Setting the Record Straight

Murtaza Hussain
7 min readFeb 9, 2016


Update: In response to our objections, the FTC did in fact update their press release. We appreciate the gesture!

In lieu of the FTC actually issuing the executed consent order — which is found here, the FTC (and someone that had no involvement with us in this case) decided to write an opinion article, which has many inaccuracies and blatant factual errors. Read the consent order and count them yourself.

In the spirit of opinion pieces and narratives, here is what happened from the inside. Sorry it took a few days to publish this, as we were waiting for a green light from the FTC. We got the go ahead from them this afternoon and here it is.

Some background

This was the first iteration of (before it was the eSports site).

In the summer of 2014, Ali and I, were building technology that would allow mobile apps to do Desktop to mobile — attributed installs. What that basically means is that having the ability to install a mobile app from the desktop version of the google play store and having the ability to track it on the mobile phone. There are many companies that do this for mobile to mobile and its standard industry practice. Its just that no one had figured out how to do this from traffic originating from desktop devices.

The way we cracked this problem, was using the users Google Play email address. We realized if we could match the anonymized MD5 hash of the email address on desktop and mobile, we could attribute the install. We spent 3 months building the tech, filling a few patents, and integrating our technology with other mobile attribution companies, like Tune, Adjust, Kochava etc.

The key to this process was being able to read the user’s Google play email address. To do that, we needed a browser extension installed on the users computer so when they visit, we can read that email address. Once we read it, we converted it into a MD5 hash, and it was sent to our servers. At no point, we did actually know the plain text email address. The plan was to only share the anonymized hash with partners to do the attribution. This way the user’s personally identifiable information was protected.

Attribution Flow

As part of this, we experimented building our own Chrome browser extensions. We featured apps on the Chrome start page in the following format (and thats how the flow worked).

App discovery is a major pain point for both users and app developers. We felt this was a great new format to solve that problem. We would feature the top grossing / top free / top paid apps and (in the future) promoted ones. Note, at this point, we did not promote any paid apps or get paid by any app developer. Total users using our services was fairly small (few thousand). This was totally opt in — you first had to install the browser extension, then agree to its permissions, then click on an ad, go to play store… etc.

Apps By Cindy / Running Fred

So now that we had this technology running, we needed distribution. We bought an existing browser extension called Running Fred and here is where I believe the FTC press release has factual errors that need to be addressed.

“After Vulcun acquired the Running Fred game, they used it to install a different app, commandeer people’s computers, and bombard them with ads,” said Jessica Rich, Director of the FTC’s Bureau of Consumer Protection. “We’re very pleased we were able to stop these practices.”

So here are the issues:

  1. When we changed Running Fred into Apps by Cindy, we had an explicit OPT IN. We did not do it by default. In fact, there were two opt ins. One by the Chrone web store (their default: everytime an app updates and asks for new permissions) and ours. Here is a screen shot of ours.

Only users who explicitly opted in were enrolled. The program was once a week, we would use our technology to install an app on their phone. Looking back, we should have done a lot better to explain this process, but these are facts. People opted in. There was disclosure. Of the 200K users, about 15% or so Opt’ed in.

2. Users were not bombarded with ads. The only ads that were shown, as disclosed were on the Chrome start page (screen shots above). And they were not really even ads — they were the top apps on the app store for that day (we did not get paid for showing these apps). There was only 1 instance where we promoted a paid app (see next).

3. The last (and the biggest) issue I have with that statement is:

“We’re very pleased we were able to stop these practices.”

Here is what really happened

Once we had about 30K or so users that had opt’ed in, we ran our first (and only) paid promotion. This was only sent to users who had opt’ed in on the screen above.

The technology was able to do about 2000 or so attributed installs. A lot of the users liked it. However some of them had simply forgotten that they opt’ed in to this program and were surprised why/how this app got on their phone. They started to complain on the reviews section of the app. There were about 20 or so complaints, (lets put that in perspective, 20 users complaining is not a lot), HOWEVER, we felt this was a bad user experience. They had no idea how this app got on their phone and were annoyed. As a percetange of total users who got the app, the number that complained was very small (about 1%), but still, we were not ok with that. So we suspended the promotion. One user reported the app keeps re-installing itself. This is simply false (and if you’re a developer, you know its technically not possible).

We spent the next few weeks trying to figure out a way to improve this model. At this time Google de-listed the app we were promoting from the Play Store. This was quite heart breaking for us. We also conducted a ton of user surveys and focus groups — the conclusion was simple. There was no way of eliminating the 1% — some people will always forget the opt’ed in and get suprised when they receive the app. Its that simple. The question was whether we could live with certain percentage of users having a bad user experience and we decided no. We shut it down. I even wrote about it last year.

That was the end of it. It sucked having to shut down a project we worked so hard for, and we had such strong product market fit. However the edge cases, of people having a bad user experience did not justify this business. We made that call, ourselves.

We shut down in December 2014, and around July 2015 we get a notice from the FTC. They want to open an investigation into this product due to user complaints (about 20 or so!!). Google Inc, itself is under multiple FTC orders and as part of that, reports all such complaints to the FTC and they decide which ones they would like to pursue

FTC did not shut this practice down. We ourselves did once we realized it was a bad user experience for some users. Our first contact with them was 9 months after the fact.


I feel the FTC does actually do great work, and due to their efforts, consumers are safer and better protected. You can read more about them at However with this press release, they seem to have (in my opinion) violated the same directive they are accusing us of violating — the FTC’s press release would not pass their own standard for false and misleading statements. Section 5 of the FTC Act would label this claim as false and misleading if it were made in connection with corporate advertising. Ah the irony!

As a young startup we have enough issues to worry about, and dealing with the FTC is going to cost a lot and be a big distraction. Unfortunately reality of the American legal system is it doesn’t matter whether you’re right or wrong, legal fees are just the same ($750/hr). We decided to sign their order and move on. And then boom — many months after signing I see this press release that makes us look almost like con-artists. As entrepreneurs we live and die by our reputations and I felt that I needed to set the record straight and tell my part of the story. You be the judge.