Thanks for good explanation! Greatly done. first - I do not see current version of anti-piracy implementation as a peniciline for piracy cure. It will prevent piracy in 60-70% of cases. I think this is more then sufficient.
Also curreny solution is mostly oriented on Android Market (AMar), and will become unneeded when will be released something better then AMar. If I am correctly reading future (ha-ha) all phones manufactures will shortly run own app stores. Problem is inside chain: Android Market --> Google Checkout --> Vendor When application buyer did Transaction on Google Checkout (GC), Vendor recieve so little information from GC that can not build effective protection against piracy. On Nov 17, 4:40 am, Rachel Blackman <[email protected]> wrote: > >>> Not to mention that just because someone might have pirated some app > >>> at some time, doesn't mean that they pirated your app. > >>> That's why it needs to be able to check against Google Checkout or > >>> whatever payment processor is used... > > >> Also not to mention how many people buy out-of-contract phones off of eBay > >> to toy with new techy stuff. What if someone gets their phone's IMEI > >> blacklisted in your database, goes and sells their phone, and someone > >> innocent now picks up the phone and finds abruptly they can't use any of > >> the apps linked into this antipiracy thing? (And lest you say that > >> wouldn't happen, look at how many of the Xbox 360 consoles that have > >> gotten locked out of Xbox Live abruptly ended up on eBay, while the folks > >> who got locked out go get new consoles. After all, Xbox Live uses similar > >> security methods, where the lockout applies to the hardware ID, not merely > >> the account.) > > > Tomorrow we will release free application that will help to check is > > your phone in "black list" or not. In case when phone was used by > > pirate before, you can run this application and check device is it > > clean or not. And after that decide buy it or not. Also database is > > public and you can in any time ask us about reviewing the "piracy > > threat level" for device. > > I've almost never seen someone post a phone on eBay with an IMEI. I know the > G1 which I snagged off of eBay for testing certainly didn't have that in the > listing! > > More to the point, not all users will be saavy enough to know that they > should do this. Maybe they just got a refurbished phone from their provider > as a replacement, for instance. Why are they going to necessarily know that > they should ask the person at the T-Mobile store for the IMEI, and then a > browser to check if that's blocked from running apps or not? > > Your solution basically assumes two particular data points: 1) that a > blacklisted phone was blacklisted by the current user, or that 2) if 1 is not > true, the user is tech-saavy enough to deal with finding out that the phone > is blacklisted before accepting it (or to know how to get themselves cleared > from the blacklist). > > I dispute these points as being generally true; a lot of the people who fall > under #2 and aren't developers themselves are just going to 'why did this app > say I was a pirate? I paid for it!' and then leave a 1-star review. > > For this method to be generally viable, I think there needs to be a /nice, > detailed/ explanation of what has happened, and a simple button the user can > push to request a review of their blacklisting. (Of course, the problem is > then what do you do to stop the pirates from deciding to just endlessly > request review of their blacklisting.) > > I'll admit that I used to be involved in the PC game programming community, > where all SORTS of bizarre antipiracy measures have been tried, and many of > which have backfired. So my immediate reaction to antipiracy stuff now is to > look at the solution and go, 'okay, now, where's the place where this is > going to go horribly wrong and lead to bad reviews or screaming users on the > forums?' > > >> This isn't to say that antipiracy methods aren't desirable or useful. > >> Just that if they bite /innocent/ users as well, you'll have a headache to > >> deal with. Look at how many 'I can't see this app in the market!' threads > >> we already have, and how much frustration there is just from developers > >> over that. Imagine the users adding to that with 'I paid for this app off > >> the store, but when I try to run it claims I pirated it!' > > > Please read anti-piracy methods carefully on our web-site. By default > > all devices have - Green level. If reported 1-3 cases device level > > become - Yellow. 3-5 cases - Brown level; more then 5 cases - Red > > level. We recommend to stop servicing devices that reach Brown level > > limits. > > Right, but let's say a pirate gets their phone to Brown level. They go, > pfft, okay, well, I'll just trade this one for a different refurb, and let > the dealer hand this one out again. (Or, "I'll sell it on eBay," etc.) > > My concern with the system isn't that someone was erroneously listed as a > pirate, but that the phone was /correctly/ listed as a pirate, and then > traded hands to someone new. > Do you expect that pirate will change phone every week?! BTW most of the phones are on 1-2 year contract. And if phone will rich brown level in 2-3 tryies cost of piracy will be too high and will not be profitable. But this is only possible if most of the vendors support anti-piracy efforts. My point is: We can make life difficult for piracy, but can not eliminate it. > >> In general, as a software developer, I tend to think that antipiracy > >> methods that allow some pirates through are better than antipiracy methods > >> that might flag innocent users as wrongdoers. > > > it's completely your choice. You as developer decide do you want to > > use it or not. > > Which is quite fair. I'm just stating the problem I see with using this > system as a whole. Pirates are resourceful; they'll find ways around things > in the end. (See the comments in this thread about IMEI bombing, or > reverse-engineering the system and removing the protection.) > > My general opinion of protections is that if you have a protection which the > determined pirates have the technical ability to get around, but which can > bite the non-pirate users, you will alienate users. Look at the SecuROM > fiasco; legitimate users couldn't run SecuROM-protected software because of > issues with the software flagging them erroneously as pirates or suchnot, > while the pirates -- who had copies of the games where they'd stripped out > the SecuROM -- actually ended up having a /better/ experience than the > legitimate users. > > That's a particularly extreme example of antipiracy failure, but one which > (as someone with ties to the games industry) strikes home rather firmly for > me. Users who had SecuROM problems had no recourse, no way to get the game > they had legitimately purchased to run, and many became embittered. And oh > BOY did game developers hear about that one. > > http://en.wikipedia.org/wiki/SecuROM > > > But If I were on your place, instead of telling only critics, I will > > be bring some creative ideas, how to make anti-piracy system better... > > Nothing personal. Make critics is easy, making solutions always harder. > > No offense taken. > > I think my general suggestion boils down to 'if you want to go down this > path, have a clear, concise, easily-understood way to request a review of a > device's inclusion in the blacklist, and be prepared to handle the ensuing > workload.' > > Remember that cell phones /are/ something that often change hands, when > people trade in a device for a new one and that original device gets > refurbished and handed out again. You cannot assume that a device that has > been blacklisted (even legitimately blacklisted) remains in the hands of the > original offender indefinitely, or that someone who receives a blacklisted > device will be technologically saavy enough to figure out how to get > themselves removed from the blacklist without really a really clear procedure > to follow. It's part of the game. -- You received this message because you are subscribed to the Google Groups "Android Developers" group. To post to this group, send email to [email protected] To unsubscribe from this group, send email to [email protected] For more options, visit this group at http://groups.google.com/group/android-developers?hl=en
