Give the gift of Drupal. All merchandise is 50% off through 2016.
I noticed that the module performs a check for writability by doing a call to is_writeable(conf_path()) as part of the apps_profile_authorize_transfer_APPSERVER() functionality and was wondering if that writability check shouldn't be directed at is_writable(drupal_realpath('sites/all/modules') instead since that is where the modules will ultimately get installed.
The attached patch makes that change, but I marked it as needs work/feedback to see the right approach. It also occurred to me that it might be worth modifying the module to install modules in a subdirectory (sites/all/modules/apps) since that allows for slightly more permissions control, but might be blocked by:.