But can you trust the Market?
The Android App Market takes another step towards maturity today, with the launch of In-App billing. This service has highly anticipated for some time now, and the official Android developer blog has just confirmed it as live. Several apps are already taking advantage of the new feature, including Tap Tap Revenge, Comics and Gun Bros.
iOS has supported In-App billing for quite some time now. One reason for the hold-up on Android was probably the more stringent security measures needed to make this feature safe on an open-source app. Google has created an extensive set of security guidelines for devs to pore over. It advises performing signature verification on a remote server and not within a device. As well, it urges developers to obfuscate their code with something like Proguard in order to prevent reverse engineering to break through security measures.
Google has also put together a sample app so developers can see what the billing code should look like. It includes details for updating your app's manifest and creating a BroadCast Receiver to receive the sort of asynchronous billing requests sent by the Android Market.
The example app on the In-App billing page is from some sort of RPG game. It shows a "sample" store where players can buy in-game items using real-world money. Since your card would be saved with Google, paying would be as simple as touching a few buttons. According to the screenshot, Google will accept Visa, Mastercard, American Express and Discover.
While the example app did not allow refunds, Google does include a section on administering In-App billing that includes refunds.
The obvious worry here is malware. Anyone can get an app on the Android market. While apps that allow billing are likely to be more strictly monitored by Google, it is hard to imagine an immediate future that doesn't include at least a few crafty shysters slipping through the cracks. One spree of stolen credit card numbers is all it will take to set the Market back by years. We'll know if my paranoia is justified in a few months. For now, I'd be cautious about what apps you send a billing request through.