I read something the other day that made me sad and then angry. It’s the sort of thing that lessens my faith in humanity, although as I describe it you’ll probably just say I’m naive. It concerns the PPI business. What’s that? It stands for pay-per-install and the companies involved in it, some of whom are business names you’d know, are the scum of the digital earth in my book. Why is that?
First, what exactly is PPI? According to the folks at NYU who did some research on this topic with Google, commercial PPI is a monetization scheme wherein third-party applications — often consisting of unwanted software such as adware, scareware, and browser hijacking programs — are bundled with legitimate applications in exchange for payment to the legitimate software company. When users install the package, they get the desired piece of software as well as a stream of unwanted programs riding stowaway. It’s big business, with one outfit reporting $460 million in revenue in 2014 alone.
Ever installed a legitimate piece of software only to find your browser behaving strangely afterward? You get a barrage of advertisements on the screen, or a flashing pop-up warning of the presence of malware, demanding the purchase of what is often fraudulent antivirus software. On other occasions, the system’s default browser is hijacked, redirecting to ad-laden pages. The vendors of this crap will claim that you approved the installation of all the additional malware by clicking through the terms and conditions or forgetting to uncheck a box approving the install. Having had to remove this junk from both my family’s and friends’ computers I can tell you that that simple error can cost you may hours of diagnosis and repair, or a bit of money to purchase an anti-malware package.
But it gets worse. Today it’s just crapware, adware and the like. What happens when someone takes a check from someone who has more sinister intentions? Keyloggers and other spyware could just as easily be installed. As one article on the study pointed out:
The one-year study by Google and NYU Tandon School of Engineering of affiliate networks running pay-per-install programs (PPI) found that nearly 60% of offers bundled with these programs are flagged as unwanted, and that in aggregate drove 60 million weekly download attempts with tens of millions of installs detected in the last year. These sites can run ad injectors.
Tens of millions of installs a week. Hundreds of millions of dollars changing hands, and a conscience nowhere to be found. I’m not one to encourage government intervention in the digital realm but someone needs to shut these scum down before something catastrophic happens. It’s not all “Russian hackers” doing this. These “businesses” are about as close to criminal as one can get without being arrested. What are your thoughts?