AppEsteem Blog

Updated Deceptor Requirements

Just a quick notice that we've updated our Deceptor requirements to address additional areas of consumer abuse.

Here's the requirements that we've promoted to "Deceptor-level" during the month of October. If we find apps failing these (or any) Deceptor requirements, we'll call them out on our Deceptor website.

  1. ACR-046, because we found that apps were making it difficult for consumers to find their disclosures and install options. 
  2. ACR-071, because we found download managers and bundlers "grouping" their offers behind a single accept button, making it impossible for consumers to select them individually.
  3. ACR-086, because we found apps capturing user clicks, searches, and other data from consumers when this wasn't the purpose of the app.
  4. ACR-116, because we found apps were making it difficult for consumers to remove the app
  5. ACR-103, because we found many browser extensions that offered no accessible value beyond changing search or launching existing web pages
  6. ACR-075, because we found download managers and bundlers making offers to consumers, yet failing when installing the carrier app

A big thank you to our security partners for helping us get these requirements right and for agreeing to enforce against violations. Together we'll make downloading apps much safer for everybody.

If you're an app vendor, we know you want to get it right. Please consider registering your app with us. If you register and commit to fixing any Deceptor violations, we'll notify you a month before we tell our security partners about your violations.

Busting the Barriers to Clean Behavior

(Dennis Batchelder)

(tl;dr: we removed a big barrier to getting certified or requiring certification: the fee. read on for more...)

Buenos Dias from Madrid, Spain! David, Jaimee, and I attended the Clean Software Alliance Summit, and we spent two days hearing from software monetizers, most of the major AV vendors, Google, and Microsoft about the state of the software monetization industry.

I also gave an update on changes we're making to AppEsteem to help drive faster adoption of clean practices. I've attached the presentation so you can see them for yourselves... we're super excited about these changes, and we think it's going to give many more vendors the incentive they need to get off the sidelines and make a commitment to clean behavior.

Here's the presentation.... and just as a teaser to get you to read it, here's some of the cool barrier-busters we announced:

  • Certifications are now free. If you're on a budget, or if you're happy with your compliance team, no worries: we'll evaluate your app at no cost. If it meets our requirements, we'll issue you a certification and inform the security companies that you're compliant. (wow wow wow!)
  • Software vendors who commit to following our requirements can register their apps with us, and we'll provide early notification if we happen to find violations that would land the app on our Deceptor page.
  • We've made it even easier to follow our application certification requirements with a new checklist page that provides prescriptive guidance and shows examples.

 

Our Better World Network has its first certified call center

(David Finn and Jaimee King)

Constant learning. This is among AppEsteem’s most important values, and six months ago, we learned a lesson culminating in the certification today of our Better World Network's first call center, Advanced Technical Support

Last November we launched our pilot program and certified our first set of apps. We proudly advised our partners in the security community, but one partner continued to block one of the newly certified apps. They showed us how the app directed consumers to a call center, and the call center falsely declared their computers were infected with viruses and scared consumers into buying technical support services.

Our big lesson from that: if we want to protect consumers from bad apps, we must look beyond the app. If the app uses a call center, the call center must be clean and compliant. We needed to pore over the entire software monetization supply chain (we’ll be doing more of this in the future, so stay tuned as we start to certify payment processors and ad networks).

And that’s what drove the hard work. We developed a set of call center requirements, following the process we used to finalize our app requirements. We researched best practices, reviewed judicial rulings in call center cases, and consulted with various experts and stakeholders, including a number of call centers, security companies, government agencies, consumer groups, and app vendors. The result of that collaborative work is a comprehensive, consumer-oriented set of 39 call center requirements that will change how the software monetization industry engages with call centers, and how call centers engage with consumers.

Any call center that meets this set of 39 requirements can be trusted to support interactions with AppEsteem certified apps. You’ll see that we marked eight of the requirements in red; if a call center violates any of these requirements, we’ll label that call center a Deceptor, and we’ll ask our partners to double-check, then block access to these Deceptor Call Centers. While we want call centers to meet all our requirements, we’ve set a minimum bar so our partners can protect consumers, and so call centers engaged in particularly bad conduct are discouraged from continuing such insidious practices.

We also made it a requirement that any certified software application that relies on a call center must either a) use a certified call center, or b) use a call center that is branded with the app’s name, and that follows our call center requirements. It’s high time for a program that rewards good call centers and isolates bad call centers.

It’s against this background that we announce today our first certified call center: ATS Digital Services, also known as Advanced Tech Support (“ATS”). We visited ATS’ operations in Jamaica and Florida, and we reviewed their compliance with each of our call center requirements. We analyzed business records and call logs, and we listened to live and recorded calls. ATS demonstrated a commitment to ethical practices, and they modified some of their internal procedures to comply with our requirements.

ATS has joined our Better World Network and committed not to do business with Deceptor Apps. We’ll monitor ATS to ensure continued compliance by conducting reviews of records and calls, making mystery shopping calls, visiting onsite, and consulting others in the industry. We believe that ATS is committed to protecting consumers, and we’re thrilled that they’ve become our first certified call center within the Better World Network.

The call center sector, along with other parts of the software monetization supply chain, has been under regulatory scrutiny and in the midst of a broad clean-up for the last three years. In 2014, the FTC took enforcement actions against software apps and several call centers, including ATS, for allegedly misleading marketing practices. ATS cooperated and settled their case in 2016. By putting consumers first, we believe ATS is a great example that companies can dedicate themselves to the highest standards of conduct, and offer remote technical services to consumers in a compliant manner.

Certifying call centers demonstrates, once again, that private and public-sector collaboration can produce great results for consumers. It’s up to the industry, the Clean Software Alliance, and AppEsteem to magnify regulator actions, leverage market forces to further protect consumers, and to innovate in ways that drive sound practices and root out harmful ones.

We hope that today’s announcement helps usher in a new era for call centers supporting certified apps. And that this marks another step toward a healthy software downloading industry – one with less fraud, fewer bad actors, more clean businesses, and far more satisfied and happy app consumers around the world.

Helping China's software monetizers get it right

(Dennis)

As you may have seen in our Deceptor page, we've listed a number of China-based software monetizers who are distributing their apps globally.

We see an opportunity to help China's software monetizers figure out clean ways to distribute their software world-wide. Our goal is that when they want to take their products to a global market, part of their process is to get certified first. This would save them the hassle of going through a Deceptor set of detections and then cleaning up.

Therefore, we announced at the 5th China Cyber Security Conference this week that we'll be publishing our App Certification Requirements in Chinese. We'll also devote some publicity to letting China's software monetizers know that we can help them get their apps right before the launch. We're hoping that by doing this, we'll save consumers (and the software monetizers) a lot of headaches.

I've attached an excerpt of the presentation I gave at the conference. Check out the second to last slide for the Chinese vendor offer.

Here I am with Christine, my translator. Jesse Song, the conference's organizer, realized that we needed to translate Deceptor, so he worked with Hong to come up with something. I think it ended up being called "cheating software" in Chinese. We'll have to come up with another catchy logo...

AppEsteem Goes to Washington

(David Finn, COO)

Last month Jaimee King (AppEsteem’s General Counsel) and I traveled from Washington State to Washington, D.C. to meet with law enforcement officials, prosecutors, and Capitol Hill staffers. Our agenda: to collaborate on new ways to protect consumers from the deceptive and harmful apps that plague the software downloading industry.

We met with eight of the top cyber officials in the FBI and Department of Justice; more than a dozen division heads, attorneys, and investigators at the FTC; and staffers at the Senate Majority Committee on Aging. 

Our primary message was simple – through collaboration, the private sector and government can make tremendous strides in protecting consumers. This message rides on the 2005 industry workshop and report from the FTC that discussed malware, spyware and adware. The FTC made a series of recommendations in that report, including that 

  • “The public and private sectors should work separately and in concert” to reduce the harm this fraudulent software causes;
  • Industry should develop common standards to help the industry self-regulate and better protect consumers; and
  • Industry should refer cases to the government for civil and criminal prosecution.

Unfortunately, the private sector didn’t get it together right away – leaving the problem of fraud and malware from harmful apps to reach epidemic proportions over the next decade. As the industry failed to control itself, the race to the bottom in making and distributing deceptive apps intensified. And the losers turned out to be millions and millions of consumers. 

But that’s now changing. As we discussed with our government hosts in D.C., stakeholders across the private sector proudly came together last year to finally do what the FTC recommended: collaborating to develop the most comprehensive, clean software standards ever, which are now publicly available under Creative Commons.

And with the launch of the AppEsteem Deceptor Program, AppEsteem is working with the security industry to call out the worst apps that trick and defraud people. We hope – and expect – that most Deceptors will clean up their act and stop harming consumers once we’ve named them. 

As for those who persist in preying on consumers, these Deceptors will be among the most appropriate targets for prosecution. Our meetings in D.C. were a big step in adding accountability for the makers and distributors of dirty apps.

Everybody we met in D.C. was engaged and responsive – it was wonderful to be reminded how mission-oriented and committed law enforcement and other government officials in this area are. They clearly recognize that when your average consumer pushes the install button for a free computer app, the experience remains far too risky. But that shouldn’t be – and it doesn’t have to be. 

A big thank you to everybody who met with us from the FBI, FTC, Department of Justice, and U.S. Senate, and to our new friends at the National Cyber Security Alliance and National Consumers League, too. Our trip further convinced us of the founding principle behind AppEsteem’s existence: that together, law enforcement, government agencies, security companies, consumer advocates, and software developers can make the internet safer for everybody.

AV companies: help us help you

We're very proud of the work we're doing to call out deceptive apps. It seems we've found a game changer that drives a lot of urgency in the software monetization industry and gets our security partners excited. Woo hoo!

We want even more AVs to participate, so last week in Krakow, Poland, we made a pitch to the CARO crowd on how our Deceptor feeds could save them time and increase their effectiveness. You can see the presentation here.

The talk got more AVs to agree to consume our feeds, which was great. We can't wait to call out even more deceptive apps for them to review!

 

It took us almost a year to figure it out and get it working, but now that we've seen what our Deceptor program can do, we've decided to embed it deep into our app certification operations. For instance, when we validate future vendors, we'll require that none of the apps they build, sell, distribute, white label, or monetize are Deceptors. Same with our Better World Network: our certified call centers, payment processors, and installers all will be Deceptor-free.

And what a great world it will be for consumers when the Deceptors are all gone... Thank you, AVs, for joining in and helping raise the urgency to get this problem fixed!

 

No Deceptors allowed

Hong Jia and Dennis Batchelder

The more time we spend in the software monetization space, the better we understand how consumers are tricked and misled and taken advantage of by deceptive and harmful apps.

We need better ways to urge the software industry to avoid deceptive and harmful behavior. Vendors need to learn that releasing apps that take advantage of consumers will cause them all sorts of pain. And our certification customers need support against competitors who don't follow the same rules.

Guess what? We have a way to do this: our Deceptor program. And it's not only hurting the bad vendors and helping the good vendors, but it gets the antivirus companies more efficient at eliminating the bad apps from their customers' machines.

We've been working with the AVs since December to agree on consumer-friendly requirements that apps must stick to if they don't want to get automatically flagged. That led to us identifying twenty-five of the most harmful and deceptive behaviors that bad apps are doing to hurt consumers (you can read all about them at this link). Here's the important part: if an app violates these requirements and we spot it, we'll call it out as a Deceptor, and we'll alert the AVs. Once they do their own review and agree, the AVs will detect, block, and remove that app.

If you want to see where we call out the Deceptors, check out this link. Click on each app name and you'll find all kinds of goodies underneath: what was violated with screenshots and videos, how we found the app, and the metadata about the app.

The AVs have been very supportive, which is great. But we just launched the program, and it still has a long way to go to be fully operational (we've only identified a few Deceptors so far).

And though it's just a start, we hope to call out several of these Deceptors every day. And we hope that we've made the program easy enough so that when a vendor finds their app on our site, it's easier for them to fix the issues than it is for them to evade, or even worse, fire up their lawyers. You can check out our FAQ to see how we try to guide vendors to do the right thing.

So why, you may ask, would AppEsteem offer a free service that seems to undercut their certification business? First of all, it helps our existing customers compete on a level playing field. But we also learned in our pilot that that our best customers are those who treat consumers with respect. Hunting for Deceptors helps us find many great, consumer-respecting apps. We plan to offer our services to these vendors.

We'll be writing more about this in the future, once we see how effective the program is at driving the urgency to clean up. So far we've had some great responses from the app vendors, but we're waiting on the fixes. We're crossing our fingers and hoping that they choose the right path forward :-)

If you find a Deceptor, let us know by email: [email protected]. If you're the vendor of an app that we've called out as a Deceptor, check out the FAQ and get in touch with us at [email protected]. Our goal is to help you get your app in shape and respecting consumers.

For more information:

  1. Deceptors and how to spot them contains the requirements we worked out with the AVs 
  2. You called my app a Deceptor. What do I do now? is our FAQ for vendors
  3. This example email is a template that AVs can use when responding to a vendor inquiry about a Deceptor detection.
  4. Our latest Deceptor list shows the deceptive and harmful apps we're currently calling out and hopefully helping to clean up.

 

Making our pitch and spreading the word

(from Dennis)

One of the software monetizers' main conferences, Affiliate Summit West, took place this week in Las Vegas. Today AppEsteem sponsored a CSA update, given by Adam Agensky. We followed that up with a panel discussion about how our pilot has been going. And then I gave a presentation about the value we're offering, trying a new approach to make the pitch. Here's the deck in case you missed it.

The meetup went very well: standing-room only, with lots of engaged attendees. The panelists (execs from 383 Media, PC Drivers HQ, Spigot, and Lavasoft) gave a good overview of what has gone well and what they still hoped for from us. This sparked some good discussion about what other services we could provide.

We're super-excited about where we are after just nine months: our pilot is working, both our customers and security partners have engaged, and there's quite a buzz in the software monetization space about what AppEsteem is doing to help the industry. There's nothing quite as nice as hearing our customers giving rousing sales pitches for our services, and we're grateful for their support!

So you can get a feel for the event, I've attached a picture I took of the panelists. David Finn, our intrepid COO, is on the far left, then there's Paul, Bogdan, Jesse, and Daniel from the companies listed above.

 

 

Strengthening our security partners

AVAR (The Association of Anti Virus Asia Researchers) has been hosting Asia-related anti-virus conferences since 1998. Their mission is to prevent the spread of and the damage caused by malicious software, and to develop co-operative relationships among anti-malicious software experts in Asia. This year's conference took place this week in Kuala Lumpur, and the theme was "Is AV Dead?"

I certainly hope AV isn't dead :-) They need to protect consumers from malicious and unwanted software. If they don't do this, our job at AppEsteem only becomes that much more difficult.

But AVs are struggling to stop unwanted software. On top of that, most AVs are also software monetizers, and sometimes their products use sales and distribution tactics that make them look like unwanted software themselves. If AVs don't get their act together, I believe that they'll get disrupted by somebody willing to do what it takes to keep the consumer computing experience clean and safe.

My talk was titled Near-death experience: why AVs got clobbered by Unwanted Software, and how they’ll win. I discussed both of these issues, as well as what we've learned so far from our pilot. I hope AVs as well as our software vendors will find it insightful.

We love our security partners. We count on them to hold the line and keep consumers safe. AppEsteem is committed to helping them do this, because we believe that a clean world is a much better world.

One other point: we're thrilled to announce that K7 Computing, a respected Chennai-based AV company, has signed up to be our certification partner. They'll help us scale so we can keep up with the increasing amount of certification requests that we're now receiving. They've begun to dig deep into our comprehensive requirements, and we'll be heading to India next month to get them operational. Once that happens, we'll make a bigger splash, but in the meantime, here's a pic of Hong and me with the K7 crew , taken during AVAR's gala dinner at the KL Tower.

 

 

 

Our First Certified App Takes a Bow

(David Finn, COO)

Driver Support proudly announced that its app, Driver Support with Active Optimization, is the first app to be certified by AppEsteem. This sends a signal to consumers, other app developers, platforms, and anti-malware companies that this app is clean and devoid of the kinds of deception and tricks that have become all-too-common features.

When we opened our doors at AppEsteem seven months ago, we did it with the dream that it’s possible to clean up the software monetization industry and help it thrive by embracing clean apps and maintaining an unwavering commitment to consumers.  We made a bet that if we could develop a clear, comprehensive set of certification requirements, the industry would embrace them, and we'd reverse the race to the bottom that has led to so much consumer harm.  Well, we're getting there: we launched the pilot, and now we've got our first partner enthusiastically brandishing our seal. We’re one step closer to our goal!

If you’re interested in working with us to clean up the software monetization industry, please reach out to me directly at [email protected]. We’re committed to this goal, and I'm eager to work with any partners who share it!

Copyright © 2024 - Design by FS