Ask a Dev: Does Piracy Piss You Off?

As the subject has resurfaced recently I was wondering what an Android app developer had to say about piracy, the Chandroid guys (Onymous Heroes) particularly because I love that app (fantastic imageboard frontend) and so do, disproportionately, the type of people who love to pirate anything. I looked up how to contact them, along the way stumbling across ways to pirate a recent release of their application, and peppered them with questions, some of which were good. They sho’nuff indulged me and spent at least twenty five minutes fielding my questions with good OC which you ought to read (tl;dr? piracy sucks, Android being no safe haven; but hey, cost of doing business, amirite?). Though there are some Android specific things, the gist of the article applies to every platform..

Me: First off, thank you for Chandroid. Favorite app. I’d pay $50 for it if I had to and was less broke. Anyway I’m the guy from mobilitydigest.com who wrote this Chandroid review, want to do a thing on phone software piracy, figured you’d have a thing or two to say. Are you aware of this (hyperlinked to a piracy page)? Your reaction? What goes through your head, seeing that guy who put up Chandroid on this thing got “25 WRZ$” for his work? What do you make of his “support the devs” sig? If you could somehow pull his docs, would you? Are there many other sources like this?

Onymous Team: Hi Doug, Yeah, we remember you, thanks for the article! And congrats again on getting married! Yes, piracy is a serious problem on Android. Ultimately, it’s one of many things that developers have to look at to decide if it is worth it or not to get into the Android Market. We did our analysis, felt we had a good plan, had an idea for an app that we were passionate about making into a reality on a platform that we loved, and took the plunge. We won’t go into very detailed specifics as there’s no point in giving these pirates more insight into how things work or what our exact strategy is, but we’re happy to talk about the generics as well as our outlook on the situation.

Were you aware of this, that your work, the very latest version, is being pirated as fast as you update the thing? Literally a couple hours behind you? If so, by what means did you know it was being pirated, this one operation or any other sources you know of?

We are aware of this and multiple other sources. It’s really not that hard to find, just use Google. Also, you’re wrong, this isn’t the very latest version. We actually just pushed an update (bug fix patch) so the pirates are one version behind (at least as of when we are writing this).

When you see that page behind that URL, your reaction? What goes through your head, seeing that the guy who put up Chandroid on this thing got “25 WRZ$” for his work for him to spend on other things on that website? What do you make of this guy’s “support the devs” sig? Do you have any personal rage to aim at these individuals?

We ask ourselves WHY someone would actually want to pirate Chandroid as opposed to buying it legitimately for $3. Ethics aside, pirating an app like Chandroid from a small dev studio like us is a complete pain in the ass and is actually much more expensive than paying for it. This doesn’t sound intuitively obvious, but read on.

You’ve probably heard of the philosophy of thinking about piracy as simply being another business competitor; ie, you can beat piracy the same way you beat any other competitor by delivering better quality at a lower price point and marketing it enough so that people know about what you have. This is a philosophy that we personally believe very strongly in, and we feel that this is really the correct solution forward. Rather than using draconian DRM measures that treat your legitimate customers as criminals, we believe in showing the value of being a legitmate customer to encourage pirates to buy our app.

Pirating Chandroid is inherently a bad idea because you won’t get any updates. The purpose of the app is to act as a highly efficient frontend for various imageboard sites. And the one constant about imageboard sites is that they are NOT constant. Instead, they, like most websites, can and do change over time. This means that a version of Chandroid that ran a few weeks ago is probably completely broken if you tried to run it against today’s version of the imageboards. Since Chandroid supports multiple image boards (4chan, 7chan, 420chan, etc), it means that if ANY of these boards change, if you don’t have the latest update which addresses that change, then lol, no lurking for you. Even assuming that the average user only cares about one or two chans, this fact alone would probably require monthly updates at the very least.

To add to that, consider our dev studio’s situation and overall genetic makeup of our members. We are a VERY small engineering team (and most of us have to have other jobs as this does not pay nearly enough) who are trying to turn a project that we are all passionate about into a real, self sufficient business. We managed to get a lucky break by having IDEAL Group buy us out and give us some initial funding + ongoing contract work to stay afloat since the Android Market doesn’t seem to have nearly the returns that the Apple App Store has. Obviously, we hope this will change over time since we are betting big on Android, and our month over month growth seems to indicate that we could eventually have a real, sustainable app business.

Anyways, because we are such a small studio, we lack several things that a larger publisher would have, such as an arsenal of phones to test against. Instead, we have to rely on asking the nice folks at IDEAL Group to test our apps for us when we have a device specific problem. This works, but it is slow, so the result is that our testing is largely restricted to the phones that our individual team members have. Given the various flavors of Android, it is almost inevitable that we will occasionally hit a glitch with a particular model which we were not able to test against. If we were a bunch of programmers doing this just to cash a pay check, we’d log it in a bug database, and deal with it at some point in the future (if at all). But this is our baby, so we care about it – A LOT. If we get a bug report, we investigate it and try to respond ASAP with a fix. Guess what? Turns out that if you respond to each problem and try to fix it ASAP rather than stick to a predetermined release calendar, you end up doing a lot more releases.

We mentioned that we are passionate about our products. We’re building what *we* want to use (and do use) on a daily basis. This means that the moment one of us goes “gee, wouldn’t it be nice if Chandroid could also do X”, that X gets put onto the our TODO list of features. When you add up these features + feature requests from our customers, you end up with a lot of features going in. Since we want to make sure new features don’t break or degrade Chandroid, we like to trickle these features out as we complete them rather than do one big push. Lots of features trickling out one at a time == lots of releases.

When you take all of that into account, you end up with a product that receives a minimum of one update per week, and sometimes more if there are important bug fixes. Note that ANYTHING which can trigger a FC is considered “important” in our book, which is why there can be multiple releases per week (and very, very few FC’s actually experienced by users relative to other apps of similar complexity with a similar sized userbase).

This is an area where we have to give Google credit – they implemented an auto update checkbox. This is probably the best thing EVER for our loyal users as they can check that box and never worry about whether or not Chandroid is up to date.

Our app is fairly complex and has a rich set of addons. We decided on making a set of addons rather than building them all into the app because many Android devices are severely space constrained + not everyone wants every whiz bang feature. In addition, we felt that some addons could have standalone value (ie, MemeMaker) and could thus help advertise our app. A side effect of this is that we have to coordinate a bunch of different apps and make sure they all work seamlessly together. That + making sure there are no force closes + changes to the various chans means that there will very often be updates which we deem “critical”. As a result, at times we may try to enforce that all our users are on the same version of Chandroid to avoid unexpected interactions between programs and the generally poor user experience that would result from such cases.

Now, back to the piracy thing. Let’s do a bit of math shall we?

First, let’s weight the deck in FAVOR of piracy. So let’s suppose we are dealing with an individual who is earning minimum wage. According to this government website, the places with the lowest minimum wage are Wyoming and Georgia – these states pay below the federal minimum wage at a miserly $5.15 per hour. Let’s also suppose that this pirate ONLY cares about 4chan and that it had been a slow couple of months so that there was only one mandatory update per month.

Mr. (or Ms.) Pirate has to first find a pirated version of Chandroid that works. Let us assume this activity takes a mere 15 minutes because he already knows where to look and happens to have an account there. As time goes by, he falls further and further behind on updates, and so he is missing out on features/small improvements. And finally, there is a serious change to 4chan, the older version of Chandroid is completely broken, and thus we deem that the update is critical. Now at that point, he has to upgrade Chandroid. But he can’t get it from Android Market. So now, he has to go and hunt for the APK again. This time, he finds the APK, but it’s on a different site that he didn’t have an account on. So he has to register for an account, wait for the confirmation email to show up, click on it, download the apk – the update process takes him 25 minutes to do.

And a month later, the process repeats. Same thing the month after that. You get the idea.

He makes $5.15 an hour. This means his time is worth approximately 8 and a half cents per minute. In just the first month, to illegally acquire Chandroid, he spent 40 minutes in those two download attempts. 40 minutes * $0.085 per minute = $3.40! Chandroid costs a mere $2.99; so piracy actually cost this guy $0.41 MORE than going legit! Not to mention that once you buy it legit, you get all the updates for free WITHOUT spending any time to search for it. So this price difference grows VERY fast.

Now, if you take a step back, you will realize just how heavily we weighted the deck to make piracy even sound like it had a competitive price to going legit. If he can afford a smartphone, we highly doubt he is making only $5.15 per hour. This means that his time MUST be worth more than 8.5 cents per minute. We also doubt that there would be only one instance of an update being deemed critical per month. So he must also search the various piracy sites more often. And finally, we’d like to believe that people would like to use Chandroid for more than just one month. In addition, he also got a worse user experience overall because he didn’t get the benefit of all the minor speed tweaks, etc.

So this brings us back to our original question: why would ANYONE pirate Chandroid? Even if we cynically assume that the entire population is made up of people with absolutely no morals or respect (which we don’t), the economics simply do not make any sense.

The only logical conclusion that we can come to has been that as much as we love Android and Google, it is Google that is at fault here. Google had a very slow launch process in getting paid Android Market outside of the US. Additionally, Android Market relies on Google Checkout which requires a credit card. In Europe and many other places in the world, credit cards are not as ubiquitous or as easy to get as in the US. The result is that there are people who are either unable to buy Chandroid legitimately because they don’t have paid Market in their region or because a credit card would be prohibitively difficult/expensive to obtain. In those cases, the equation changes. Suddenly, Chandroid doesn’t just cost the $2.99 that we’re charging; it costs that + the price of getting a credit card or that + infinite because there is no paid Market. :-/

We have heard the industry rumors about Paypal integration and carrier billing. If Google can actually pull those two off GLOBALLY and make Market available EVERYWHERE, then we think that would do quite a bit to dampen piracy and help all developers trying to sell content.

Why is your most recent version being pirated when (at least this is the impression I had been under) google has offered strong measures for developers to use to combat piracy? Too long / don’t want to code it in, don’t think it’s worth your time in terms of money it might help you keep, you don’t want to curb the proliferation of your software even if a lot of it is pirated, don’t want to sell software that phones home, … what?

Google has only provided two measures, both of which seem insufficient and flawed to us.

The first was the “copy protection” checkbox. If checked, this would put your application into a special directory on the Android device. Most apps get installed under /data/app. If you had this checked, it would be put under /data/app-private. The significance here is that /data/app-private is only readable by the system, so you wouldn’t be able to copy the app off. Unfortunately, this does not stop someone who has root access. And once the APK is copied out, anyone can install it since Android allows for easy side-loading of apps (which is actually a feature we LOVE about Android, so we don’t really want to fault Android on that – users SHOULD have this ability even if it means some of them can abuse it for illegal purposes). This seems to have failed so badly that Google is actually deprecating this checkbox and replacing it with their second mechanism.

The second mechanism is Market licensing checks. This was introduced late in the game and from what we have seen of it, has several holes in it. First off, there is the issue of making sure you don’t block real users from using your app. We have seen several hiccups in Market where transactions would not go through, users would have downloads that got stuck, stats would be messed up, etc. We’re very afraid of a similar hiccup locking out our real users; to us, it is simply unacceptable to punish honest users because of the actions of dishonest pirates. In addition, if you do a detailed look around any of these piracy sites, you will see *cracked* versions of apps. This means that the developers put the check in, and it was then hacked out by the pirates. So it’s questionable just how secure this check really is.

I won’t post this but, j/w, what what are they doing, the [one crude piracy trick]? Do you have no countermeasures? Does it require at least one guy to have bought your software or are they somehow stealing it by other means? Ever consider a DCMA takedown thing or is that lame or is that a whack a mole waste of time?

See the above. Anyone can copy any Android app using adb and a little bit of Android know-how. DMCA takedown is a complete waste of time in most cases. Most of these places take around a week or so to respond (if they respond at all – hosts outside of the US often do NOT respond).

Given that your software is pretty much for the crowd of people on the internet more likely than any other group I can think of to pirate software, does that make you less pissed if you are pissed at all?

We knew the risks when we made the app. We made it anyway because we wanted to use it. We’re selling it because we want to become a real dev studio and quit our day jobs so that we can focus on mobile development 100%.

Presuming it pisses you off, what would you fantasize about doing to people who steal your software? What would you fantasize about doing to people who enable other people to steal your software?

We are pissed. But more than pissed, we’re curious.

The people who are doing this are obviously intelligent. So this means they should be able to do simple math. And simple math shows that they’re paying a highly inflated price by pirating Chandroid rather than just buying it legitimately (and this price goes up EACH MONTH as they have to spend time to hunt for a new version when new versions are completely free to customers who have paid the one time $2.99 price), so we’d like to know why and if our theory about Google Market being hard/impossible to use for some people in some regions is really the reason behind this or not.

If we are wrong about this and there are no other factors, then it means they are OK with paying more per month to get less, and are actually going out of their way to do so. If that does turn out to be the case, then we’d like to ask if any of them would be interested in renting a car from us for a year or more, where the rental fee per month would be the cost of buying the car outright and at the end, we would still own the car in its entirety. If so, we’ll drop doing software and go into the car rental business. ;p

What do you think makes these people tick, a desire to be the hero of their world of phone software pirates? Some sort of personality disorder?

For the original posters, we think it is the desire to gain attention and be the “hero”; basically they’re just attention whores.

Like we said earlier, in a way, they are simply “selling” a competing product. Our advantage here is that we have a better product (always up to date) at a much lower cost (updates are free and don’t involve any time spent on searching for it).

Attention whores go away when everyone ignores them. Right now, there is an audience for them because of the barriers to acquiring Chandroid legally. We hope that Google will move quickly to remove those barriers and make things better for everyone.

Anyways, hope this helps!  -Onymous Team

[poll id=”65″]