I was in China for the past week on a fact-finding mission to see if AppEsteem could help clean up their app ecosystem. I met with teams from Qihoo, Baidu, Microsoft, and ThreatBook to get educated. Here's what I learned:
- The large AV vendors in China (Qihoo, Tencent, and Baidu) have a robust whitelisting service for in-country apps, which they provide to apps for free. These services include company validation and app certification. So while a local Chinese app has to submit at least three times, the process already exists.
- What's considered "clean" and "unwanted" is different in China than the rest of the world. Many apps trusted by Chinese AV vendors would not pass muster with non-Chinese AVs. Which means that vendors will need help getting their apps compliant for the rest of the world.
- The mobile world works differently in China. Since Google Play isn't available through the Great Firewall, there are many Android app stores out there, each with their own approach to curation. This means that it's pretty easy to lure customers to install repackaged, fraudulent, unwanted, and malicious Android apps from app stores with not-so-hygenic practices.
There's definitely a big opportunity, and even some urgency to get it right. But doing business in China is harder than just hiring a local bus-dev person; we'd have to solve language and cultural issues too.
One thing is clear: I have to think bigger than just Windows. I was thinking that I'd tackle Android next year, but now I'm going to spin up some additional research so I know how a sealed APK would work.
So it will take some time to figure out the right approach, and we'll have to find some great local partners to pull it off. I'd like to get something set up by early next year; in the meantime I'll stay focused on getting the Windows beta up and running.
Today I had the privilege of presenting AppEsteem's plans at the SERENE-RISC Spring 2016 Workshop in Vancouver, BC.
SERENE-RISC's goal is to improve the general public's awareness of cybersecurity risks and to empower all to reduce those risks through knowledge. This seemed like the perfect place to talk about how AppEsteem is going to help fix the software monetization industry.
Here's the presentation: Saving the software industry from itself.pdf (2.30 mb). The talk seemed well-received :-)
Next step: get the technology side demo-able in time for CARO on 20 May :-)
Welcome to AppEsteem. We're going to work like crazy to help the software monetization world work safely... and hopefully have a lot of fun with you as we do it.
We can't wait to explain more! But we have to figure it all out, and get ourselves organized, and that will take a little time.
In the meantime, you'll be able to here more about AppEsteem as we present at the following security and monetization industry events:
- Serene Risc in Vancouver, BC on 27 April 2016
- CARO 2016 in Bucharest, Romania on 20 May 2016
- TLV Software Meetup in Tel Aviv, Israel on 8 June 2016
- Clean Software Alliance meeting in Mountain View, CA on 16 June 2016