

Reasons why Apple should add "Gift This App" to iTunes - mobileorchard
http://www.mobileorchard.com/gift-this-app-apple/

======
cstross
Here's a good reason _not_ to add "Gift This App":

Let us suppose I am J. Random Black Hat Hacker, and I am in possession of a
zero-day iphone exploit.

How do I get it into lots of people's hands?

Solution: write an innocuous-looking amusement app (with the exploit buried
inside it), get it past Apple's testers (this is the _some magic happens here_
stage, but from what we're hearing they don't do a hell of a lot of testing),
and once it's in the store, voila: "Gift This App"!

Note: the issue here is social engineering. Ordinary people take freebies,
whether honestly come by or otherwise. Consider the penetration testing
experiments where USB memory sticks with malware payloads are left in car
parks outside office buildings; something like 40% of the sticks were shoved
straight into a PC at work without any attempt to sanitize them. "Gift this
App" can be used by bad guys to provide the illusion that their targets are
getting something worth having for free -- the same illusion that 419 scammers
exploit.

At the very least, developers should need prior approval before being able to
use "Gift this App" -- or there should be a mechanism to warn recipients that
the App is from a source not connected with them.

~~~
jrockway
What's to stop me from doing this right now? "Here's a free app for you, click
here, this link is only for you." It's not only for you, of course, but who
checks to see if the URL has a real unique ID in it? (You could always add a
"?gift-code=293874" at the end of the URL anyway, the server will probably
just ignore it.)

~~~
cstross
Two words: perceived value.

Many people proceed on the assumption that the sticker price on front of an
item defines its value. If you price a widget at $199, they may look around to
see if they can find it for $189 at a competitor's store, but they don't say
to themselves, "hey, wait a minute, given the likely bill of materials,
shouldn't this sell for $30?" They take it on trust that price reflects value,
to a first approximation.

(Incidentally, this is a major problem facing the adoption of free software,
because it works in reverse: "if it's free, doesn't that mean it's not worth
anything? So why should I bother with it?" _We_ know what's wrong with this
argument, but many non-geeks don't.)

If you want to social-engineer an exploit, I'd say making it look as if the
trojan is _valuable_ is going to help more than making it look as if the
trojan is _free_ because of the psychologial association between cost and
desirability.

(Hence all those "Your computer is at risk, buy our virus scanner now!" scams
cluttering up your clueless cousin's web browser.)

If you're a serious criminal and you've found a way to empty someone's bank
account via their iphone, I'd say it was worth paying $10 per victim to get a
better supply of victims by convincing them that your malware client is
valuable and worth installing. Right?

------
ujjwalg
I completely agree. Not only this, they should also let developers provide
individual discount coupon codes for their apps the way you can do on your own
website. We have users who are helping us with testing and we want to give
them our apps at 50% or 75% off but there is no way to do it.

~~~
jws
Good idea. Hard to keep developers from cheating and selling the discount
codes or tying them to other purchases to reduce Apple's cut. Maybe developers
would just obey the contract if it said you couldn't do that, and it could be
tried and canceled if widely abused.

~~~
Shamiq
I hadn't thought of that as a way to game the system -- it does, however,
cause a tax disincentive.

------
mare
Good idea.

As non-US based developers we can't even give coupon codes to our beta-
testers. Those codes only work in the US.

And in Canada you can't even use iTunes gift cards for buying apps so the only
way we can reimburse beta-testers is by sending them money by paypal.

~~~
hboon
If they are beta testers, why do they need a code?

~~~
Timothee
I'm not sure but I would assume if once the app is released, they can't even
reward the beta-testers by giving them the app they helped build.

~~~
hboon
Just let them install the last beta, the RC which was submitted to the App
Store. They only difference is if they never bought (or didn't use a code),
they can't rate it on the App store.

------
jlintz
What they really should add is the ability to try an app for 24 hours. I think
they would see sales go up dramatically for apps, I don't buy any software for
my PC without trying a demo first, should be able to do the same with my
iPhone

~~~
ruchi
Lite versions of the apps let you do just that. Although not all
features/levels are available.

~~~
jrockway
Android lets you "return" a full app within 24 hours for a full refund. You
don't have to guess if it will do what you need, you can try it and see. I
guess you are out 99 cents on your credit card for a day, though, which will
probably annoy someone here.

~~~
dkokelley
Well they probably would just hold the charge until you've held the app for a
day. Otherwise there would be fees for apps that people never kept.

------
DaveWooldridge
It would help promote app discovery! And since the gifter would be paying for
the app (just like they would if they gifted a song), the purchased app would
then be allocated to the recipient's iTunes account.

------
dfahey
How to Gift an App using iTunes:

<http://www.youtube.com/watch?v=BMwKYl2ed3E>

~~~
xinsight
Summary: Send a gift card (e.g. $20) with links to the apps in the message.

------
pclark
the reason they don't is probably why promo codes are capped - to prevent
possible abuse.

~~~
spicyj
Promo codes are limited to supress black markets for apps, but with a gifting
mechanism, Apple gets the same profit that they would any other way.

~~~
pclark
duh. of course. i forgot that _someone_ pays for gifted apps.

