AppEsteem Blog

AV companies: help us help you

We're very proud of the work we're doing to call out deceptive apps. It seems we've found a game changer that drives a lot of urgency in the software monetization industry and gets our security partners excited. Woo hoo!

We want even more AVs to participate, so last week in Krakow, Poland, we made a pitch to the CARO crowd on how our Deceptor feeds could save them time and increase their effectiveness. You can see the presentation here.

The talk got more AVs to agree to consume our feeds, which was great. We can't wait to call out even more deceptive apps for them to review!

 

It took us almost a year to figure it out and get it working, but now that we've seen what our Deceptor program can do, we've decided to embed it deep into our app certification operations. For instance, when we validate future vendors, we'll require that none of the apps they build, sell, distribute, white label, or monetize are Deceptors. Same with our Better World Network: our certified call centers, payment processors, and installers all will be Deceptor-free.

And what a great world it will be for consumers when the Deceptors are all gone... Thank you, AVs, for joining in and helping raise the urgency to get this problem fixed!

 

No Deceptors allowed

Hong Jia and Dennis Batchelder

The more time we spend in the software monetization space, the better we understand how consumers are tricked and misled and taken advantage of by deceptive and harmful apps.

We need better ways to urge the software industry to avoid deceptive and harmful behavior. Vendors need to learn that releasing apps that take advantage of consumers will cause them all sorts of pain. And our certification customers need support against competitors who don't follow the same rules.

Guess what? We have a way to do this: our Deceptor program. And it's not only hurting the bad vendors and helping the good vendors, but it gets the antivirus companies more efficient at eliminating the bad apps from their customers' machines.

We've been working with the AVs since December to agree on consumer-friendly requirements that apps must stick to if they don't want to get automatically flagged. That led to us identifying twenty-five of the most harmful and deceptive behaviors that bad apps are doing to hurt consumers (you can read all about them at this link). Here's the important part: if an app violates these requirements and we spot it, we'll call it out as a Deceptor, and we'll alert the AVs. Once they do their own review and agree, the AVs will detect, block, and remove that app.

If you want to see where we call out the Deceptors, check out this link. Click on each app name and you'll find all kinds of goodies underneath: what was violated with screenshots and videos, how we found the app, and the metadata about the app.

The AVs have been very supportive, which is great. But we just launched the program, and it still has a long way to go to be fully operational (we've only identified a few Deceptors so far).

And though it's just a start, we hope to call out several of these Deceptors every day. And we hope that we've made the program easy enough so that when a vendor finds their app on our site, it's easier for them to fix the issues than it is for them to evade, or even worse, fire up their lawyers. You can check out our FAQ to see how we try to guide vendors to do the right thing.

So why, you may ask, would AppEsteem offer a free service that seems to undercut their certification business? First of all, it helps our existing customers compete on a level playing field. But we also learned in our pilot that that our best customers are those who treat consumers with respect. Hunting for Deceptors helps us find many great, consumer-respecting apps. We plan to offer our services to these vendors.

We'll be writing more about this in the future, once we see how effective the program is at driving the urgency to clean up. So far we've had some great responses from the app vendors, but we're waiting on the fixes. We're crossing our fingers and hoping that they choose the right path forward :-)

If you find a Deceptor, let us know by email: info@appesteem.com. If you're the vendor of an app that we've called out as a Deceptor, check out the FAQ and get in touch with us at dispute@appesteem.com. Our goal is to help you get your app in shape and respecting consumers.

For more information:

  1. Deceptors and how to spot them contains the requirements we worked out with the AVs 
  2. You called my app a Deceptor. What do I do now? is our FAQ for vendors
  3. This example email is a template that AVs can use when responding to a vendor inquiry about a Deceptor detection.
  4. Our latest Deceptor list shows the deceptive and harmful apps we're currently calling out and hopefully helping to clean up.

 

Making our pitch and spreading the word

(from Dennis)

One of the software monetizers' main conferences, Affiliate Summit West, took place this week in Las Vegas. Today AppEsteem sponsored a CSA update, given by Adam Agensky. We followed that up with a panel discussion about how our pilot has been going. And then I gave a presentation about the value we're offering, trying a new approach to make the pitch. Here's the deck in case you missed it.

The meetup went very well: standing-room only, with lots of engaged attendees. The panelists (execs from 383 Media, PC Drivers HQ, Spigot, and Lavasoft) gave a good overview of what has gone well and what they still hoped for from us. This sparked some good discussion about what other services we could provide.

We're super-excited about where we are after just nine months: our pilot is working, both our customers and security partners have engaged, and there's quite a buzz in the software monetization space about what AppEsteem is doing to help the industry. There's nothing quite as nice as hearing our customers giving rousing sales pitches for our services, and we're grateful for their support!

So you can get a feel for the event, I've attached a picture I took of the panelists. David Finn, our intrepid COO, is on the far left, then there's Paul, Bogdan, Jesse, and Daniel from the companies listed above.

 

 

Strengthening our security partners

AVAR (The Association of Anti Virus Asia Researchers) has been hosting Asia-related anti-virus conferences since 1998. Their mission is to prevent the spread of and the damage caused by malicious software, and to develop co-operative relationships among anti-malicious software experts in Asia. This year's conference took place this week in Kuala Lumpur, and the theme was "Is AV Dead?"

I certainly hope AV isn't dead :-) They need to protect consumers from malicious and unwanted software. If they don't do this, our job at AppEsteem only becomes that much more difficult.

But AVs are struggling to stop unwanted software. On top of that, most AVs are also software monetizers, and sometimes their products use sales and distribution tactics that make them look like unwanted software themselves. If AVs don't get their act together, I believe that they'll get disrupted by somebody willing to do what it takes to keep the consumer computing experience clean and safe.

My talk was titled Near-death experience: why AVs got clobbered by Unwanted Software, and how they’ll win. I discussed both of these issues, as well as what we've learned so far from our pilot. I hope AVs as well as our software vendors will find it insightful.

We love our security partners. We count on them to hold the line and keep consumers safe. AppEsteem is committed to helping them do this, because we believe that a clean world is a much better world.

One other point: we're thrilled to announce that K7 Computing, a respected Chennai-based AV company, has signed up to be our certification partner. They'll help us scale so we can keep up with the increasing amount of certification requests that we're now receiving. They've begun to dig deep into our comprehensive requirements, and we'll be heading to India next month to get them operational. Once that happens, we'll make a bigger splash, but in the meantime, here's a pic of Hong and me with the K7 crew , taken during AVAR's gala dinner at the KL Tower.

 

 

 

Our First Certified App Takes a Bow

(David Finn, COO)

Driver Support proudly announced that its app, Driver Support with Active Optimization, is the first app to be certified by AppEsteem. This sends a signal to consumers, other app developers, platforms, and anti-malware companies that this app is clean and devoid of the kinds of deception and tricks that have become all-too-common features.

When we opened our doors at AppEsteem seven months ago, we did it with the dream that it’s possible to clean up the software monetization industry and help it thrive by embracing clean apps and maintaining an unwavering commitment to consumers.  We made a bet that if we could develop a clear, comprehensive set of certification requirements, the industry would embrace them, and we'd reverse the race to the bottom that has led to so much consumer harm.  Well, we're getting there: we launched the pilot, and now we've got our first partner enthusiastically brandishing our seal. We’re one step closer to our goal!

If you’re interested in working with us to clean up the software monetization industry, please reach out to me directly at dfinn@appesteem.com. We’re committed to this goal, and I'm eager to work with any partners who share it!

A BIG day - launch of pilot!

(David Finn, COO) 

Today marks a milestone for our customers and partners in the software monetization industry: the launch of the AppEsteem Pilot Program. 

Just six months after we opened our doors, we have certified our very first software application! We reviewed it against the most comprehensive, consumer-protection oriented guidelines ever developed in this industry. As part of the pilot, we’re sending the app to our security partners for a final review. And then it goes live.

So it’s a big day for us. A day we’ll look back on as the beginning of the end for pervasive fraud and consumer deception in the software monetization world.

Next week we’ll certify a few more apps, and we’ll continue to add more each week throughout the pilot. And all throughout the pilot, we’ll work out the kinks in our sealing and monitoring technologies, get our telemetry portal up, and find better and faster ways to publish data to our security partners.

Thank you all who provided so many fantastic ideas and feedback to get us to this point.  And thanks in advance for everything you will do in the future to help further fuel these efforts to remake this industry.

And finally, a special message to our pilot customers and security partners: thank you for your leadership by committing to the premise that clean apps and a thriving business can go hand in hand.

AppEsteem's App Certification Requirements now available online

Woo-hoo! We're awfully proud to announce that today we've published our Application Certification Requirements.

The requirements revolve around three key principles:

  1. Consumers must consent to what happens on their computers
  2. Consumers must never feel tricked or unpleasantly surprised when they install an app
  3. Consumers must never feel cheated when they pay for an app

If you build apps, you can use these requirements to ensure you meet these principles. And please consider getting your app certified and sealed by us, so our security partners will automatically know your app is clean.

If you keep consumers safe from bad apps, you can use these requirements to help you determine if an app should be allowed to be advertised, offered, installed, or run. Better yet, sign up with us, and you'll be able to trust our seals and save yourself a lot of time and effort.

Our requirements are intended to be comprehensive and serve as a single source of what apps need to do to be considered clean. But although we believe these are the most comprehensive requirements available, we also recognize they will change as we and our partners and customers fight against unwanted and fraudulent behavior. We’ll work with the industry to keep these requirements up to date and relevant.

We have put six months of effort into these requirements. Here's what we went through:

  • We identified the various components of an app that we believed needed certifying: traffic to the app, offers about the app, ads in and injected by the app, the installation process, how the app runs, and the uninstallation process.
  • We identified the “intent” we were trying to achieve for each component.
  • We came up with a naming scheme to track the “scope” of each requirement and a syntax of how we wanted the requirements to read
  • We used our knowledge from the industry to capture a first draft of the requirements.
  • We researched and cross-validated many related guidelines and detection criteria from across the industry to be sure we captured the needs of as many security and platform partners as possible and that these requirements were comprehensive. Some of the sources included the CSA guidelines; Microsoft’s MMPC Objective Criteria and Bing advertising policies; Google’s Unwanted Software, Adsense, Adwords, Chrome Extensions, and Specific Policies; and the FTC’s dot com guidance.
  • We reviewed our proposed requirements with security and platform partners, software vendors, and industry experts.
  • We "tested" the requirements on our pilot customers.
  • We added a detailed explanation to each requirement to better explain our intent.
  • We experimented with the best way to share these requirements. This wasn't easy: we tried documents and spreadsheets, and in the end decided that the best way would be an online form.

We used a Creative Commons license to make it easy for you to use them. We'd love to see these requirements become the standard that the world uses to tell whether an app is clean.

Nice confirmation of our plans... thanks Fortune, Google, and NYU!

Fortune published an article last week titled This Software Is So Sleazy, Google Calls It Ooze.  It refers to this blog entry by Google, which summarizes the results of a study by Google and NYU researchers that lays out some of the worst parts of the software monetization industry.

The article tells how consumers end up being deceived and bamboozled into downloading software they don’t want or need. It describes how the current system of incentives is encouraging bad behavior, rewarding fraudsters, and harming consumers. And it notes the need for solutions.  “One of the primary outcomes of this research is, we hope, to raise awareness from the research community at large,” says a Google researcher, “and to focus more on techniques to help protect users.”

We at AppEsteem couldn’t agree more.  Our entire business is dedicated to offering a solution to all this “ooze” -- one that will help the industry get clean and thrive, so consumers can live in a world where they no longer need to fear installing or using apps.

Check out our plan to find out more!

One hundred days later... our updated Vision and Plan

This week David Finn and I attended Affiliate Summit East in New York City. We met with prospective customers, secured commitments to participate in our pilot program, and spent time listening to what else AppEsteem could do to help clean up the software monetization ecosystem. It was great - we have more demand to join our pilot program than we can handle, and we have a better understanding of additional benefits we can offer our customers to help make the "safe" ecosystem financially rewarding.

Armed with this knowledge, our team updated the original plan Hong and I put in place back in April.

One hundred days later, our plan's got a lot more detail. We've made adjustments and worked on explaining our intentions more clearly. You can find the latest version (August 2016) at this link: Vision and Plan.

Our vision is simple, and I hope it resonates for you: Consumers have nothing to fear when installing and using free apps on their computing devices. We have a great plan to help make this happen, and we'd love to hear what you think about it. Please send me an email (denbatch@appesteem.com) if you have ideas for improving or correcting it.

-- Dennis and the amazing AppEsteem team

BTW: As you might imagine, some of us were concerned with putting our plans online. Would that drive others to compete with us? Would our security partners look for ways to outflank us? Would the bad guys be armed enough to thwart our attempts to drive them off consumers' machines?

All great questions. And in the end, we decided that if others could help meet our vision by competing with us, we'd welcome them. We want this ecosystem cleaned up in a way that lets the good players thrive, and we believe the best path to get there is if our future partners and customers find us and our plans credible. So we're sharing as openly and transparently as possible in the hopes that together we'll get it done that much faster.

Security Partners: we're open for business :-)

Today at Microsoft's MSRA conference, AppEsteem is announcing that we're finally ready to onboard security partners. It's a great deal: we provide free access to the information they need to protect their customers from PUA, and in return they commit to working with us as they "nudge" our sealed customers back into compliance.

Today we're giving both a review of where we are with our beta/pilot, the learnings and pivots we've made, and our request for support. Here's the deck we're presenting: MSRA security partner pilot review.pdf (1.16 mb)

So far we've gotten lots of positive response from the AVs and browser security teams. They've helped us craft solid guidelines, and provided great feedback on the right technology to use. We're looking forward to a great partnership!

If you're a security partner, a software vendor, or a compliance officer, please come register at our site: http://appesteem.com --> REGISTER.

(I'm amazed at how far we've come in just three months. Our dev/research team is now 12 strong; we've got a great slate of early customers, and supportive security partners. I can't wait for the day when the software monetization industry is clean and thriving!)

Copyright © 2018 - Design by FS