Somehow the part of me that abhors terrible software design took over, and before I really thought about it, I had sent them a very detailed proposal for an alternative design that both fully integrated with their existing infrastructure and reduced integration complexity from a collection of scattered changes to Java source (which would break compatibility with other marketplaces) to a three-line XML change in an application's manifest (which could even be applied in an automated fashion upon upload to the marketplace), with no need to even recompile existing code.
The issue now, after a few rounds back and forth with their team, is that I've come to privately realize a major exploit in my design which would allow the creation of a general-purpose launcher app that would completely evade the DRM scheme I recommended.
Should I continue to help this company improve the developer friendliness of their egregious DRM solution? This would (1) make them much more attractive and lead to many more adopters of their marketplace (2) stop a precedent from being set for Android developers having to customize their code for a distinct marketplace and (3) rid the world of a piece of software design that, at best, discourages integration, and, at worst, inspires a new era of terrible DRM design.
Alternatively, should I tell them about the exploit, its mechanism, and its implications, and suggest they stop implementation?
Thirdinatively, should I just keep helping them fix their stuff (which has its share of existing exploits already), and keep quiet about the exploit, leaving it as an easter egg for the curious few with both a deep enough understanding of the Android framework and experience with this particular marketplace to discover on their own?"