Beware ‘growth-hacking’ apps

AdaptiveMobile is warning users about growth hacking, where a user-installed app will request to notify or invite the user’s contact list of the new game or service by SMS.

While the aim of this approach is to increase the app’s user base as much as possible, mobile operators are seeing these app-generated invites occupy a higher and higher percentage of spam being received by their subscribers. During an in-depth two-week study, over 20 popular social networking, communications and community-playing apps all generated varying degrees of customer complaints as a result of app growth hacking. Subscribers who install the most aggressive apps found it very difficult to avoid texting their contact lists about the service, due to the app design.

‚”Growth Hacking can be a valid marketing tactic when implemented responsibly,‚” said Cathal McDaid, Head of Security Operations at AdaptiveMobile. ‚”But apps need to implement ‚’ethical’ growth hacking, by ensuring there is an easy way for users to opt out of apps accessing contact lists, giving users easier control of who they are inviting.‚”

More worryingly, preliminary AdaptiveMobile research has also identified technical errors in some apps that cause issues within mobile networks and may allow unsolicited communications from unknown or unwanted individuals. In one very recent case, a badly designed social networking app, affecting several thousand mobile phones in North America, sent tens of thousands of invites repeatedly, draining handset batteries and leading to mobile network issues. In a separate case, another social networking app had insufficient controls on permissions on who could access whom, leading to spamming vulnerabilities. AdaptiveMobile has disclosed to the app developers the vulnerabilities, but other issues remain.

McDaid continued: ‚”We are encountering basic problems in these apps’ implementation that are causing them to repeatedly send invites, resulting in mobile phone and carrier issues, as well as identifying apps with potentially more serious concerns. We call on the app industry to avoid making notifying all contacts standard practice, to look at the implementation of their apps and to work with the mobile industry in addressing these concerns. This is to avoid these apps ‚’forcing’ their users to become spammers and to ensure they are not causing problems for both mobile subscribers and wireless carriers.‚”

*