Virtual Goods and Subscriptions for Mobile Devices Nearly $5B by 2016?

November 6, 2011

Fifteen years ago buying ringtones and swapping .3 megapixel photos was cutting edge, now global revenues from mobile virtual goods and premium subscriptions is projected to stretch to $4.7 billion USD by 2016, according to Juniper Research’s “Virtual Goods – Real Revenues on Mobile” study released this month.

Juniper defines virtual goods, as intangible, digital items which cost little to produce and are often sold in bulk at low prices, typically for about $1 USD each. Many virtual goods are digital depictions of physical goods – like the berries in Farmville for example – and Juniper says in-game items are a major source of virtual good revenue for many sites.

The kicker for consumers will be determining if the digital downloads are safe, or carry a bonus malware payload.

In my blog It’s No Accident – Mobile Money and Mobile Malware Set to Go Big in 2011, I explain why the surge in mobile revenue feeds the mobile crime rate:

The revenue potential of turning phones into payment tools for financial institutions is enormous. And the convenience factor for consumers is clear cut – the need for carrying cash or credit cards disappears, and whole new application scenarios are enabled. So what does this have to do with mobile crime?

Follow the money. The same factors that make a favorable climate for great strides in legitimate mobile commerce make a favorable climate for crime.

As the popularity of smartphones skyrockets, smartphone functionality increases, the number of mobile banking, ecommerce, and transaction platforms expand, the number of mobile access points explodes, and the sophistication of criminals grows, we are approaching perfect storm conditions. Here’s how both the good guys and the bad guys look at the landscape:

Size of opportunity: There are now more than five billion connections worldwide and analysts predict this will surpass the six billion mark in 2012. More than 500 million of these phones today are smartphones that enable the rich features companies and crooks need to drive revenue, and this number is expected to exceed 1 billion smartphones by 2013 according to the latest forecasts from Informa Telecoms & Media.  As a point of comparison, there are about 2 Billion computers out there, most running the Windows OS.

Cost of investment drops: As industry pressures condense the number of mobile platforms, developers and hackers alike can better leverage their code to target millions/billions of users with the same services (and exploits) setting the stage for a high return on investment.

Risk – From financial corporations view: Credit card companies and other financial institutions believe they have mitigated the risks inherent in contactless payment systems. Indeed, Visa claims their PayWave system will in fact be safer than using traditional credit cards because their chip creates a unique authentication code for each transaction while never providing retailers with your credit card number. Challenging that claim, security expert and uber white hat hacker Karsten Nohl told CNET that NFC payments still have their security weaknesses and that the technology may need a bit more time to be completely safe. Whatever the case, these companies have long experience earning plenty of money even when crime takes a bite out of their revenues. But they only have to cover one piece of the pain; consumers have to pick up the time and cost of cleaning up their accounts and financial reputations.

Risk – From organized crime’s view: With their successful tactics in phishing, farming, scamming and spamming constantly being honed, consumers using insecure WiFi networks,  security gaps in both service’s and in platform’s code to exploit, antiquated or non-existent laws, police forces woefully understaffed, and careless consumers hell-bent on convenience, what’s not to like? Now add into the mix that phones are essentially wallets and everyone wants to be a pickpocket. The business case for investing mobile malware has finally been made.  Learn more in my blog McAfee Threat Predictions for 2011 – Mobile: Usage is rising in the workplace, and so will attacks, that looks at the historically fragile cellular infrastructure and slow strides toward encryption. McAfee Labs predicts that 2011 will bring a rapid escalation of attacks and threats to mobile devices, putting user and corporate data at very high risk.

We’ve already begun to see the damage. Android (Google) has had at least two embarrassing episodes with their mobile apps – see my blogs More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware and Twenty-Five New Malicious Apps on Android; 30,000 to 120,000 Users Affected. And as more users go outside the ‘tested apps in walled gardens’ like Apple’s and the ones carriers provide, the insertion of malicious code into apps will increase.

The bottom line: There is no substitute for strong security protection on your device.  There are a number of mobile security suites available to compare these TopTenReviews has created an excellent mobile security software comparison chart for consumers. Be sure you install one.



6 Tips to Identifying the Real Costs of Virtual Goods

March 14, 2011

Though selling virtual goods isn’t new, marketing these items to kids is. Apple has changed their purchasing policy in response to overwhelming outrage by consumers, and federal and state law enforcement bodies. At issue was the lack of clear notice and information that ‘virtual’ purchases cost real money, and the 15-minute policy that said after a password is entered for a purchase on Apple’s IPhones and IPad devices additional purchases could be made without reentering the password.

The idea behind Apple’s previous policy was to allow users to be able to quickly make several purchases without having to enter their password every time, but it did not foresee the in-app purchase confusion this could lead to.

In practice the old policy meant that if a parent bought a game for their child to play, then handed the device over to their child, purchases could be racked up without the parent’s knowledge or consent, and without the child realizing that the charges weren’t in ‘virtual currency’.

After hearing of exorbitant charges facing families whose children had naively purchased items, Washington State Attorney General Rob McKenna’s office wrote to Apple in December of last year.  The policy change “is a victory for consumers,” said Paula Selis, senior counsel for State Attorney General Rob McKenna. “Our attitude about enforcement is that we are most effective with positive change without litigating, and talk an issue through with a company to affect change.”

McKenna’s office wasn’t the only one to take notice; last month the FTC’s Chairman Jon Leibowitz informed congress that he was looking into Apple’s practices as well as the marketing and delivery of these types of mobile applications. And Rep. Ed Markey (D-Mass) went so far as to call Apple’s practice deceitful marketing.

Apple isn’t the first company to come under fire for their virtual purchasing policies, nor is this issue a ‘mobile’ problem. Facebook took a beating last fall over ‘Farmville’ an app became hugely popular among users. Kids racked up enormous bills through purchases made on that service as well, sending families into the same kind of purchase shock that Apple’s users now face.

Learn more in my blogs Scamming Users Part of Social Gaming Company Zynga’s business model, Could Facebook Go the Way of MySpace?, and TechCruch’s article Social Games: How the Big Three Make Millions.

Though selling virtual goods isn’t new, marketing these items to kids is

The Smurf’s Village and Farmville have been lightning rod for protests, but the business model of selling games cheaply (or giving them away) and then charging for virtual items within the games or ‘worlds’ is widespread, and far from new.

Back in 2007 when the app-de-jour was Second Life and the buzz was over their “Linden dollars”, companies like Reebok (see example), scrambled to create a presence on the site and market their real products through interactions with consumer’s avatars. What companies discovered however was twofold:

  • While the ‘inhabitants’ of Second Life spent millions of dollars on digital clothes, homes, even perfume (!) for their avatars, they were largely disinterested in using virtual sites to purchase real world products.
  • The tangible tie between Linden dollars and real currency, as well as the lack of kids on the site, largely meant consumers were conscious that they were spending real money for items.

A couple of business model iterations later, the lessons of how to successfully sell things online is much clearer – Virtual goods are best sold in virtual environments while real goods sell best through web versions of real stores.

Game developers have seized this model to make their games enormously profitable – what could be more ideal than making money from digital goods? They don’t cost to ship or store, they aren’t taxed and they don’t rot, and when fashions change, you aren’t stuck with costly inventory.  It turns out that the fable of the Emperors new suit by Hans Christian Andersen was off target; he failed to account for consumer’s desire for entertainment.

The questions that will need answering over the next few months as these issues are fought over are: Did developers deliberately targeted youth with their products? (Given titles like Smurfs’ village, and Farmville it is hard to argue otherwise, but that doesn’t mean they won’t try.)  Did they deliberately sidestep the consumer protections in place for products and advertisements targeting youth? And, do new laws and regulations need to be put in place to better protect consumers of all ages, but youth in particular?

In the meantime, here’s what this means to you and your kids

There is nothing wrong with paying for entertainment as long as you understand all of the potential costs, and herein lies the rub. Consumers of all ages are struggling to see the fully burdened costs of online entertainment, and kids have no skills by which to measure the impact. Until better controls are in place, consider the following possible ‘costs’ before purchasing or downloading a game or service:

  1. Identify any financial costs that may be associated with the application. Your review needs to identify any the up-front costs, as well as potential in-app costs. While these should be clearly understandable, until better business practices are developed, or regulation is set in place, the onus is on you to tread carefully. To date, efforts to increase the transparency around real costs has fallen short – many believe the steps Apple has taken to rectify problems will still not be enough.
  2. Does the company behind the application make money off of you through other means? In addition to the actual costs, will you or your child be exposed to advertising while playing? If so, are the types of ads offered ones you feel are appropriate? Are these marketing techniques ones your child understands and knows how to appropriately evaluate?  Does the company resell user information? This question may be impossible to answer, but many of the largest game brands have been caught doing this – see my blog 10 most popular apps that Facebook’s 500m users play or use to share common interests, have been selling user’s information to outside companies
  3. Look for supervisory tools. These should be built into products and give parents the ability to block or limit any potential costs that minors want to (or are) playing.
  4. Consider the ‘opportunity cost’. We all need downtime and fun-time, but if you or your child is going to use the application, what are you/they NOT going to be doing? Work or homework? Exercising? Getting fresh air? Spending time as a family?
  5. Understand the application’s values, do they benefit or ‘cost’ you? Does the game or other application match your personal values? Is it reinforcing the values you want to instill in your child? Is it creating an instant gratification or impulse purchasing pattern?  How commercial is the game – how much can you do for existing cost vs. how quickly do you need to spend more to keep playing or keep it interesting?
  6. Has the application been tested for malware? Just because an application is offered through a web store does not necessarily mean it has been tested for safety, or that it complies with safety guidelines.  Similarly, the number of users on a site is no guarantee the application is secure. Just last week it was discovered that 21 mobile app games downloadable from the Android Marketplace contained malicious code. See my blog More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware. Identifying which applications are safe and responsible is no simple matter, so follow these three principles: 1) Only download from sites you trust AND that test applications for malware and policy compliance before allowing them on their marketplace. 2) Research the company behind the application. For example, you should feel very confident about the ethical standards behind products built by well-known companies with sterling brands, but if the application is developed by a company that has previously been found to use unethical or malicious practices, or is unknown, you may want to turn away or tread very cautiously.

Once you’ve worked through the answers to these – and any other concerns you may have – you can make an informed choice.


More Mobile Apps Caught Inappropriately Collecting User Info and Installing Malware

March 8, 2011

Twenty-one mobile applications from a single publisher have been pulled from the Android Market after Google learned they were exploiting consumers according to a new Washington Post article. Google has also remotely removed these apps from user’s devices, but that does not remove any malicious code that has already been downloaded.

These applications were apparently not only stealing consumer’s information, they left a back door open on consumer’s phones so they could download malware without the user’s knowledge.

According to Mashable, between  50k and 200k Android users downloaded these applications, which Mashable says “are particularly insidious because they look just like knockoff versions of already popular apps. For example, there’s an app called simply “Chess.” The user would download what he’d assume to be a chess game, only to be presented with a very different sort of app.”

To learn more about malicious and unethical applications offered through various marketplaces, see my blogs:

Mobile malware is expected to explode in 2011, and it’s time to protect yourself with mobile security software. See my posts:

The bottom line? Just because an app is offered doesn’t mean it’s been tested and guaranteed safe – case in point, if it weren’t for the diligence of the Android Police, the malicious apps on Android Marketplace would still be exploiting consumers.

Here’s a list of the malicious apps:

  • Falling Down
  • Super Guitar Solo
  • Super History Eraser
  • Photo Editor
  • Super Ringtone Maker
  • Super Sex Positions
  • Hot Sexy Videos
  • Chess
  • 下坠滚球_Falldown
  • Hilton Sex Sound
  • Screaming Sexy Japanese Girls
  • Falling Ball Dodge
  • Scientific Calculator
  • Dice Roller
  • 躲避弹球
  • Advanced Currency Converter
  • App Uninstaller
  • 几何战机_PewPew
  • Funny Paint
  • Spider Man
  • 蜘蛛侠


Could Facebook Go the Way of MySpace?

October 18, 2010

The Wall Street Journal has caught Facebook in flagrante again This time, WSJ reports, in a front-page expose that the most popular applications, or “apps,” on world’s No. 1 social-networking site  have been selling users’ information—including access to people’s names and, in some cases, their friends’ names—to dozens of advertising and Internet tracking companies.

The abuse affects tens of millions of Facebook users – including those who set their profiles to the strictest privacy settings.

ALL of the 10 most popular apps that Facebook’s 500m users play or use to share common interests have been selling user’s information to outside companies. Three of these companies, including Farmville with 59m users, have also been selling personal information about a user’s friends, which means whether you personally used these games or applications becomes irrelevant – if you have a friend who played, your information was likely grabbed and sold as well.

Though the practice of reselling consumer information breaches Facebook’s rules, policy enforcement is clearly lacking when it is the Wall Street Journal, not internal proactive monitoring, that discovers the abuse of consumer information. Confronted with the WSJ expose, a Facebook spokesman said on Sunday that “it is taking steps to “dramatically limit” the exposure of users’ personal information.”  But that comes well after the horse left the barn. To understand just how rapidly that information is sold and resold, see the screenshot taken from a WSJ article at the bottom of this blog.

This expose comes on top of a law suit over Facebook’s own now-discontinued practice of sending users’ data to advertisers without users’ knowledge – a case also brought to light by the WSJ last May. Facebook had been sending Facebook ID codes to advertisers under some circumstances when users clicked on an ad. The codes could then be used by the advertisers to look up individual profiles, which could include a person’s real name, age, hometown, or other details. Facebook has since discontinued the practice.

Attention, Facebook execs: remember MySpace! It used to be considered unstoppable, but as soon as the company became synonymous with sexual predators and scams, the vast majority of users left the site – and what’s left? A shadow.

Consumers, know your strength. Online Companies don’t make money primarily by selling advertising — they make money selling access to YOU, and information about YOU, to advertisers. You and your information are top commodities in the online world.

Think about it: other than its servers and code, what is Facebook’s value? It’s the 500m users they have to attract advertisers and advertising dollars. If Facebook’s users left the site, what would Facebook have left? Just a bunch of servers and code.

The lesson is that if you don’t like the way you’re treated, and you choose en masse to migrate, internet empires topple.

Consumers hold the ultimate power in a model that makes you the commodity, but you don’t yet know it, or how you can wield that power.

How can the Internet become more responsible regarding consumer privacy? Three things that haven’t happened need to happen:

  1. Consumers need to understand how and why their information is being used – and when it is being exploited. Until  prominent disclosure of each company’s policy regarding user information is mandatory, the question of what is being disclosed will run underneath the collective consumer consciousness.
  2. A watchdog organization needs to be established, to which consumers can turn to see how various companies treat their data, their privacy and their safety. The WSJ article series lays a strong foundation for this, but it’s a one-off effort, not the sustained oversight needed. The Safe Internet Alliance has proposed taking on, or helping to create, this role, but it is still far from accomplishing that goal or getting stakeholder buy-in. In the absence of self-regulatory or a consumer watch organization, this role will need to fall to a government body like the FTC.
  3. Consumers need to find a way to collaborate better. It’s a united we stand, divided we fall scenario where any one user doesn’t make a difference to a company wielding 500m users; but 5 million organized users – or 100m users – demanding change can make even the largest company quail. I’m confident that at least 100m users would stand together in outrage over what’s happened to their data, and the data of their friends. They just need a rallying point.

I am not opposed to online advertising — it’s what funds our ‘free’ use of internet services. What does concern me is knowing which companies are tracking me and how they are doing so, understanding the privacy elements that are in place to protect me, and being able to opt out if I choose to do so.

We consumers played a role in the creation of this ad-driven internet model. The bubble burst of 2000 happened because internet companies built their content and services assuming we would subscribe to use their services and thereby make their companies profitable. But we didn’t want to pay for subscriptions —  we wanted everything to be free. Somehow we forgot that free doesn’t pay the bills, let alone turn a profit.

We forced internet companies to either go bankrupt, or find a new revenue model that would extract money from those willing to pay, and that happened to be the advertisers. What internet companies quickly learned was that the more targeted ads could be, the more advertisers were willing to pay them for access to their users.

It doesn’t take a leap to understand how we’ve come to a place were you and your data are commodities, and where the environment makes ‘shoplifting’ your data (taking it without your knowledge or permission) very enticing.

Which brings us back to the start of this story:  how Facebook’s top applications providers have taken up the practice of stealth exploitation of your data; how Facebook’s previously indulged in stealth exploitation of your data; how your your Facebook privacy settings have changed time after time under your feet (leaving your data information exposed); and how thousands of other websites follow the same practices. Not to mention the dozens of data aggregator and advertising sites who snap up your data knowing full well you did not give your permission for it to be sold or bought.

To learn more, see my blog posts Know Which Companies Track You For Behavioral Advertising?, and Ad Stalking – When Ads Follow You Online, and the WSJ series What They Know that outlines how companies track and share your information. I recommend you search the WSJ list to look at the behavior of any sites you use.

Already this morning I’ve received a flurry of calls and emails from consumers asking what they should do. My advice? Stop using these applications, demand your information be removed from their sites, then let Facebook,  your Attorney General and the FTC know of your outrage.

Since contacting Facebook can be difficult to accomplish, here is the phone number to Facebook’s customer service: 650-543-4800  and Fax: 650-543-4801

Click here to find your Attorney General and how to contact them

Click here to file a complaint with the FTC.


Scamming Users Part of Social Gaming Company Zynga’s business model

November 11, 2009


scamuse1Zynga’s CEO Mark Pincus admits he “did every horrible thing in the book just to get revenues” and that scamming users was part of social gaming company Zynga’s revenue model right from the start.

According to investigative reporter Michael Arrington, Zynga’s revenue estimates are likely “$250 million a year or more. That means $80+ million/year is being brought in from legitimate offers like Netflix subscriptions, as well as the really smelly stuff like recurring mobile phone and learning CD subscriptions that trick users into paying big dollars for little or no return value.

If you aren’t familiar with Zynga, playfish and Playdom, they are the big-3 players in the social gaming sphere and provide the most of the games on Facebook and MySpace, Bebo, iGoogle, iPhone, Android etc… If you or your kids have played games any of these services, chances are you have been scammed.  (In talking to my business partner about this blog earlier today, he said he just got off the phone with AT&T over a $9.99 charge on his phone bill that turned out to be a monthly subscription charge resulting from a scam his son fell victim to when downloading what he thought was a free background).

Arrington’s three-part exposé of the exploitive business practices of Zynga, other big social gaming sites, and the social networks that host the games are must read material for every online user:

Contritely Pincus claims he intends to make sure Zynga’s games don’t include scammy offers in the future. How Noble.
A day late and a Dollar Short – MySpace, Facebook address their role in consumer exploitation
After the public mea culpa by Zynga, other heads started rolling.

MySpace parent company News Corp. has announced, in response to the sharp media attention focused on the exploitive practices of their gaming partners – and News Corp.’s own ‘cut’ of the profits, that it will add new language to its terms of use to prohibit “promotions that include hidden renewals without specific opt-in” features. See MySpace Takes Close Aim At Scammy Offers) How Noble.

Similarly, Facebook’s felt the heat and announced Facebook To Increase Enforcement Of Anti-Scam Rules. In this article Arrington notes that in his talks with Facebook, the company held the position that they aggressively protect users. They blamed their failure to stop the spammy behavior on volume – with so many ads and so many apps, they claimed it was impossible to monitor the entire platform effectively.

Cutting through Facebook’s posturing, Arrington points out “it took me about 10 seconds to find really scammy ads on FarmVille, the most popular social game on Facebook with 63+ million monthly users. If they just start with the big guys, a lot of the problem will go away”.

Remarkably, with the spotlight on this form of consumer exploitation, the “impossibility” of monitoring the entire Facebook platform seems to have magically disappeared. Facebook now says they are building out teams and technologies to address “the problem”. How Noble.

Arrington also outlines the financial symbiosis between these ads and the services that host them in what he aptly describes as “a self-reinforcing downward cycle” of consumer exploitation. “Users are tricked into these lead gen scams. The games get paid, and they plow that money back into Facebook and MySpace in advertising, getting more users. Who are then monetized via lead gen scams. That money is then plowed back into Facebook and MySpace in advertising to get more users…”

“Here’s the really insidious part: game developers who monetize the best (and that’s Zynga) make the most money and can spend the most on advertising. Those that won’t touch this stuff (Slide and others) fall further and further behind. Other game developers have to either get in on the monetization or fall behind as well.”

It is time consumers return the ‘favor’ and do some economic damage of your own

While we’re still reeling from the banking racket, ponzi schemes ala Madoff, and general corporate greed that plunged the economy into dire straights, why make a big deal about one more piece of evidence that respecting – or protecting – consumers is optional? Or that the dollar is mightier than integrity? Why shouldn’t these online companies get away with their scams with no more than a wrist slap and a promise to be good in the future while ethical companies who balk at bilking consumers falter?

If you’re seething, and sick and tired of being exploited with no recourse at hand, here’s the good news:

Online you hold the aces. Collectively, you have the power to bankrupt any one – or all – of these companies – Zynga, playfish, Playdom, Facebook, MySpace, etc. in short order. How? Quit using them.

Want to know exactly which games to boycott?  Scroll to the bottom to see the top 25 games on Facebook and MySpace and who owns them – or boycott Facebook and MySpace entirely out of disgust for their role in this debacle.

Why does Facebook repeatedly roll back abusive features (think Beacon, and their terms of use debacle) when the first few million users complain? Because they are terrified of the collective power consumers wield. Why did MySpace remove 90,000 sexual predators from their service? Because they are terrified of the collective power consumers – and their elected law enforcement representatives- wield.

I am pro-business when business is pro-consumer. For those of you familiar with my consumer facing presentations, you’ll be familiar with two points I make in every lecture:

  • Internet companies make money in three ways – selling access to you and selling information about you…. and now, by deliberately scamming you – move over organized crime.
  • Whether you are a kid, adult, or senior, your biggest risks online are not contact, conduct or content, in spite of the frequency in which these are cited. Your greatest risks come from a lack of understanding:
    • Failure to consider what information you share and making appropriate decisions about whether information should be shared
    • Failure to identify trustworthiness – of people, products, services, Web sites, content, and businesses
    • Failure to understand predatory behavior in its broadest sense, including bullies, stalkers, scammers, hackers, ID thieves, exploitive companies, and other predators

I’ve got a few questions

  1. Where’s the class action lawsuit against these companies?
  2. Where is the legislative focus on protecting consumers against exploitive industry members?  This is a perfect example of where legislation/regulation has a role to play. Without the diligent efforts of investigative journalists, these scams would continue; just “business-as-usual”.
  3. Why did ‘legitimate’ investors, like Kleiner Perkins Caufield & Byers, pour money into companies whose business model included scamming? Companies like these pore over every inch of business models before investing.
  4. Why didn’t the social networking companies test the products they offer their consumers for exploitation? Or fail to adequately address the escalating problem before being publicly castigated?
    Arrington nails it with “There can be only one reason Facebook and MySpace turn a blind eye to user protection – they’re getting such a huge cut of revenue back from these developers in advertising. If they turn off the spigot, they hurt themselves.
  5. What besides utter greed and a lack of decency could convince these gaming companies that offering ‘free’ game currency in exchange for users filling in a moronic survey? The way this works is that you have to give your cell phone number the results via a text message. This is what sets up the scam – by simply opening the text message to see their survey ‘results’ the unwitting user is automatically subscribed to a $9.99 service (like my colleagues son). (read Scamville: The Social Gaming Ecosystem Of Hell for more examples like how they hide the terms of use by making them the same color as the page background so you can’t see them….)

You have a right to an online experience free of corporate exploitation. If you don’t know your rights, read Your Internet Safety Bill of Rights

Make a difference – jilt the companies that betray your trust


Read more on this unfolding scandal:

Wikipedia Definition of Lead generation: (commonly abbreviated as lead-gen) is a marketing term that refers to the creation or generation of prospective consumer interest or inquiry into a business’ products or services. Leads can be generated for a variety of purposes – list building, e-newsletter list acquisition or for winning customers. A lead is a sign-up for an advertiser offer that includes contact information and in some cases, demographic information.