"They don't trust the web because everyone has heard of email, credit card, etc. scams. One big reason for Apply to only allow in-app purchases through their system is that, therefore, third-party apps never see credit card information and can't do too much damage."
That's very easily solved. We just need a w3c spec for auth and payments in the browser, using browser-native UI and a pluggable framework so different identity providers and payment processors can hook into your browser.
If you think about it, the current system is equivalent to permanently giving a copy of your credit card to every shop you visit and telling them "bill me if you think i owe you something". The level of trust involved is mind boggling, and a system like that cannot ever become secure.
Nobody should see your cc details except your payment processor. Nobody should see your e-mail address except your identity provider (if a site wants to send you a mail, they should be using a browser-based notification api). The native app platforms have shown this works way better than the current browser model, so browsers need to play catch-up here.
That's very easily solved. We just need a w3c spec for auth and payments in the browser, using browser-native UI and a pluggable framework so different identity providers and payment processors can hook into your browser.
If you think about it, the current system is equivalent to permanently giving a copy of your credit card to every shop you visit and telling them "bill me if you think i owe you something". The level of trust involved is mind boggling, and a system like that cannot ever become secure.
Nobody should see your cc details except your payment processor. Nobody should see your e-mail address except your identity provider (if a site wants to send you a mail, they should be using a browser-based notification api). The native app platforms have shown this works way better than the current browser model, so browsers need to play catch-up here.