AmberCutie's Forum
An adult community for cam models and members to discuss all the things!

Issues with Chaturbate App directory

  • ** WARNING - ACF CONTAINS ADULT CONTENT **
    Only persons aged 18 or over may read or post to the forums, without regard to whether an adult actually owns the registration or parental/guardian permission. AmberCutie's Forum (ACF) is for use by adults only and contains adult content. By continuing to use this site you are confirming that you are at least 18 years of age.
NaomiNSFW

NaomiNSFW

Cam Model
Mar 3, 2024
250
148
16
mia.nsfwsites.info
Twitter Username
@MiaBDSM
Chaturbate Username
miabunni
ManyVids URL
https://www.manyvids.com/Profile/1008138671/miabunni/
This is going to be a long post so brace yourselves. I've been talking with smoker919 another prominent app developer about this so i'll include their insight as well.
I think @punker barbie should see this because my emails to support have fell on deaf ears as have a lot of other developers but I wouldn't consider it urgent.

The Chaturbate App Directory has some issues. Let me explain...​

  • The tools Chaturbate provide to develop apps are (mostly) great but...
  • By submitting an app developers relinquish absolutely any control they have over their contributions since even very basic attribution is not required.
  • This means their apps could be duplicated, hidden and used for malicious purposes very easily without them knowing.
  • Alongside this the Top Reviewed section of the App Directory is broken since reviews don't seem to be managed. 7 out of the top 8 apps in this section are from Streamersuite.
  • Streamersuite is copying other developers apps and re-packages them to promote their own services off site in a way that Chaturbate seems to be ok with.
  • The rest of this article will explain this in more detail...

The Top Reviewed section​

As a Model myself I would personally not recommend even glancing at the Top Reviewed section of the app directory. There seem to be no methods in place to make sure reviews are genuine and not paid for or solicited by other Models in exchange for other goods or services.

Screenshot 2025-01-28 at 14.45.48.png

As you can see here out of the 24 top rated apps 9 are by Streamersuite. If you look at the reviews for each of the apps you can see a familiar pattern. 5 star reviews from the same Models across multiple apps. In one case I found 2 Models which had rated almost of all of these apps 5 stars. This seems like pretty obvious proof that these reviews are not genuine.

Licensing Issues & limited safety for Models​

Chaturbate uses a custom MIT license which doesn't require any attribution called MIT-0. https://github.com/aws/mit-0. This license isn't designed for use for any project that isn't just a template or example for other developers. It is even less restrictive than your typical open source MIT license and means anyone can copy your app, make it private on the app directory and add something malicious on-top without anyone having a clue where the original code came from. It grants complete immunity to those who want to exploit Chaturbate Apps for their own purposes with very little effort because not only do you not know if you're code is being used maliciously you can't do anything about it or even view the changes they've made to what should be considered your work.
The only exception to this rule is if a developer breaks the app submission guidelines. The only issue with this is the malicious developer could just create a new account and copy your work again without you knowing. There is 0 chance you will ever find out your work has been taken unless the app becomes popular enough to find and compare it to your own work.

How Streamersuite has capitalised on this​

In many ways streamersuite know exactly what they're doing. They've used the platform in a way that technically is completely fine according to Chaturbates own standards but has some pretty bad implications for Models who just want to find the best quality apps for their own rooms.
1738076964124.jpeg

What can I do as a Developer?​

I wouldn't recommend making the code public for your app in the app directory. Open source projects are great but without the requirement for attribution anyone could copy your work for the wrong reasons. Let Models know about these issues and help them steer clear of bad actors if you can.

What can I do as a Model?​

Ask other broadcasters what apps they use and trusted developers what apps they would recommend. Understand that whilst the Chaturbate app development platform is Sandboxed there are still ways app developers could exploit your trust like providing links to other sites to steal your info. Don't use the quality of an app as a litmus test for if you can trust it or not because it may have been made by a different developer and copied.
Most importantly if you do spot an issue report it to Chaturbate support.

I would also avoid using the app directories Top Reviewed section entirely and instead looking at the Top Earning apps and popular apps. This is a much better metric for measuring app quality if fake reviews aren't being taken down.
 
  • Like
  • Helpful!
Reactions: Slapstick and MarieElise
Sort by date Sort by votes
I should also mention I am by no means saying the App Development platform as a whole is a bad thing it's just how the app directory and licensing are managed that concern me. There is no reason you necessarily need to use the directory to find apps and using other sites for trusted suggestions is an option.

To balance this out a bit I would be in a very different situation financially if I didn't have the opportunity to take part in the Hackathon contest. I also think that the sandbox is very good for new developers and is for the most part pretty safe.

I think once you understand these limitations and issues I put forward you can make the right informed decision about what you choose to do either as a Model or Developer and we are very lucky to even have a platform like this to share are creations on. Other Cam Sites (with the exception of joystick.tv) have put no effort into providing tools for developers to do similar things.
 
Upvote 0
punker barbie said:
Hello @NaomiNSFW Support has confirmed that they have received your email and is currently being looked into. We appreciate your patience. Support will get back to you as soon as possible.
Click to expand...
Thanks hun 💗
 
Upvote 0
Just to tag this on. Smoker919 a very well known app developer on Chaturbate has just released an open source alternative to The Menu after it was discovered the author had embedded malicious scripts into the app.

The app also fixes a couple bugs with the original app. https://chaturbate.com/v2apps/apps/f9aa0259-the-menuu

Smoker has updated their bio on Chaturbate as well to highlight a couple malicious or stolen apps that are still listed and popular on the app directory.

Screenshot 2025-01-30 at 09.46.55.png

You can find their bio here: https://chaturbate.com/smoker919/
 
Upvote 0
I think it's worth pinging @punker barbie again as well because although I got a response from Chaturbate support this is all they sent (image attached).
Hopefully this is still being investigated.
 

Attachments

  • Screenshot 2025-01-30 at 09.50.04.png
    Screenshot 2025-01-30 at 09.50.04.png
    100.5 KB · Views: 8
Upvote 0
I also think that if it's true that Chaturbate doesn't get involved in any apps and have no reporting functionality yet that's kind of an issue.

Consider the following theoretical scenario:
  • Imagine i'm a malicious actor. I decide to copy a popular app and publish it as my own.
  • It gains popularity and a lot of cam models install it. I make the code closed off from the app directory so nobody can copy it and I can inject malicious scripts into it without other users knowing.
  • I now have access to data about the Model and users tipping. If any user makes a mistake and publishes their address, payment details etc... I could make a script to recognise these strings quite easily and save this data to a key value store.
  • I also know how much each user is tipping so they would be my targets and I could discriminate based on their gender or name if I wanted 2.
  • I could then look at all the users who are using my app very easily and run a command in chat. This command could send this info back to me only without the model ever knowing anything had happened.
I am not a hacker at all and a bit of an idiot when it comes to security and if i'm able to figure this out then the chances you have malicious apps on the platform doing this is very high if you aren't moderating them properly.
 
Upvote 0
Now obviously performers can opt to make this kind of data accessible through something like a Longpoll JSON feed at their own discretion and malicious actors can user scrapers but it makes it just that much easier for app developers especially when malicious users posting sensitive info they've found about performers in chat such as their address can be collected and placed in a key-value store by a malicious developer even after the user is banned.
 
Upvote 0
Maybe a good way of at least giving perfomers a chance to find these malicious bots would be to make it possible to easily view a copy of the Key-value data stored on them and other users. This seems like a very basic GDPR requirement more than anything to be honest.

This is something that should be very easy to do. For e.g. converting to a JSON file and adding an export button visible only to the performer in the broadcast page. Why this hasn't been done already confuses me a bit but I guess it may have not been a priority at the time or something.
 
Last edited:
Upvote 0
I made apps so i know about apps.
The problem has always been, you make them open source , people copy them as closed source , make aggressive promotion and your own app goes to the background.
or you make them closed source. And the broadcasters do not care , they don't even look at it.

It's also not only the code that makes a good app. It's also the idea.
Some apps are simple but brilliant and i can write with different code a new app that does exactly the same.

And some app writers want to make some advantage of their apps , for example charging some token for new functions.
I can not blame them for that. You do a lot of work for a high commercial company ... for free ?
And then your app must be closed source.

I know there are apps with malicious code. You may remember Insidio but i know bots from i_n_p also got some "undocumented features".
and even V2 apps , i know that the most famous hidden show app got a "bug" that can be exploited.

maybe an idea ... @punker barbie

give a big red warning if a broadcaster starts a closed source app.

or ... and this can be nice ....

make open source apps free to use and closed source apps 1 token a day and that token goes to the developer.
 
Last edited:
Upvote 0
droopla said:
I made apps so i know about apps.
The problem has always been, you make them open source , people copy them as closed source , make aggressive promotion and your own app goes to the background.
or you make them closed source. And the broadcasters do not care , they don't even look at it.

It's also not only the code that makes a good app. It's also the idea.
Some apps are simple but brilliant and i can write with different code a new app that does exactly the same.

And some app writers want to make some advantage of their apps , for example charging some token for new functions.
I can not blame them for that. You do a lot of work for a high commercial company ... for free ?
And then your app must be closed source.

I know there are apps with malicious code. You may remember Insidio but i know bots from i_n_p also got some "undocumented features".
and even V2 apps , i know that the most famous hidden show app got a "bug" that can be exploited.

maybe an idea ... @punker barbie

give a big red warning if a broadcaster starts a closed source app.

or ... and this can be nice ....

make open source apps free to use and closed source apps 1 token a day and that token goes to the developer.
Click to expand...

I don't entirely understand what you mean here. You can still stop users from duplicating your apps directly without removing it from the app directory. Broadcasters can still see and add your apps the code just isn't directly visible.

Providing a "big red button" to purge apps that don't directly share their code would remove the vast majority of the apps on the platform as well. If you mean forcing developers to share their code with all users then I would immediately drop all the apps i've made so far because I don't want my apps to be duplicated by others without any credit potentially for malicious purposes.

I also wouldn't say charging tokens for apps or features in apps is taking advantage of anyone as long as it's clearly communicated in the app description and features are not removed from free existing apps to be made into paid features. It's also something Chaturbate allows and helps support developers who make large projects on the platform. Even popular developers who only publish free apps usually accept app commissions or sell other services alongside their work.

The issue isn't necessarily just to do with apps that have malicious code in them as well it's to do with the fact that it is painfully easy to make a malicious app and promote it to the front page. A Model can also be completely unaware of any data thats being stored on them in the Key-value data stores.

Because of this it's also difficult to even identify if an app is malicious or not. For apps that duplicate a popular app then hide the code they could be doing quite a lot behind the scenes without anyone except the developer knowing.

Whats needed to begin with is the absolute basics which are not available currently. The ability to report apps and the ability for a Model to see the key-value data stored in each app they have running.

If Chaturbate allowed a seperation of licensing for assets and code as well as giving developers credit by licensing projects under MIT not MIT-0 this would be a different conversation.
 
Last edited:
Upvote 0
SCRIPTA said:
All of this has already been discussed before...

How to deal with malicious CB apps?
Click to expand...

Not entirely. It's repeating a few issues that have been mentioned before but it's meant to mostly be about Streamersuite and the app directory as a whole.
It's also a genuine support query i've sent to Chaturbate so i'm still waiting for a reply back.
 
Upvote 0
You must log in or register to reply here.

Similar threads

S
  • Question
How to deal with malicious CB apps?
Replies
74
Views
5K
Chaturbate
Wolfjaeger
W
cexmental
  • Question
𝗦𝘆𝗻𝗲𝗿𝗴𝘆 (𝗮𝗹𝗹-𝗶𝗻-𝟭-𝗮𝗽𝗽) *𝗙𝗥𝗘𝗘*
Replies
1
Views
116
Chaturbate
cexmental
cexmental
cexmental
  • Question
Synergy (all-in-1-app) /notice command re-work 1/4/25
Replies
4
Views
160
Chaturbate
cexmental
cexmental
NaomiNSFW
Pixel Companions - Chaturbate App
Replies
6
Views
245
General Cam/Creator Chat
NaomiNSFW
NaomiNSFW
cexmental
  • Question
Synergy App (December 2023 - October 2024) Roll-update...
Replies
0
Views
186
Chaturbate
cexmental
cexmental
Top Bottom
Back