On Thursday, April 25, we concluded another webinar aimed at helping CleanApps.org members, app vendors, and affiliates prosper. The live video of the webinar, Part II in our Mastermind Series on “Controlling Wayward Affiliates,” is available for viewing at the end of this post. I recommend that anybody in the downloading space watch the presentation.

It features Alvin Estevez, the founder of Enigma Software – an app maker and security software company – and Dennis Batchelder, the president of AppEsteem – a certifier of apps and related vendor services in the software downloading industry.

About 40 people tuned in for the 100-minute session. For those of you who missed it, or who don’t have time to view the entire recording, here are the highlights of what happened:

  • In a presentation he called “The Good, the Bad, and the Ugly of the Affiliate World,” Alvin started by walking through the basics of performance marketing.
  • He defined pay-on-performance (“POP”) marketing as whenever a third party generates sales or leads for the seller or service provider and only gets paid on performance (that is, only receiving a commission when there is a successful lead or sale). Affiliate marketing is the most common type of POP, which merchants like app makers may use to attract customers.
  • Alvin discussed the primary up side of this kind of marketing: the app maker only pays when the marketing is successful. In this sense, there’s “no risk” – the app pays money only when the affiliate has delivered a concrete lead or sale.
  • Theoretically, there’s nothing to lose in this model. No success, no fee.
  • But as Alvin went on to explain, there can be substantial risk for an app vendor. Without monitoring and controls, an app vendor may find itself in a situation where some affiliates may use arguably misleading and deceptive tactics to achieve results – tainted results, given the deception involved – without any knowledge or involvement of the app vendor and, nevertheless, the affiliate still gets paid. The result can be disastrous for the app vendor – even if the short-term result is substantial sales.
  • Why? Because the app’s brand can be tarnished or severely damaged. Deceptive marketing by an affiliate can lead to unhappy customers, which can lead to a business losing trust and support, and ultimately losing everything the business’ owners and employees worked so hard to gain: a good name and reputation for quality.
  • Alvin’s point: If an app vendor is in it “for the long game,” the “no risk” marketing they are using makes it worth their while to consider taking steps to monitor and control how affiliates are driving the results they are being paid for.
  • Given the scale and relative anonymity of the Internet, wayward affiliates who engage in deceptive techniques may sometimes avoid accountability for short-term shoddiness or deception. Some of them may be so attracted to the prospect of making money, and insufficiently deterred from doing improper things to get it, that they will do virtually anything for that commission – no matter the consequences for unsuspecting consumers or responsible app makers.
  • As Alvin explained, this means that software developers must be careful in how they work and manage affiliates. There’s a hefty risk, but affiliates can be hugely valuable and a massive generator of web traffic and revenues. App developers often have expertise in making apps, but not so much expertise when it comes to marketing those apps. By outsourcing that function to others, they can focus on their specialty – app creation – and leave it to specialists to help consumers become aware of the apps and ultimately download or buy them. As folks in the business put it, “affiliates can get you the traffic you need.”
  • When affiliate marketing works well, Alvin explained, it can beget a profitable and virtuous cycle, as illustrated by the graphic he showed in his presentation:


  • Affiliate networks are sometimes an even more attractive option for app makers who want to gain the marketing benefits afforded by affiliates. Such networks can be a kind of turnkey solution and one-stop shop: they act as a middleman between app vendors and affiliates, they advertise your software on their networks, they use tracking software to track sales and leads, they promote your apps and find more affiliates for you, and they manage the affiliates and all the payments for your apps – including both the payment of the commission to affiliates who are part of their network, and the payment by consumers for your apps (and, of course, keeping a commission for themselves for managing this entire system).
  • With this as background, Alvin explained that he views managing affiliates as Risk Management. And he then characterized the range of affiliates who exist in the marketplace: 16% “blackhats,” 16% “whitehats,” and 68% “greyhats.”
  • So given this spectrum, how has Enigma kept on top of its affiliates to ensure the long-term success and sustainability of Enigma’s apps? And what does Alvin recommend others do to try to control wayward affiliates? He shared a number of techniques and suggestions:
    • First, his company actively monitors the web and searches for information about wayward affiliates. This takes time and money (which are understandably limited for many businesses), but Alvin recommends others do the same. His research team focuses on cybersquatting of Enigma’s branded key words, monitors for competitor keywords that affiliates may use, and he engages with AppEsteem to learn what AppEsteem is seeing of affiliates promoting Enigma software. And when he sees improper conduct, he acts (more on that below).
    • Second, as far back as 2004, Enigma terminated 100% of its affiliates and closed its affiliate program. Enigma chose not to engage with affiliates at all until 2011, and when Enigma did reengage, it opted to outsource the program entirely to affiliate networks.
    • Third, since Alvin has relied on affiliate networks for the last 8 years, he now immediately notifies the networks when he learns of affiliate misconduct. Indeed, Alvin pointed out that Enigma has asked its affiliate network to terminate a large percentage of Enigma’s affiliates. In Alvin’s business, this approach makes good sense because the networks are the principals over the affiliates and often the affiliates are not known to Alvin. He strongly suggested that app makers who rely on affiliate networks do the same thing: insist that wayward affiliates are terminated from the networks to ensure your brand is not undermined.
    • Fourth, Enigma has instructed its affiliate networks to enforce AppEsteem’s requirements for affiliates, which are designed to introduce more rigorous accountability. If the affiliates won’t follow those requirements, then Alvin has told its networks to prohibit those affiliates from promoting Enigma at all. He suggests that other app vendors do the same.
    • Finally, Alvin said that if his networks don’t meet these requirements, he will strongly consider not doing business with the networks themselves (and not just the affiliates who are part of those networks). And he suggested other app vendors do the same.


After Alvin’s presentation, Dennis spoke about AppEsteem’s journey to bring more accountability to deceptive affiliates, download sites, and download managers. Recognizing the lack of transparency on the Internet and the fact that consumers have too often been deceived by nefarious tactics, he provided a detailed road map of AppEsteem’s approach to the problem:


  • Dennis noted that back in 2017, AppEsteem started notifying app makers when AppEsteem spotted improper affiliate conduct. And in 2018, AppEsteem updated their certification requirements for download managers, introduced a Supply Chain Accountability program that started to hold apps responsible for what happened further upstream in their supply chain, and called out detractor websites for false promises and automatic downloads.
  • In April 2018, AppEsteem started calling out deceptive affiliate sites and download managers. And a year later, April 2019, AppEsteem added new requirements.
  • When AppEsteem lists wrongful actors as “Deceptors” on the AppEsteem website, AppEsteem will recommend to its many security partners – who cumulatively protect billions of consumer computers around the world – that they block these sites from functioning. This can mean massive loss-of-revenue consequences for those who are blocked.
  • Among the specific guidance and requirements that Dennis described during the webinar:
    • Affiliates can only do direct downloads from offers, not from ads.
    • Affiliates must clarify to users that they are promoters of the apps – and not the app makers.
    • Affiliates must not claim that the apps will remove a particular security threat unless they can actually remove it.
    • Affiliates must be specific about what threats they are protecting against. Dennis then showed a slide containing a poor example of specificity (with general language that is used to promote virtually every app in the driver category) and a good example (where the language is specific):


  • Dennis also provided detailed guidance regarding download sites:
    • You must obtain permission to store or download the apps, or point to the app’s download page.
    • If the installer installs a download manager, the consumer must be told before it downloads.
    • The ads located around the “download” buttons must not masquerade as the download button. With regard to this point, Dennis showed a helpful slide of what he means by masquerading:


  • Dennis then explained the enforcement policy that AppEsteem will apply:
    • AppEsteem will hunt for deceptive Affiliates, download sites, and download managers.
    • AppEsteem will call out the apps that rely on these partners, unless
      • The app has authorized AppEsteem to pre-approve all affiliates.
      • The app is being certified by AppEsteem.
      • The app is working in good faith with AppEsteem to clean up the problem.
    • Dennis invited affiliates and download sites to check with AppEsteem if they have questions, but they should be ready to repair any problems that AppEsteem uncovers.
    • AppEsteem will pre-approve particular practices – and at no charge – of affiliates or download sites (though AppEsteem will eventually charge for this service).
    • AppEsteem suggested that app vendors should consider requiring their affiliate networks to get pre-approvals. Doing that has the following benefits:
      • It reduces the risk that the app gets called out.
      • If the app is certified, AppEsteem will work with the affiliate to repair the problem without the need to engage the app maker (unless the affiliate fails to cure the problem)
    • Finally, AppEsteem advised app vendors to take the warnings seriously. Dennis said he won’t hesitate to call out certified apps for inaction, repeated offenses, or other bad faith reasons.

Taken together, the two presentations reaffirmed that in this New Era of Compliance, responsible businesses in the downloading space are being held to a higher standard. For many, this may mean doing more than they are accustomed to doing to ensure their business partners act responsibly.

The up side of doing more: their businesses will continue to grow and flourish. They will better protect their brand and reputation. They will avoid business disruption that can result from being called out as a Deceptor by AppEsteem and being blocked by security companies. And they will leave their customers with a better and more valuable experience.