I'm also the developer of http://getgom.com (VPN as a Chrome extension using SPDY SSL proxies), and as a fellow Singaporean when our government openly does surveilance, I __completely__ understand where you are coming from. To be fair, I'm not sure how I can solve his problem though.
Open sourcing could be a plausible answer. But fighting Google Play clones and what-not is really time-consuming and as an indie dev, my time can be better spent.
Do a video interview, get on several podcasts. Talk about Material design, about privacy, about android development in general. Have a blog and link to it. Personally talk to your users.
If some known person (open-source contributor or a startup founder) start using your product, ask for cross-promotion or endorsement of any kind.
Just be open. The more people know about you the more they are inclined to trust you.
People don't trust Mozilla because they read the code, they trust Mozilla because they do exactly what was described above. They do the things that foster trust.
I'm afraid Firefox is so abysmal noone could comprehend the whole project's code. Guess, we could only review a tiny bits of it (I had briefly read sync-related parts of code in hope I could replace them with something saner and simpler, but ditched the idea) and hope others did the same for other parts.
It doesn't solve the original problem as it is stated, but it still solves the original problem. 99.99999% of Firefox users will never look at its source code, they just trust the Mozilla brand.
What's stopping clones from replicating your UI right now? Are you concerned with loss of IAP revenue to clones?
I would suggest you open source it under a non-commercial license. Also, take a look at how some successful android open source projects are run. In particular, I like XPrivacy (https://github.com/M66B/XPrivacy). This is an excellent app. Open source with optional purchase, similar to yours. Personally, I paid the $6 they charge because I'd rather not compile the src myself.
You've already had a lot of downloads and are an established app. Clones can't replicate that.. If you are a recognized dev on xda, with your own thread for discussion, feature requests, bug reports etc, no clones will be able to replace that aspect even if they can clone your app.
You should be able to get more downloads/purchases from privacy-aware users. And you can have donations for feature requests if you want.
I think the main part about being free software is not that the code could be reviewed or whatever, but that the software respects its users' freedoms. And for me, that alone is a good reason to respect the software and its developer.
XPrivacy is a great example. Another one would be "Conversations" XMPP client, that is FLOSS, but is a paid app on Google Play. Even though I wouldn't call it completely mature yet (it's 0.7.x and lacks some polish and minor features), it's a good app that does its job very well and 1-5k users (not bad for non-gratis app, I guess) seem to agree.
I don't really have a great answer myself, personally. That's partly why I made my post to begin with.
However, one thing that I think would greatly help is a privacy notice of some sort detailing exactly what is tracked and how it's used. I don't see one on either the Play store page, nor in the app itself (your site seems to be loading slowly at the moment, or I'd look there too). While it may not completely remove my fears, it would at least serve as a good baseline and would make me feel a little better.
EDIT: Tried your site again, and found your privacy policy. I must say, I do like the way it is written as well as the content. Still, I would encourage maybe a link in the app, at least.
The topic of trust deserves a lot of attention, thanks for rallying some attention to it!
An idea: trust is a huge issue when it comes to development of apps (mobile or otherwise) that transacts important data (and what doesn't these days? Even games could be used to create personal metrics on people's IQ/skills/etc.). Some sort of consortium should be formed to work a coherent strategy on this, anything would pretty much be better than the current day situation: a combination of oath/register/proven-track-record-of-company/technical-guide-lines/technical-validation could prove very valuable resource to consumers and businesses alike!
People can copy the source, but they cant copy the top download count, or a reputation as a good developer or company. Once you have loyal customers and a reputation there is no point in hiding the source code in my opinion.
They can copy your code, but they don't understand it like you do, and therefore can't provide the same level of support or quality in updates. If they copy your code and make it closed source, people won't trust it, and if they copy your code and make it open, you can just steal changes you like back again.
If there's a place for browsers like Opera, there's a place for you; probably your focus is on usability and design, and while security is something in the mind of hackers in general, design and usability are the first thing for non-tech users.
So im sure you can find a place even without making it the first choice for hackers.. but of course you can always take measures to address the concerns of this crowd..
But at first, i think is good to focus on what you are good at; than if you succeed you can grow and address more the security conscious people
Dont try to be everything to everyone else(at least at first), as browser market is crowded you have a very narrow door to pass through, once you find it, use it
(About Trust: it will come slowly with time; It's something you cant get for free anyway.. as in any relationship in life)
Agreed. The only thing that will get me personally to switch browser at this stage is more security/privacy. But I'm not everyone - I have plenty of friends who are fine with spraying their lives all over the webs. Have forwarded your link.
Hi, I would recommend that you set up an offshore company as the app's main developer, if i remembered correctly, the mda does not approve of such apps. btw, you dont have to worry about open sourcing your app as anyone can simply decompile it with apktool. ;)
I second this. Decompiling java to bytecode is not only easy, but not very hard to read with a bit of experience. It's like reading normal java code but slightly more concise haha. However, I can understand the developer's concern. I think the best way to go about is to put in copyright notices and some sort of license on it. Then, go for the lawsuit if you really need/want to.
Whether/when I have to pay is a little unclear; can you put that front and center? As someone unused to VPN's, I'm a little unsure of what I'm paying for. I'd also suggest changing your payment plans to simply "Monthly, Yearly, and Life". And please, just tell me how much it costs per year in the yearly plan. 1.8*12 isn't hard to plug into a calculator but not something I want to do in my head.
just my 2 cents, but showing the source to a limited amount of people, who are themselves known for other kind of work and certifying that your app isn't badly behaving could be a good start.
That's not a silver bullet idea though, because it requires trusted voluntary (or not) people and there is always a slight risk of source code leak.
Open sourcing could be a plausible answer. But fighting Google Play clones and what-not is really time-consuming and as an indie dev, my time can be better spent.
What do you suggest?