Android Market Overhaul: Piracy, Security and Ease of purchase

There are much news on the Android Market these few days. Readers would recall that my thoughts is that the Android market still have a lot of things to iron out.

In a certain sense, the iOS App Store, although overprotective and not always the best, creates a really good environment for

Developers to sell their product and gain revenue
Consumers to buy apps that are relevant to them
Easy for consumers to pay
Only apps that Apple Approves and of standard are listed

Google seem to realise that their Market concept is really not working well.

People would rather fight it out at iOS App Store than to be the leader in Android Market. A leader at Android Market earn far less than a small player in iOS App Store. That says a lot.

Piracy

Part of the reason why not as much developers engineer quality apps on the Android was probably due to not enough protection from piracy. There are many online forums where you can get paid apps (apk files) for FREE.

So what is the point of spending so much effort developing it only to see it ended up there?

Google overhaul their licensing concept to bring some form of Google DRM to the Market:

The service will allow application developers to implement a license status check in their apps – an app would query the licensing server and get back a response stating whether it had been purchased through the Market or not.

This simple and free service provides a secure mechanism to manage access to all Android Market paid applications targeting Android 1.5 or higher.

At run time, with the inclusion of a set of libraries provided by us, your application can query the Android Market licensing server to determine the license status of your users.

It returns information on whether your users are authorized to use the app based on stored sales records.

What if Google’s Server goes down or You are Offline? Will it still work?

Google is well aware of the problems that can occur when you don’t have a working connection or their servers are offline (which is unlikely but possible). This is why they will support both of these schemes:

To help you get started with a Policy, the LVL provides two fully complete Policy implementations that you can use without modification or adapt to your needs:

ServerManagedPolicy is a flexible Policy that uses settings provided by the licensing server to manage response caching and access to the application while the device is offline (such as when the user is on on an airplane). For most applications, the use of ServerManagedPolicy is highly recommended.

StrictPolicy is a restrictive Policy that does not cache any response data and allows the application access only when the server returns a licensed response.

Ok! So most of the productive apps no one will ever thought about using StrictPolicy. Can you imagine your To-Do List application or Notes application always have to be connected online?

It is likely you will use a combination of ServerManagedPolicy and StrictPolicy.

A Few More Bits

Here are some points to keep in mind as you implement licensing in your application:

Only paid applications published through Market can use the service.

An application can use the service only if the Android Market client is installed on its host device and the device is running Android 1.5 (API level 3) or higher.

To complete a license check, the licensing server must be accessible over the network. You can implement license caching behaviors to manage access when there is no network connectivity.

The security of your application’s licensing controls ultimately relies on the design of your implementation itself. The service provides the building blocks that let you securely check licensing, but the actual enforcement and handling of the license are factors in your control. By following the best practices in this document, you can help ensure that your implementation will be secure.

Adding licensing to an application does not affect the way the application functions when run on a device that does not offer Android Market.

Licensing is currently for paid apps only, since free apps are considered licensed for all users. If your application is already published as free, you won’t be able to upload a new version that uses licensing.

Ease of Purchase

iOS works successfully because as a user, I can not worry about payment first hand and enjoy using the App first. My cost will be factor into my credit card bill or in the case of iTunes Gift card, credits.

The Android market currently works on a charge per paid app install basis. Therefore, if we install a paid app, we will need to pay at the end of each single transaction using Google Checkout.

Google’s overhaul of this problem:

According to this new policy, the app install charges will be aggregated and sent along with the carrier bill for the month. A similar billing process has been present on the iPhone always. However, it is not carrier billing. The bill is added to your credit amount on a separate account and you are charged from there at the end of the month. The payment method offered on Android makes this optional. Therefore, if you are getting a paid app from the Market, you have the option of paying using Google Checkout out or using the carrier billing option. Apart from the iPhone, all T-Mobile customers have also been enjoying this billing style for a long time. In all probability, Google is trying to implement this as a standard payment method across all other networks.

I thought both options are not really good. Why not just match it to a Paypal account or a Credit Card account link to a Google Payment account?

If this is not done well, this will affect how developers are monetize and will affect developers’ willingness to develop for Android.

In Android Guys, it ran a story about a Developer’s problem with Google’s Payment:

Case in point. This week, Zodttd, a developer who is known for developing game emulators on Apple devices released a Play Station 1 emu for Android, an exciting development for the community. As soon as the word got out that the app was in the market, there was a flood of about 6000 people who went to purchase and download the app. The only thing was, the Android Market would not let about 5,400 of the purchasers, this writer included, download the app at all. The Market would let you buy the app, then it would hang up permanently on the “authorizing” purchase dialog.

When this happened, Zodttd got flooded with pleading emails from customers begging for help, some polite, a lot angry and some simply wanting their money back. The problem for the dev was that he was in a virtual no-man’s land. On his end, he had received no money to refund, but his customers were holding receipts in their hands. He could not get help from Google right away, because there is no phone number to call for help. In fact, there is no support department for this at all! You can see the progression of the issue from start to finish through this post log at Google.

So, the perfect storm happened. A dev who had decided to enter the arena of Android development creates a pretty nice app for the community, tries to get it sold in the Market, and gets jammed by a glitch in the system that makes it look like he has received a bunch of money, but actually hasn’t. On top of that, he can get no immediate help to fix the problem, and is left to try to email Google as a whole rather than a support individual who could remedy the problem quickly.

Being one of the customers that was following the progress of this issue, I was dumbfounded by how long it took to get a resolution from Google, and as a result, how many sales the dev lost. It really put on display the glaring issues the Market has.

Google should be working to make the Android development environment and sales structure something that is a joy for devs to work with, not vice versa. Unless this happens, it is going to be a long, slow, uphill battle for the Market to gain serious steam, and to see the quality of apps that we are hoping for. Come on Google, it is time to throw some serious work into this area.

Security

Google prided itself that anyone can run their application on an Android Device. They never had the problem of rejecting apps.

Is this a good thing? Perhaps not. They are just waiting for the perfect storm. And probably this is it:

A mobile security firm called Lookout just released a report at the Black Hat security conference in Vegas (where else?) that says that they discovered a malware program that is sending the private information of several million Android users to a mysterious location in China…all in return for some My Little Pony wallpaper.

The app in question came from Jackeey Wallpaper, and it was uploaded to the Android Market, where users can download it and use it to decorate their phones that run the Google Android operating system. It includes branded wallpapers from My Little Pony and Star Wars, to name just a couple.

It collects your browsing history, text messages, your phone’s SIM card number, subscriber identification, and even your voicemail password. It sends the data to a web site, www.imnet.us. That site is evidently owned by someone in Shenzhen, China. The app has been downloaded anywhere from 1.1 million to 4.6 million times. The exact number isn’t known because the Android Market doesn’t offer precise data. The search through the data showed that Jackeey Wallpaper and another developer known as iceskysl@1sters! (which could possibly be the same developer, as they use similar code) were collecting personal data. The wallpaper app asks for “phone info,” but that isn’t necessarily a clear warning.

Roughly 47 percent of Android apps access some kind of third-party code, while 23 percent of iPhone apps do. The executives also found that many apps use third-party software programs to do things such as feed ads into an app. Often, developers unquestioningly use the software development kits of those third parties in their apps, even if they don’t know what they do.

Conclusion

My take on this is that Apple probably got it spot on. The problems that they might think will affect their customers have surely come to light at their competitor.

The case study of the difference in implementation of a Application Marketplace shows that being open and lax control isn’t really helpful in all situation.

Being Authoritative like Apple might not be really pleasing all round but they certainly provided a platform where they value add to their network much better than google