Home Culture The Ethical Labyrinth of Being a Small App Developer

The Ethical Labyrinth of Being a Small App Developer

by David Rutland
The Ethical Labyrinth of Being a Small App Developer

Developing Apps Independently Can Be Hard, But What Happens When You Actually Start Making Money?

Right now, there’s a good chance that the phone in your pocket is making money for someone else. It’s not through advertising, or even the paltry purchase price of whatever apps you value enough to actually pay the developer for. It is not (and this is crucial) through malware.

Making money as a small app developer is hard. The big names crowd out the front page listings on Google’s Play store, and unless your app has users in the millions, making any kind of living wage through advertising is next to impossible. Add in the fact that mobile users are supremely reluctant to pay money for software they use on a daily basis, and you have a recipe for financial disaster.

Users want an ad-free experience, and they don’t want to pay for the privilege.

It’s long been a truism in certain areas of technology that ‘the user is the product.’ Facebook and Google have long monetized people’s unwillingness to pay for a quality (YMMV) service to harvest personal data, statistics, and any other salable, non-tangible assets to peddle to advertisers. We’ve become used to it and gradually accepted the fact that corporations, whatever their field, and regardless of their protestations, are evil.

Evil independent app developers, though? We haven’t quite wrapped our collective heads around that. Yet.

But there comes a time in every developer’s life when one of their apps hits the magic 10,000 downloads mark and comes to the attention of third party monetization partners. 

Offers flood into the developer’s inbox. Add our SDK to your app and we’ll pay you $5,000 per month for every 100,000 active users. 

To put that into perspective, a small developer with 100,000 active users, relying on non-intrusive* banner ads for revenue can expect to earn one or two dollars per thousand impressions, and $5,000 for doing essentially nothing, is a not insignificant sum. Some ‘monetization partners’ will even offer the big bucks for a user base as low as 10,000. For the independent developer, struggling to pay bills, it’s a dream come true.

If you're enjoying what you're reading, why not go ahead and sign up for updates from CyberPunks.com?

Money For Nothing

Obviously, someone is making money here. It’s not the end user, and while the app developer is raking in a moderate sum, it’s not where the big bucks really are. 

I develop apps as a hobby, for my own use and enjoyment, and occasionally release them on Google’s Play store. The first offer I received (and immediately deleted) was for a distributed web scraping service. Let me explain what that is: public-facing websites provide information and services to individuals. They don’t like to have their resources strip-mined by competitors, companies, or anyone else, and put in place mechanisms to thwart automatic attempts from would-be web scrapers (Does that make sense?). Try to scrape the Cambridge online dictionary – and every page redirects to the theft entry**.

The SDK provided by the app monetization partner would allow scraping of any site by routing the request through hundreds of thousands of separate handsets. The website would notice a bump in individual users, but would never know it was being scraped. Likewise, end users would have no idea they were part of a distributed network of bots. It’s a simple idea, and there’s no real reason why it shouldn’t work.

The next offer I received (and also deleted), was from a proxy company. My users would unknowingly be providing anonymous routing services for the monetization partner’s clients.

It’s a noble aim, but with a shady implementation that steals bandwidth, system resources, and trust.

The most recent monetization partner to get in touch was from Elephant Data – a self described “fast-growing data analysis company.” The rates are good, although not the best I’ve been offered, and their SDK purports to “collect basic data for market research and report analysis.”

It sounds innocuous and would allow me to market my apps without ads – greatly increasing my user base through selling my user’s data to Elephant Data. It’s probably best not to ask what they really do with it.

The Ethical Labyrinth of Being a Small App Developer

Elephant Data gave us the name of two apps which have already implemented their SDK – one is a PDF scanner, the other a flashlight app which has since been deleted. Neither app made any mentions of monetizing user data in their privacy statement or terms and conditions. Happylife studios, the company behind both products declined to comment. 

GlobalHop is one of the better-paying partners. And goes out of its way to soothe the concerns of developers, stating on its site that the SDK does not slow down users’ devices, drain their battery, and only connects to the internet through WiFi.

For my 5,000 of so monthly active users, I could make an extra $3000 per year. It’s not a life changing amount, but it would certainly take the edge off the credit card bills. 

Placed doesn’t even require active users – simply users who have the app installed, and have location permissions turned on. They track users locations visited by users against adverts they’ve seen so that advertisers can measure the success of their campaigns. Their partner list is shockingly huge and includes such well-known names as Soundhound, Spotify, and Conde Nast – publishers who have a visible revenue model in place, as well as those who don’t, such as Flipboard, Reddit, and Weatherbug. 

The Ethical Labyrinth of Being a Small App Developer

Hidden cryptocurrency miners are also becoming popular, with monetization partners approaching app developers on forums to help them embed and hide the mining apparatus from the end user.

Why Is This a Big Deal?

If the bottom line is that you want ad-free apps for your smartphone, and don’t want to pay for the privilege, this might not bother you at all. The SDK providers generally promise to use idle system resources and not use the network if it will cost they end user money. The chances are that most users won’t even know that their pocket devices have been suborned into grinding out cryptocurrency, or are betraying their location, shopping habits, and other device information to whoever is willing to pay for the data. Most users give up that data freely to social media giants on a daily basis, without ever counting the cost to their individual privacy.


It takes a special kind of deliberate ignorance to wilfully turn a blind eye to the fact that they are installing a backdoor into someone else’s personal hardware and handing over the keys to a shadowy third party.


But the practice is, at best, underhand, and at worst, dangerous. Most partner SDKs come in at around 300 KB, meaning that the bulk of the code is downloaded later, once the app is installed on a device. The application developer doesn’t really know what it does. He or she might want to believe the platitudes spouted in the SDK privacy policy, but it takes a special kind of deliberate ignorance to wilfully turn a blind eye to the fact that they are installing a backdoor into someone else’s personal hardware and handing over the keys to a shadowy third party.

If your smartphone is making money by crypto mining, it should be making it for you. If you are the kind of person who wants to contribute your bandwidth and resources to an anonymous proxy network, it should be your choice. 

Many of the SDKs are, in essence, what was envisioned in the high-spirited early days of the internet. Massive collaborative efforts, using parallel processing, data collection, and bandwidth to solve problems which can’t be solved any other way. But you, the end user, don’t have a choice as to whether you want to take part.

What Can You Do?

Most, but not all, of these monetization partners seem to want to stay on the right side of the law – or at the very least, on the right side of Google and Apple. After all, having every app which contains their code pulled simultaneously from every app store would damage profitability, and undermine whatever nefarious purpose to which they are being put.

Signing up to one of the SDK providers requires app developers to get consent from the end users. The GlobalHop TOS states, “When using our SDK, you have to add a short disclaimer to your Terms of Service explaining that your app includes Globalhop SDK.

But how many people know what GlobalHop is? How many people actually click through from an app listing to read the privacy policy and service documentation.

You do. Or at least you should.

The SDKs come with every type of app which has users above a certain threshold – spirit levels, rhymebooks, games, and it doesn’t even matter whether the app has a monetisation model already in place – parallel monetisation is open to all. Users can’t defend themselves by only using paid-for apps.

The truth is that you’ll never know if your device is making money for someone else. There’s no way to defend yourself beyond denying permissions to all but the most basic core functions – a step which would make many apps less than useless.

In the end, you’re just another node in someone else’s network. 

* By non-intrusive, we mean banner ads only without personalisation, no interstitial (pop-up) adverts, and no in-app purchases. 

**I’ve tried – use wiktionary.org instead

Hey, chum. These posts don't write themselves. If you wanna stay in the know, it's gotta be a two way street.*

Leave a Comment

You may also like