might add some 
code to Android itself or to the API to enable LVL to make sure that the 
.apk signature matches the signature that Android Market already has on 
file?


Just a thought, not even necessarily a feasible one.
Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: Possible to check .apk signature?

[Raymond C. Rodgers]

 On 10/6/2010 6:44 PM, DanH wrote:

Supposedly PackageInfo.signatures[0] gives you the signature.
However, there's a Catch22:  You can't get the signature until the app
is packaged, and you can't modify the app to insert the signature
after it's been packaged.

It would be better if one could get the public key used to sign the
package, but that's apparently not accessible.
Actually, I originally intended that message to reference the public 
key, not the app signature, but I was suffering a mental brown-out at 
the time... :-p The key may be accessible to the OS, but not available 
via API... It would be nice to get a Google type to comment on this, but 
the thread is still relatively new...


Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Licensing

[Raymond C. Rodgers]

On 7/27/2010 2:11 PM, Shane Isbell wrote:
It's addressing a direct need of developers. From my perspective, I 
wonder what the impact will be for alternative stores, as they can't 
use the service.



http://groups.google.com/group/android-developers?hl=en
I imagine the alternative stores will implement a system very similar if 
not identical. Although this solution is new to Android, it's hardly 
unique or particularly difficult to implement, not to mention Google 
almost gives implementation details in the blog post and documentation. 
If the other stores don't adopt, adapt, or innovate, they likely won't 
be around long.


Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: Licensing

[Raymond C. Rodgers]

On 7/27/2010 2:28 PM, Mark Carter wrote:

I found this line confusing:

Adding licensing to an application does not affect the way the
application functions when run on a device that does not offer Android
Market.

I assume they don't mean that licensing checks are bypassed if there
is no Android Market (!) since this is down to the app's licensing
implementation...

I'm not really the person to ask, but it makes some sense. Basically, 
the whole thing is built around communication with and through the 
Android Market app. If the app isn't there, then the licensing doesn't 
work. I imagine, that the library will tell the application that the 
license checking failed and that the app isn't authorized to run on the 
device. However, theoretically, it's also possible then to build an app 
that will run on devices that don't have Android Market, and yet take 
advantage of the licensing if the device does. Take the Barnes and Noble 
Nook for example. I don't know if it has Android Market on it, but the 
device version should be able to run on all Nooks. If it were a paid app 
in the Market, not free like it currently is, they could then license it 
so that people can't get it for free through piracy.


Of course, this is just a guess and some rationalization has taken 
place... :-)

Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Licensing

[Raymond C. Rodgers]

On 7/27/2010 2:31 PM, Shane Isbell wrote:
The implementation that Google offers also embeds code, which is 
inherently insecure but the docs also says: For example, a 
copy-protected application cannot be downloaded from Market to a 
device that provides root access This would limit the ability of 
people to pull off the application off of a rooted device. Is it 
possible for third-parties to detect if it is a rooted device?
I'm not sure that this is inherently insecure. Yes, it does use 
libraries and a public key that will be embedded in the application, but 
public keys are designed to be shared. All the client side is doing is 
verifying information encrypted with the private key which isn't 
accessible, and providing that information to the application for it to 
manage as the developer decides. I may not have my security A game 
going today, but that sounds reasonably secure to me. The private key 
isn't even made available to the developer as I understand it, so the 
developer doesn't really have the option of shooting themselves in the 
foot with it.


As for detecting rooted devices... I have no idea. :-)
Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Licensing

[Raymond C. Rodgers]

On 7/27/2010 2:48 PM, Tommy wrote:

It would be interesting if other android market apps could buy or lease the
rights to the License Server or have their market checked just like it does
the google market records. Im sure if google wanted they could find a way to
make that work.

I have no doubt that Google could license the technique or availability 
of the license server to other markets, but I'm not sure if they'll see 
that as being in their business' best interests, or how profitable they 
think it could be. Although they are allowing other markets to be built, 
and allow outside applications to be installed on Android if the user 
enables that feature, they aren't exactly going out of their way to 
support the development and establishment of competitors. But they 
aren't actively trying to eliminate them either. It's the job of the 
competition to adopt, adapt, or innovate, and since alternative markets 
might not be able to adopt this change, they'll have to adapt or 
innovate, and find a similar or better solution. Until or unless Google 
decides to let them in of course... :-)


Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Licensing

[Raymond C. Rodgers]

On 7/27/2010 2:53 PM, Trevor Johns wrote:
On Tue, Jul 27, 2010 at 11:42 AM, Raymond C. Rodgers 
raym...@badlucksoft.com mailto:raym...@badlucksoft.com wrote:


I'm not sure that this is inherently insecure. Yes, it does use
libraries and a public key that will be embedded in the
application, but public keys are designed to be shared. All the
client side is doing is verifying information encrypted with the
private key which isn't accessible, and providing that information
to the application for it to manage as the developer decides. I
may not have my security A game going today, but that sounds
reasonably secure to me. The private key isn't even made available
to the developer as I understand it, so the developer doesn't
really have the option of shooting themselves in the foot with it.


In many ways, it's more secure to have the code embedded in the 
application (which is why we designed the library this way).


If the license check was performed solely by the OS, an attacker could 
just use a modified firmware image to bypass the checks for all 
applications on the system.


http://groups.google.com/group/android-developers?hl=en
Agreed. After I wrote my part above, I even thought of another 
possibility... I haven't checked the API thoroughly, but it maybe 
possible to store the public key on your own server, protected as you 
see fit, then when you do your licensing checks, you download the public 
key through whatever secure mechanism you feel is sufficient, do the 
check, and then discard the public key.


Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] I would like to be able to buy an app for a friend

[Raymond C. Rodgers]

On 7/27/2010 2:16 AM, Ryan IT Lab wrote:

I know this was brought up in this post: http://goo.gl/lBwE
But I would really like to be able to buy an app for someone.

A Girl I am dating just recently purchased a droid eris on my
suggestion -
She upgraded to 2.1 a couple days ago and lost the ability to forward
certain numbers to voicemail automatically

   
Actually, that functionality is still there, it just moved. Tell her to 
view the contact, then press the Menu button and then select Options. 
There should be an item called Incoming calls with the text Send 
calls directly to voicemail underneath it listed there.


Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Licensing

[Raymond C. Rodgers]

On 7/27/2010 8:19 PM, Dianne Hackborn wrote:
On Tue, Jul 27, 2010 at 11:59 AM, Raymond C. Rodgers 
raym...@badlucksoft.com mailto:raym...@badlucksoft.com wrote:


Agreed. After I wrote my part above, I even thought of another
possibility... I haven't checked the API thoroughly, but it maybe
possible to store the public key on your own server, protected as
you see fit, then when you do your licensing checks, you download
the public key through whatever secure mechanism you feel is
sufficient, do the check, and then discard the public key.


There is no need or advantage in protecting or dealing specially with 
the public key.  That's the beauty of public key encryption.


http://groups.google.com/group/android-developers?hl=en

I agree, but there are those nervous types... :-)
Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Andriod Email Flaw

[Raymond C. Rodgers]

On 7/22/2010 4:47 PM, Shulbert wrote:

Hello I have noticed a flaw in Android,  When connecting to an IMAP
server Doesn't matter if it is Exhange or Unix the Android Email
client will not close the connection.  In order for IMAP to work
correctly a client makes a conneciton and gets updates. If a
connection to the IMAP server is left opened you will not see any new
updates.

Step by step on how it should work.

Example will be Exchange server:

Create a new connection point to your IMAP server (Exchange) port 143
(cleartext) or 993 (Secure)
add username: John Doe
Add Domain: *Optional with VPN
Password: **
SMTP server (Exchange)

How often to login and check 5 10 15 30 1hr
Logout after checking email YES/NO (Ding ding ding grand prize winner
option here)

This is a simple fix for Google engineers to fix, they should include
it in their next rev.

   
I'm not an expert on IMAP, though I'm some what familiar with it. It's 
my understanding that IMAP clients are supposed to stay connected to the 
mail server and receive live or periodic updates as they occur on the 
server, where all the action is happening. What you're describing sounds 
a lot more like POP3, where the client does all the work and the server 
acts more like a dumb storage facility, just retrieving and deleting the 
client's requests.


In any event, both the GMail and Email apps in Android seem to be 
working fine with IMAP for me on my G1 (1.6) and my Nexus One (2.2). 
When switching from WiFi to 3G or Edge, sometimes it does seem to take a 
few minutes for the connection to time out and get reestablished, but I 
haven't experienced any problems getting my mail on either phone in 
either app.


Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: Encrypt with Android using AES, decrypt with PHP...

[Raymond C. Rodgers]

There is slightly. You need to null pad the data being encrypted to make 
sure it's evenly divisible by 16 on Android. PHP does it automatically 
and silently. See my posts in this thread:


http://groups.google.com/group/android-developers/browse_thread/thread/022e3b4b61de9a7c?pli=1

Raymond

On 7/19/2010 7:58 AM, DanH wrote:

Maybe it's because there's nothing special you need to do.

On Jul 19, 6:10 am, sblantipodiperini.dav...@dpsoftware.org  wrote:
   

it's quite incredible, no article on internet talks about cypher with
android and php or servlet...

On Jul 18, 8:46 pm, sblantipodiperini.dav...@dpsoftware.org  wrote:

 

Hi,
is there some code snippet that show how to encrypt a password with
Android
and then decrypt it with php?
   
   


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: Encrypt with Android using AES, decrypt with PHP...

[Raymond C. Rodgers]

Well, I'm not talking security wise, just compatibility wise, nor did I 
say that this was Android specific. However, what I did say was that you 
do have to do this in order to get PHP-Android encryption working. 
Android to PHP encryption with AES will not just work without adding 
the null padding or some other mutually recognized padding, so I'd say 
that yes this is slightly special as I stated before.


On 7/19/2010 11:32 AM, Bob Kerns wrote:

That's not something special. That's actually what the algorithms are
specified to require, and the APIs reflect that. They're not even
Android-specific APIs, they're Java APIs, and the algorithms are
standards and not tied to language or platform.

Ideally, you'd pad with random bytes, instead of null bytes, which
probably weaken the encryption significantly -- any time an attacker
knows part of the message, it makes his job simpler.

So I'd say PHP's behavior is a special case, and even a design flaw
(both a convenience AND a design flaw, viewed from the standpoint of
conflicting requirements).

On Jul 19, 5:45 am, Raymond C. Rodgersraym...@badlucksoft.com
wrote:
   

There is slightly. You need to null pad the data being encrypted to make
sure it's evenly divisible by 16 on Android. PHP does it automatically
and silently. See my posts in this thread:

http://groups.google.com/group/android-developers/browse_thread/threa...

Raymond

On 7/19/2010 7:58 AM, DanH wrote:



 

Maybe it's because there's nothing special you need to do.
   
 

On Jul 19, 6:10 am, sblantipodiperini.dav...@dpsoftware.orgwrote:
   
 

it's quite incredible, no article on internet talks about cypher with
android and php or servlet...
 
 

On Jul 18, 8:46 pm, sblantipodiperini.dav...@dpsoftware.orgwrote:
 
 

Hi,
is there some code snippet that show how to encrypt a password with
Android
and then decrypt it with php?
   
   


--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] ItemizedOverlay database items: When do I update the OverlayItem list?

[Raymond C. Rodgers]

On 6/29/2010 3:12 PM, Steve Howard wrote:
I think some of the confusion might be coming from the fact that 
you're expecting too much high-level logic from ItemizedOverlay. 
 ItemizedOverlay is a pretty basic class.  You override size() and 
createItem() to do whatever you want, and then you call populate() 
anytime you want to update the items in the overlay.  populate() will 
call size() to figure out how many items are present, then call 
createItem() once for each index 0 - [size() - 1].


How size() and createItem() work, and when populate() gets called, are 
up to you.  From your description, one possibility might be something 
like this:


* Detect map movements by adding an empty Overlay and overriding the 
draw() method.  Use a delay timer to trigger an update after the map 
stops moving for some threshold of time.
* Upon update, get the lat/long span of the MapView, as described, and 
use it to query your database/server/whatever.
* When the results arrive, use them to fill in a member List on your 
ItemizedOverlay subclass.  Then call populate().  Your size() method 
returns the length of the List; your createItem generates OverlayItems 
from the data in that List.


It's a bit convoluted, no doubt -- some sample code would probably be 
well-received here.  Nonetheless, such an implementation should be 
possible today.


http://groups.google.com/group/android-developers?hl=en
Thanks Steve! Ultimately, I ended up doing something very similar to 
this, primarily based around onTouchEvent() in my ItemizedOverlay class.


Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Google Maps API: Catching zoom and panning events

[Raymond C. Rodgers]

On 6/9/2010 7:13 PM, Steve Howard wrote:
On Tue, Jun 8, 2010 at 9:03 PM, Raymond Rodgers 
raym...@badlucksoft.com mailto:raym...@badlucksoft.com wrote:




On Tue, Jun 8, 2010 at 7:14 PM, Steve Howard ste...@android.com
mailto:ste...@android.com wrote:

A simple solution is to add an Overlay, override the draw()
method, and not actually do any drawing, but simply use the
method as a hook to know anytime the map has potentially moved
or zoomed.  The problem is, this will get called more often
than necessary, so you'll need some custom logic to decide
when the viewport has changed enough for you to make a new
query.  This shouldn't be too difficult however -- you can
track the current center and zoom in your Overlay subclass --
and you'd probably need some kind of logic like this anyway.

Let me know how that works for you, or if it works at all.

Steve


Thanks Steve, I eventually came to give that very method a try,
although I haven't yet decided on how to avoid the excessive
updating. I may try to find out when the user's fingers are no
longer on the touch screen or when the trackball (if present) is
no longer moved.


Yeah, you do have to do some work here, which is unfortunate.  There 
are several options, you may already be aware of them.  One is to use 
Overlay.onTouchEvent() to detect ACTION_UP events, which could help 
detect when touch gestures have finished.  Another is to use a timeout 
mechanism in draw() itself.  On each draw() call, you can have a 
Handler to send a message at a specified time in the near future, 
after canceling any other such previously requested messages.  When 
you get the message, you know the user's been idle for that short 
period of time.  android.view.GestureDetector uses this approach for 
long press detection, among other things -- check out lines 456-7, 
http://android.git.kernel.org/?p=platform/frameworks/base.git;a=blob;f=core/java/android/view/GestureDetector.java.
Thanks for the tip, I was thinking about the touch interface route so 
I'll look in that direction.

Raymond

--
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Re: SDK and Linux 64 bits

[Raymond C. Rodgers]

This has worked fine for me on Fedora 10-12. Did you follow the 
instructions on:

http://developer.android.com/guide/developing/device.html

In particular the section titled Setting up a Device for Development?

Raymond
Nanard wrote:
 Thanks for your replies.

 So, it seems like it should be possible with Mandriva (they all have
 more or less same Kernel), but it is badly configured by default...

 When I run 'dmesg', and plug the phone on USB, I got some message.  so
 the USB link seems OK.
 It's 'only' that adb doesn't find the device...
 The OS also doesn't mount the phone.

 Also : when I play mp3 in my program, with a 32 bits OS : no problem.
 With a 64 bits : I got sounds, but it's hard to reconize what is
 playing.


 I'm not sure if this is the correct forum to talk about Android 
 Mandriva issues : where can I ask ?

   

-- 
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

Re: [android-developers] Encrypting in PHP and Decrypting in Android

[Raymond C. Rodgers]

Here is PHP code I lifed out of a project that I've now abandoned. I'll 
find and post the Android side of things later. The basics are that I 
used the Rijndael-128+ECB encryption combined with Base-64 encoding to 
transmit information back and forth between the application and the web 
server. The catch, in this whole thing, is that on the Android side of 
things, you probably will need to do some manual padding at the end of 
your encrypted string in order to get things to work properly. Like I 
said, I'll post the Android side of things later.

I had intended to change the encryption key with every new version of my 
application, so be aware of that when you see $VERSION in my code. This 
isn't a complete example, just the encryption, decryption functions I 
had written.

Raymond

define('AES_V1_KEY','D0QgiY8JYvx8qzKx0iaN8kwEJgwpEqAJ');
function encryptString($RAWDATA,$VERSION = 1)
{
$key = null;
switch($VERSION)
{
case 1:
$key = AES_V1_KEY;
break;
}
// encrypt string
$td = mcrypt_module_open('rijndael-128','','ecb','');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td,$key,$iv);
$encrypted_string = mcrypt_generic($td, strlen($RAWDATA) . '|' . 
$RAWDATA);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
// base-64 encode
return base64_encode($encrypted_string);
}
function decryptString($ENCRYPTEDDATA,$VERSION = 1)
{
$key = null;
switch($VERSION)
{
case 1:
$key = AES_V1_KEY;
break;
}
// base-64 decode
$encrypted_string = base64_decode($ENCRYPTEDDATA);
// decrypt string
$td = mcrypt_module_open('rijndael-128','','ecb','');
$iv = mcrypt_create_iv (mcrypt_enc_get_iv_size($td), MCRYPT_RAND);
mcrypt_generic_init($td,$key,$iv);
$returned_string = mdecrypt_generic($td,$encrypted_string);
unset($encrypted_string);
list($length,$original_string) = explode('|',$returned_string,2);
unset($returned_string);
$original_string = substr($original_string,0,$length);
mcrypt_generic_deinit($td);
mcrypt_module_close($td);
return $original_string;
}


jax wrote:
 What would I use to: Encrypt a string in PHP and Decrypt that string
 from Android?  What methods are supported by both and which is the
 most secure?

   

-- 
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers+unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en

[android-developers] Extending the GMail app

[Raymond C. Rodgers]

Is there any information on extending the GMail application? Or better 
yet, I for one am relatively irritated that I can't email or upload 
non-picture/video files that I might have on my SD card, so I'd like to 
create a provider of some sort to enable the ability to upload or email 
any arbitrary file.

Any ideas?

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~--~~~~--~~--~--~---

[android-developers] Re: Running Android SDK 1.1 R1 on Linux 64 bit Fedora 11 RawHide

[Raymond C. Rodgers]

I've been running the Android SDK for some time on Fedora 10 64-bit 
without any problems; I didn't even need to do anything special (beyond 
downloading the Eclipse plugin) to get it running once I used the Fedora 
package manager to download and install Eclipse and the related Java 
development extensions. I expect the same for F11 and Android SDK 1.5 
though I haven't tried either yet.

Raymond

pj.paito wrote:
 Like you said yesterday I am worried about installing the 1.5 SDK on a
 64bit linux machine am downloading now.

 On Apr 7, 4:33 pm, Perty pertyj...@gmail.com wrote:
   
 How to get Android SDK 1.1 R1 (android-sdk-linux_x86-1.1_r1) working
 on 64 Bit Linux, Fedora 11 Beta RawHide. (this could surely be applied
 to other distros as well I suppose but I have just tested the above)

 Download the eclipse-java-ganymede-SR1-linux-gtk-x86_64.tar.gz
 eclipse.org. The version from Fedora repository doesn't work due to
 incompatible packages / versions. Make sure you have the Open JDK
 available and that Eclipse is using that one instead of the gjc.

 Then install 32 bit library dependencies for Android SDK on Fedora 11
 Beta.

 $yum install glibc.i686
 $yum install ncurses-libs.i586
 $yum install libstdc
 $yum install libstdc++.i586
 $yum install libzip.i586
 $yum install libX11.i586
 $yum install libXrandr.i586

 I had a lot of problems with the emulator which using SDL and got the
 following error:

 SDL init failure, reason is: No available video device

 Found a good tip to see what libs is not found:

 $cd $andoird_sdk/tools/
 $strace ./emulator

 It seems that the SDL couln't initialize the screen if not the libX11
 and libXrandr wasn't aviable.

 Next step was to get the ddms working:

 The last line of $ANDROID_SDK1.1R1/tools/ddms has a -
 Djava.library.path entry pointing to 32 bit eclipse libraries which
 couldn't be used. So I renamed the library property so it wouldn't be
 read and instead use the 64 bit eclipse versions.

 exec $java_cmd -d64 -Xmx256M $os_opts $java_debug -
 Djava.ext.dirs=$frameworkdir -Djava.dummy.library.path=$libdir -
 Dcom.android.ddms.bindir=$progdir -jar $jarpath $@

 Then getting the usb to work, follow the instructions 
 on:http://groups.google.com/group/android-developers/browse_thread/threa...http://zachoglesby.com/2009/03/android-and-fedora/

 The following did work at some point but isn't the prefered way to
 connect the android according to my 
 googling:https://bugzilla.redhat.com/show_bug.cgi?id=468532

 I have to start adb as root so if anyone have a solution for that I
 would be more than happy!

 Regards Perty
 

 
   

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~--~~~~--~~--~--~---

[android-developers] Re: Android Market Business and Program Policies

[Raymond C. Rodgers]

I haven't read through the terms recently, but it seems to me that 
Google will likely provide that same proof and try to fight the 
chargeback, but if the chargeback isn't rejected that they'll pass it 
along to you. That's just a guess on my part, but I believe that PayPal 
does something similar currently. Otherwise both services would develop 
a very unhappy developer-merchant base rather quickly.

Raymond
Al Sutton wrote:
 The shady part is that if the user had bought from the developer 
 directly (i.e. the developer had a merchant account with a bank which 
 could process credit cards), the developer has the opportunity to refute 
 the chargeback and the chargeback may not be processed.

 This is something that happened to one of the companies I'm involved in 
 recently, and because we were able to provide the proof that the 
 customer ordered it, and proof that they had not complained to us, the 
 chargeback was rejected.

 Al.

 Inderjeet Singh wrote:
   
 On Wed, Feb 18, 2009 at 10:04 AM, Al Sutton a...@funkyandroid.com 
 mailto:a...@funkyandroid.com wrote:



  - Google is not responsible for billing disputes arising from
 purchases
  on Android Market. compared to the dev distribution agreement
 which
  says Products sold for less than $10 may be automatically
 charged back
  to the Developer... so what is it, do Google do auto
 chargebacks or is
  it all down to the developer?
 
 
  I do not know how it works exactly, but looks like it means that :
  - from the user point of view, they can't dispute the payment
 directly
  with google.
  - But if google is refused a payment (refund required from the bank
  ?), they will just charge back the developper.
 
 
 So isn't that giving Google free reign to do whatever it wants for
 apps
 less than $10 and neither the user nor the developer can object?



 To me that's pretty shady.



 Here is what I understand the situation to be:
 If a buyer calls up their credit-card issuing bank/VISA 20 days after 
 purchase and VISA forces a chargeback on the merchant, then that is 
 passed along to the developer. Where is the shady part? Did Google 
 keep any money in the process?

 Inder
  
  


 


   

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
android-developers-unsubscr...@googlegroups.com
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~--~~~~--~~--~--~---

[android-developers] API Call Management: Issues 54 and 675

[Raymond C. Rodgers]

Hi folks,
 Has any one gotten an API solution to reject and/or terminate calls as 
described in issues #54 and 675? Both of these items have been reviewed 
and accepted, but it doesn't appear that an engineer has been assigned 
to either one.

http://code.google.com/p/android/issues/detail?id=54
http://code.google.com/p/android/issues/detail?id=675

 I suppose there might be security issues posed by these, after all a 
malicious application could then intercept calls and hold a phone 
hostage, but there are legitimate reasons for providing this 
functionality as well. Any comments from the Google folks?

Thanks,
Raymond

--~--~-~--~~~---~--~~
You received this message because you are subscribed to the Google
Groups Android Developers group.
To post to this group, send email to android-developers@googlegroups.com
To unsubscribe from this group, send email to
[EMAIL PROTECTED]
Announcing the new Android 0.9 SDK beta!
http://android-developers.blogspot.com/2008/08/announcing-beta-release-of-android-sdk.html
For more options, visit this group at
http://groups.google.com/group/android-developers?hl=en
-~--~~~~--~~--~--~---