Jaxon Posted August 24, 2017 Report Share Posted August 24, 2017 (edited) After a bit of thinking, If a developer uses my API and modifies some code of it, they could prevent a transaction from occurring on the client side. That would allow companies or ETH hackers (we all know about the articles) to take money without the customer getting what they paid for. If I were to start an escrow service, then it would be impossible for funds to be stolen. Why would a developer worry about taking up my offer? Security. While my company does not have quite a name out there, and me being the only employee it almost seems risky to people. But as the service grows, more and more trust will come. So a dev would sign up on my site and request an escrow. I would give them an address to deposit funds into. In the bottom corner of the box would be a message saying, "Check Address for Escrow". A user would then be able to copy the address and paste it into a search box on my site to verify we own that wallet. Once a transaction goes through, the customer would press a button accepting the fact that they received whatever they purchased. Once they confirm, I send the coins to the dev. If they do not press the button after a day or two, a notification is sent to the user forcing the user to press I did get the item, or they didn't. If the user says they never received the Item, the developers get a claim of non-payment and I get a transaction ID that user sends to me. A time stamped database will show the transaction ID and the time the item was purchased. The API will include data store inside of itself. This data storage engine is immutable, meaning that a developer cannot change its calls and how they work. An MD5 hash would then be generated from the storage engine API to verify integrity. That hash is then sent to my escrow service to check the integrity. If it succeeds the check, then a function is called on the device to undo the payment and remove the artifact left by the storage engine. If it fails the check, and the developer gets hit with a mark and funds are returned to the user. On Android, the SafetyNet API will be used to check for rooted devices. If a device is rooted, then the user is warned that all purchases cannot be verified and that the dev is not responsible for any non-delivered purchases.  Please reply with any concerns or way to check things more effectively. Edited August 24, 2017 by Jaxon Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.