Betareadinessreview

Learnings,nextsteps,requestforsupport

DennisBatchelderAppEsteemCorporation

July2016

AppEsteemprovidesasafehavenforcleansoftwaremonetizationvendors…

…sowecansqueezeoutthedirtyplayers

whofundtheirbusinessbytrickingandcheatingcustomers

whogrowtheirbusinessbyoutbiddingthecleanplayers

WehelpsecuritypartnersprotecttheircustomersfromPUA

BeforeAppEsteem Certifiedappsmakeabetterworld

BetaReadinessApril- June:Prepare

ü RoadshowwithAVs,platforms,CSA,Complianceofficers(5shows,visits)

ü Recruitdev/researchteam(12onteam)ü Signupinstallers/downloaders/vendors (2

installers,3vendors,6CRXs)ü Figureoutmonetizationplan(feeschedule

socialized)Stillinprogress…

• Establishvalidationandcertificationscorecards(havedrafts)

• DeliverfirstcutofSRCLandseals(SRCLgoingoutnextweek)

• GetmoreSecurityPartnersintobeta(that’stoday)

• LandMOUwithCSAAugust- September:runbetas/pilot

• WindowsPE(August)• CRX(September)

ProvidebasicinfoSignlicenseagreement

MaychoosecompliancepartnerAcceptclientCountersignagreement

Generateappkey

BuildanddistributeappViewtelemetry

Viewtelemetry

Updatebehaviorgraph;alertonanomalies

Anonymize,aggregate,publish

ConstructbehaviorgraphAnonymize,aggregate,publish

Submit/renewvendordisclosureeveryyear

Signoffondisclosureinterview

Investigateandapprove/reject

Viewapproveddisclosures

Submit/renewcertificationrequesteveryyear/everymajor

version

Signoffoncertificationrequest

Analyze,test,andapprove/rejectConstructbehaviorgraph

Generateseal

Viewapprovedcertifications

RebuildwithsealRegisterfinalpackage

Re-certifyandpublish”signature”

Fixappandresubmit SignsoffonchangesNotifyvendorofblockInitiateremediationprocess

Ifblocking:notifywhyConsume“signatures”

Viewtelemetry Viewtelemetry,alerts Viewtelemetry,alerts

Consume“signatures”

Howitworks

$2000

$200

1%ofLTV60

Fee

Whatthebeta(pilot)willmeasure

Measuring

Canweincreasecustomeroffersatisfaction?

Canwereducevendorevasion?

Hypothesis:Offerscreenstrickcustomerstoclickingthroughandleavethemdissatisfied.Sealedappswithcertifiedofferscreenswillleadtobetterinformedandhappiercustomers.

Hypothesis:Today’sinstallersevadedetectionbymorphinghostinglocations,digitalsignatures,productupdates,brandnames,anddomains.Sealedappswon’tneedthis,whichreducesthecosttoprotect

MeasuringsuccessReducedsealedofferstartuprates.Increasesealedapplifetime

Measuring successLessevasion:reducedcertificates,domains,landingpages,productupdatesforsealedoffers

Validation:whereweare

Whatwe’vedone• Collecteddataonourown• Conductedinvestigationsusingpublicdata(Glassdoor,lawsuits,IPownership)

Whatwe’velearned• Disclosuresandvendorcommentaryseemtobethemostappropriateapproach

• Compliancepartnerswillhelp• Structuredinterviewswillreduceourinvestigativetime

WhatweplantogatherandmakeavailabletosecuritypartnersCategory DataStructuralInformation Ownership, DBAs,

Addresses,Contacts,Licenses,sharedownershipcompanies

Business Relationshipsandpotentialconflictsofinterest

Partnerships,Affiliates,trademarkdisputes,areasnotfollowingguidelines

EvidenceofControls Affiliatemanagement,Advertisermanagement,IPprotection.Supplychainmanagement

Attestationsto followingcleanguidelines

Commitments

(Investigationresults) Publicreputation,news,posts

Certification:whereweare

Wherewestarted• Google’sUnwantedSoftwarePolicies

• MMPC’sObjectiveCriteria• CSA’sGuidelines• Inheritedprinciples:Consumersneedconsent,control,andnounpleasantsurprises

Whatwelearned• Missingprinciple:consumersshouldn’tfeelcheatedafterpaying

• Importanttotracktheentirecreative->landingpage->installsupplychain

Addressinggapswe’vefoundGap NewRequirements

No appmonitoringrequirementleavesvendorswithoutverification

AppsmustlinkandnotevadeSRCLlibrary,musthonor“uninstall”command

Greatappscanstillhave badaffiliates,causingsuspensionsbyplatforms

Landingpagesmustblockobscured references,mustpublishaffiliaterestrictions

Normal“next” installflowleavesconsumerssurprised

Unrelatedoffersmusthaveunselected radiobuttonswheretheconsumermustchoosetocontinue

Need bettercontexttodoafairevaluation

Requireapps tosubmitavalueandmonetizationstatement

In-product upgradesneedevaluation

System utilitiesmusthaveareputable3rd partyvouchingfortheirvalue

Ad injectionhasstandardstoo SetthetoolbarbitforAppNexusauctions/equivalent

Theseal:whereweare

Wherewestarted• WeheardconcernsofusingTaggants• Weplannedtorollourownsealto

supportourcapabilities

Whatwelearned• Weneedtobeopenandallow

competitors• Weneedtoreduceimplementation

friction• SeveralAVsalreadyimplemented

Taggants• Bettertopatchholesthanintroduce

brand-newsecurity

Taggant implementationplan• Singlesigner(AppEsteem)• Newdatainside:distributionrights,

certifications,vendorattestations

Identification Taggant v2info

DistributionRights

W3C’sORDL-JSONformat

Certifications Guidelines/versionnumbers

Vendorattestations

ValuestatementMonetizationstatement

Two-phasecommit1) Vendorsignsapp,submits2) AppEsteemcertifiesandbuildsseal3) Vendorpackagesseal,re-signsapp4) AppEsteemregistersapp

Monitoring:whereweareWhatweplanned• EasylinkingwithourSelfRegulatingClient

Library(SRCL)• WorkwithPEs,CRXs,APKs• Reportheartbeat,timetolive,blocks,

anomalies• EasywayforSecurityPartnerstoreport

problems

BuiltforPEfiles• UsingMicrosoftDetours,auto-injectunsealedchildprocessestomonitorregistry,file,process,(soonnetwork)

• Screenshotsamplestocaptureoffers

BuildingforCRXs• CRXs:usingAspectJS tomonitor• Screenshotsamplestocaptureadinjection

Buildingabehaviorgraph

Category DataApp Information • Provenance

• Landingpage• Identification• Install locations

Components • Libraries• Children• Parents

Actions • Processes• Libraries• File, registry,process• Cookies,bookmarks,history,

tabs• Defaultoverrides• Advertising

Remediation:whereweare

Wherewestarted• Goalistoencouragetherightbehavior• Hopetoneverneedtousethenuclearoptions

Whereweare• NeedslotsofIQinvestmenttogetthisright

Remediationthoughts:proportionalandescalatingresponse

Stage ActionsStopbadbehaviorimmediately

• Security Partnersblocknewinstalls

• Vendorinformedofspecificreasons

• Blocknewsealsfromvendor

Demonstrateurgency • Throttled/targetedremovals

• DeepinvestigationsRevokeapp • FullremovalsRevokecompany • Fullcleanup

SecurityPartners:timetocommitJRegisterasaSecurityPartner

• SecurityPartneraccessisFREE• http://appesteem.com ->REGISTER• Signourpartnershipagreement(we’llsendoutnext

week)

Whatyouget• Validatedcompanyandsealedcertificationdisclosures• Accesstosealedappsandanalysisresults• Distributionandbehaviortelemetry• Signaturesandonlinechecks

DuringBeta:pre-signoff• We’relearningthistogether:wewanttogetitright• ValidationandCertificationdisclosures

• Wewanttopivotasnecessary• Everyinstallpackage

• Wewanttoensureourbehaviorgraphsarecomplete• Worktohelpusgetremediationright

• Wewanttoputseriouspressureonthebadguys

http://appesteem.cominfo@appesteem.com

@appesteem