locked
Policy on co-opting user's internet connectivity to do dubious things RRS feed

  • Question

  • I recently had an email from a company who were offering quite a lot of money, if I would 'just add their SDK to my app' (it's quite a popular app in the Store, with a couple of million downloads).  What their SDK does is, for as long as my app is running, recruit the user's device into a distributed proxy for performing various internet operations that I really would not want to think about (scamming ticketing websites would be one purpose, and click-fraud would be another, but basically it sounds like a kind of remote-controlled botnet).

    It seems very unethical, and I am not about to do it.  But, out of curiosity, I took a look at the Windows Store Policies, and it did not really seem to be forbidden.  The policies are clear that you must respect the user's privacy, but there didn't seem to be anything specific about subverting their internet connection so that their machine would participate in a distributed proxy setup.  I read all the Policy's definitions of malware, and this case does not match any of them.

    So I am left with the catch-all policy "10.1 Distinct Function & Value; Accurate Representation" to cover this case.  Frankly, if I was so minded, I could probably sneak some text into my terms and conditions saying "In order to support the ongoing development of this product, the app will, from time to time, make network connections to websites selected by our commercial partners" (or some such gobbledegook), and then I'd actually be safe in terms of policy 10.1.

    I have two questions:

    1) To the community at large: is anyone else getting come-on emails for this kind of deal?  It seemed to me they were just emailing the developers of all the top apps in the Store, so I assume it's quite widespread, even if not very visible.

    2) To Microsoft: how about adding specific wording to the Policy, to forbid apps from using any system or networking resources for any purpose not linked to the function of the app (or an even stronger condition, requiring the app to use system/networking resources only in response to a user action, or in the case of background activities, an optional setting whose default state is 'opted out').

    Of course, if Microsoft do actually think that this kind of behaviour is entirely legitimate, it would be nice if they could tell me (these people were really offering me quite a *lot* of money to do it!).


    Jim Chapman


    Monday, June 25, 2018 5:35 PM

All replies

  • Hi Jim,
    You can raise your concern to the Microsoft Legal Team, so that you could be assisted better.
    Thanks for your understanding.

    Best Regards
    Daisy  Tian


    MSDN Community Support
    Please remember to click "Mark as Answer" the responses that resolved your issue, and to click "Unmark as Answer" if not. This can be beneficial to other community members reading this thread. If you have any compliments or complaints to MSDN Support, feel free to contact MSDNFSF@microsoft.com.

    Tuesday, June 26, 2018 6:39 AM
    Moderator