zlacker

>>lkrubn+(OP)
This is perhaps the key bit of silliness:

"And this is where we run into the first bit of craziness. Amazon decided that they should model the Alexa app store after the iPhone app store. So there is a certification process to get your app into the store. But think about the difference: you are not uploading a binary file to the Alexa app store, you are simply registering an URL. So Amazon has no real control over your software. You could get an app approved, and then you could swap out the app for any other app, and the Certification team at Amazon would never know. They don’t control your code. Your code is not in their store, so they have no control over what you do. And yet they modeled this process after the iPhone store, where Apple does have control over your app."

But that doesn't get at how crazily broken the certification system. You have to read the quotes from the other developers to understand that.

>>lkrubn+m1
You are assuming that the only purpose of certification is to catch actively malicious developers. I can think of many other perfectly good reasons to have one: to make sure server response times are fast enough, to make sure it fits the guidelines for types of content they want in their ecosystem, to make sure it doesn't blatantly violate any trademarks, etc.

I don't think the concept of a certification process is the problem, just the implementation is terrible (compared to the Apple process which is merely "poor")

>>eli+k6
But that doesn't refute the parent's point: since the content at a URL is inherently mutable, they could judge that (at time of submission) some app is the type of content they want in their ecosystem, and then seconds after approval, it no longer is.

>>SilasX+c7
It could be that the client device validates a checksum against the approved list at the store before installing? Haven't tested if this is the case, just spitballing a mechanism that would allow for the control without the hosting.