| I hadn't considered the effect on my reputation at all. So, forward simulating (and embedding my sentiments as a measure of my ease of sleeping): Case {they implement it any nobody learns of the exploit}: I'm remembered as the one who stood up to help reduce friction to new apps being listed. They keep me as a positive point of contact for future design changes. I feel good about baleeting bad software design. Reputation improves, presumably. Case {I don't tell them about it, they implement it, and somebody turns the conceptual exploit into a real tool after deployment}: The company company loses, consumers win (yarr). The company (and every company they swap stories with) decides never to deal with me, if they decide to pin it on me as intentional. I feel good about baleeting bad software design as well as demonstrating the counterproductiveness of DRM (albeit in a contrived way). Reputation declines, conditionally. Case {I do tell them, they continue anyway in the name of reduced friction}: They take a calculated risk and own the result. Yay for improved design, but hard to forward simulate any more. Reputation unchanged-ish, regardless of whether the concept is exploited or not. Case {I do tell them, and they decide to quit the project and keep their old solution}: They feel less receptive to future requests in the name of reduced integration friction ("ya know, it might have a flaw!"). I don't list my apps with them, and I hope that others don't either. Reputation unchanged. The concept of third-party-android-marketplace's reputation (and indirectly Android's)? Decreased relative to potential. By this, non-exhaustive, in-the-reply-box analysis. It sounds like I should tell them, but somehow do it in a way that doesn't talk them out of it. Best option so far, but somewhat hard to enact. Btw, I'm not a professional software consultant. |