AppEsteem Blog

Busting the Barriers to Clean Behavior

(Dennis Batchelder)

(tl;dr: we removed a big barrier to getting certified or requiring certification: the fee. read on for more...)

Buenos Dias from Madrid, Spain! David, Jaimee, and I attended the Clean Software Alliance Summit, and we spent two days hearing from software monetizers, most of the major AV vendors, Google, and Microsoft about the state of the software monetization industry.

I also gave an update on changes we're making to AppEsteem to help drive faster adoption of clean practices. I've attached the presentation so you can see them for yourselves... we're super excited about these changes, and we think it's going to give many more vendors the incentive they need to get off the sidelines and make a commitment to clean behavior.

Here's the presentation.... and just as a teaser to get you to read it, here's some of the cool barrier-busters we announced:

  • Certifications are now free. If you're on a budget, or if you're happy with your compliance team, no worries: we'll evaluate your app at no cost. If it meets our requirements, we'll issue you a certification and inform the security companies that you're compliant. (wow wow wow!)
  • Software vendors who commit to following our requirements can register their apps with us, and we'll provide early notification if we happen to find violations that would land the app on our Deceptor page.
  • We've made it even easier to follow our application certification requirements with a new checklist page that provides prescriptive guidance and shows examples.

 

Helping China's software monetizers get it right

(Dennis)

As you may have seen in our Deceptor page, we've listed a number of China-based software monetizers who are distributing their apps globally.

We see an opportunity to help China's software monetizers figure out clean ways to distribute their software world-wide. Our goal is that when they want to take their products to a global market, part of their process is to get certified first. This would save them the hassle of going through a Deceptor set of detections and then cleaning up.

Therefore, we announced at the 5th China Cyber Security Conference this week that we'll be publishing our App Certification Requirements in Chinese. We'll also devote some publicity to letting China's software monetizers know that we can help them get their apps right before the launch. We're hoping that by doing this, we'll save consumers (and the software monetizers) a lot of headaches.

I've attached an excerpt of the presentation I gave at the conference. Check out the second to last slide for the Chinese vendor offer.

Here I am with Christine, my translator. Jesse Song, the conference's organizer, realized that we needed to translate Deceptor, so he worked with Hong to come up with something. I think it ended up being called "cheating software" in Chinese. We'll have to come up with another catchy logo...

AppEsteem Goes to Washington

(David Finn, COO)

Last month Jaimee King (AppEsteem’s General Counsel) and I traveled from Washington State to Washington, D.C. to meet with law enforcement officials, prosecutors, and Capitol Hill staffers. Our agenda: to collaborate on new ways to protect consumers from the deceptive and harmful apps that plague the software downloading industry.

We met with eight of the top cyber officials in the FBI and Department of Justice; more than a dozen division heads, attorneys, and investigators at the FTC; and staffers at the Senate Majority Committee on Aging. 

Our primary message was simple – through collaboration, the private sector and government can make tremendous strides in protecting consumers. This message rides on the 2005 industry workshop and report from the FTC that discussed malware, spyware and adware. The FTC made a series of recommendations in that report, including that 

  • “The public and private sectors should work separately and in concert” to reduce the harm this fraudulent software causes;
  • Industry should develop common standards to help the industry self-regulate and better protect consumers; and
  • Industry should refer cases to the government for civil and criminal prosecution.

Unfortunately, the private sector didn’t get it together right away – leaving the problem of fraud and malware from harmful apps to reach epidemic proportions over the next decade. As the industry failed to control itself, the race to the bottom in making and distributing deceptive apps intensified. And the losers turned out to be millions and millions of consumers. 

But that’s now changing. As we discussed with our government hosts in D.C., stakeholders across the private sector proudly came together last year to finally do what the FTC recommended: collaborating to develop the most comprehensive, clean software standards ever, which are now publicly available under Creative Commons.

And with the launch of the AppEsteem Deceptor Program, AppEsteem is working with the security industry to call out the worst apps that trick and defraud people. We hope – and expect – that most Deceptors will clean up their act and stop harming consumers once we’ve named them. 

As for those who persist in preying on consumers, these Deceptors will be among the most appropriate targets for prosecution. Our meetings in D.C. were a big step in adding accountability for the makers and distributors of dirty apps.

Everybody we met in D.C. was engaged and responsive – it was wonderful to be reminded how mission-oriented and committed law enforcement and other government officials in this area are. They clearly recognize that when your average consumer pushes the install button for a free computer app, the experience remains far too risky. But that shouldn’t be – and it doesn’t have to be. 

A big thank you to everybody who met with us from the FBI, FTC, Department of Justice, and U.S. Senate, and to our new friends at the National Cyber Security Alliance and National Consumers League, too. Our trip further convinced us of the founding principle behind AppEsteem’s existence: that together, law enforcement, government agencies, security companies, consumer advocates, and software developers can make the internet safer for everybody.

No Deceptors allowed

Hong Jia and Dennis Batchelder

The more time we spend in the software monetization space, the better we understand how consumers are tricked and misled and taken advantage of by deceptive and harmful apps.

We need better ways to urge the software industry to avoid deceptive and harmful behavior. Vendors need to learn that releasing apps that take advantage of consumers will cause them all sorts of pain. And our certification customers need support against competitors who don't follow the same rules.

Guess what? We have a way to do this: our Deceptor program. And it's not only hurting the bad vendors and helping the good vendors, but it gets the antivirus companies more efficient at eliminating the bad apps from their customers' machines.

We've been working with the AVs since December to agree on consumer-friendly requirements that apps must stick to if they don't want to get automatically flagged. That led to us identifying twenty-five of the most harmful and deceptive behaviors that bad apps are doing to hurt consumers (you can read all about them at this link). Here's the important part: if an app violates these requirements and we spot it, we'll call it out as a Deceptor, and we'll alert the AVs. Once they do their own review and agree, the AVs will detect, block, and remove that app.

If you want to see where we call out the Deceptors, check out this link. Click on each app name and you'll find all kinds of goodies underneath: what was violated with screenshots and videos, how we found the app, and the metadata about the app.

The AVs have been very supportive, which is great. But we just launched the program, and it still has a long way to go to be fully operational (we've only identified a few Deceptors so far).

And though it's just a start, we hope to call out several of these Deceptors every day. And we hope that we've made the program easy enough so that when a vendor finds their app on our site, it's easier for them to fix the issues than it is for them to evade, or even worse, fire up their lawyers. You can check out our FAQ to see how we try to guide vendors to do the right thing.

So why, you may ask, would AppEsteem offer a free service that seems to undercut their certification business? First of all, it helps our existing customers compete on a level playing field. But we also learned in our pilot that that our best customers are those who treat consumers with respect. Hunting for Deceptors helps us find many great, consumer-respecting apps. We plan to offer our services to these vendors.

We'll be writing more about this in the future, once we see how effective the program is at driving the urgency to clean up. So far we've had some great responses from the app vendors, but we're waiting on the fixes. We're crossing our fingers and hoping that they choose the right path forward :-)

If you find a Deceptor, let us know by email: info@appesteem.com. If you're the vendor of an app that we've called out as a Deceptor, check out the FAQ and get in touch with us at dispute@appesteem.com. Our goal is to help you get your app in shape and respecting consumers.

For more information:

  1. Deceptors and how to spot them contains the requirements we worked out with the AVs 
  2. You called my app a Deceptor. What do I do now? is our FAQ for vendors
  3. This example email is a template that AVs can use when responding to a vendor inquiry about a Deceptor detection.
  4. Our latest Deceptor list shows the deceptive and harmful apps we're currently calling out and hopefully helping to clean up.

 

One hundred days later... our updated Vision and Plan

This week David Finn and I attended Affiliate Summit East in New York City. We met with prospective customers, secured commitments to participate in our pilot program, and spent time listening to what else AppEsteem could do to help clean up the software monetization ecosystem. It was great - we have more demand to join our pilot program than we can handle, and we have a better understanding of additional benefits we can offer our customers to help make the "safe" ecosystem financially rewarding.

Armed with this knowledge, our team updated the original plan Hong and I put in place back in April.

One hundred days later, our plan's got a lot more detail. We've made adjustments and worked on explaining our intentions more clearly. You can find the latest version (August 2016) at this link: Vision and Plan.

Our vision is simple, and I hope it resonates for you: Consumers have nothing to fear when installing and using free apps on their computing devices. We have a great plan to help make this happen, and we'd love to hear what you think about it. Please send me an email (denbatch@appesteem.com) if you have ideas for improving or correcting it.

-- Dennis and the amazing AppEsteem team

BTW: As you might imagine, some of us were concerned with putting our plans online. Would that drive others to compete with us? Would our security partners look for ways to outflank us? Would the bad guys be armed enough to thwart our attempts to drive them off consumers' machines?

All great questions. And in the end, we decided that if others could help meet our vision by competing with us, we'd welcome them. We want this ecosystem cleaned up in a way that lets the good players thrive, and we believe the best path to get there is if our future partners and customers find us and our plans credible. So we're sharing as openly and transparently as possible in the hopes that together we'll get it done that much faster.

Copyright © 2018 - Design by FS