AmberCutie's Forum
An adult community for cam models and members to discuss all the things!

Issues with Chaturbate App directory

  • ** WARNING - ACF CONTAINS ADULT CONTENT **
    Only persons aged 18 or over may read or post to the forums, without regard to whether an adult actually owns the registration or parental/guardian permission. AmberCutie's Forum (ACF) is for use by adults only and contains adult content. By continuing to use this site you are confirming that you are at least 18 years of age.
NaomiNSFW

NaomiNSFW

Cam Model
Mar 3, 2024
335
197
16
This is going to be a long post so brace yourselves. I've been talking with smoker919 another prominent app developer about this so i'll include their insight as well.
I think @punker barbie should see this because my emails to support have fell on deaf ears as have a lot of other developers but I wouldn't consider it urgent.

The Chaturbate App Directory has some issues. Let me explain...​

  • The tools Chaturbate provide to develop apps are (mostly) great but...
  • By submitting an app developers relinquish absolutely any control they have over their contributions since even very basic attribution is not required.
  • This means their apps could be duplicated, hidden and used for malicious purposes very easily without them knowing.
  • Alongside this the Top Reviewed section of the App Directory is broken since reviews don't seem to be managed. 7 out of the top 8 apps in this section are from Streamersuite.
  • Streamersuite is copying other developers apps and re-packages them to promote their own services off site in a way that Chaturbate seems to be ok with.
  • The rest of this article will explain this in more detail...

The Top Reviewed section​

As a Model myself I would personally not recommend even glancing at the Top Reviewed section of the app directory. There seem to be no methods in place to make sure reviews are genuine and not paid for or solicited by other Models in exchange for other goods or services.

Screenshot 2025-01-28 at 14.45.48.png

As you can see here out of the 24 top rated apps 9 are by Streamersuite. If you look at the reviews for each of the apps you can see a familiar pattern. 5 star reviews from the same Models across multiple apps. In one case I found 2 Models which had rated almost of all of these apps 5 stars. This seems like pretty obvious proof that these reviews are not genuine.

Licensing Issues & limited safety for Models​

Chaturbate uses a custom MIT license which doesn't require any attribution called MIT-0. https://github.com/aws/mit-0. This license isn't designed for use for any project that isn't just a template or example for other developers. It is even less restrictive than your typical open source MIT license and means anyone can copy your app, make it private on the app directory and add something malicious on-top without anyone having a clue where the original code came from. It grants complete immunity to those who want to exploit Chaturbate Apps for their own purposes with very little effort because not only do you not know if you're code is being used maliciously you can't do anything about it or even view the changes they've made to what should be considered your work.
The only exception to this rule is if a developer breaks the app submission guidelines. The only issue with this is the malicious developer could just create a new account and copy your work again without you knowing. There is 0 chance you will ever find out your work has been taken unless the app becomes popular enough to find and compare it to your own work.

How Streamersuite has capitalised on this​

In many ways streamersuite know exactly what they're doing. They've used the platform in a way that technically is completely fine according to Chaturbates own standards but has some pretty bad implications for Models who just want to find the best quality apps for their own rooms.
1738076964124.jpeg

What can I do as a Developer?​

I wouldn't recommend making the code public for your app in the app directory. Open source projects are great but without the requirement for attribution anyone could copy your work for the wrong reasons. Let Models know about these issues and help them steer clear of bad actors if you can.

What can I do as a Model?​

Ask other broadcasters what apps they use and trusted developers what apps they would recommend. Understand that whilst the Chaturbate app development platform is Sandboxed there are still ways app developers could exploit your trust like providing links to other sites to steal your info. Don't use the quality of an app as a litmus test for if you can trust it or not because it may have been made by a different developer and copied.
Most importantly if you do spot an issue report it to Chaturbate support.

I would also avoid using the app directories Top Reviewed section entirely and instead looking at the Top Earning apps and popular apps. This is a much better metric for measuring app quality if fake reviews aren't being taken down.
 
  • Like
  • Helpful!
Reactions: Slapstick and MarieElise
Sort by date Sort by votes
I should also mention I am by no means saying the App Development platform as a whole is a bad thing it's just how the app directory and licensing are managed that concern me. There is no reason you necessarily need to use the directory to find apps and using other sites for trusted suggestions is an option.

To balance this out a bit I would be in a very different situation financially if I didn't have the opportunity to take part in the Hackathon contest. I also think that the sandbox is very good for new developers and is for the most part pretty safe.

I think once you understand these limitations and issues I put forward you can make the right informed decision about what you choose to do either as a Model or Developer and we are very lucky to even have a platform like this to share are creations on. Other Cam Sites (with the exception of joystick.tv) have put no effort into providing tools for developers to do similar things.
 
Upvote 0
Just to tag this on. Smoker919 a very well known app developer on Chaturbate has just released an open source alternative to The Menu after it was discovered the author had embedded malicious scripts into the app.

The app also fixes a couple bugs with the original app. https://chaturbate.com/v2apps/apps/f9aa0259-the-menuu

Smoker has updated their bio on Chaturbate as well to highlight a couple malicious or stolen apps that are still listed and popular on the app directory.

Screenshot 2025-01-30 at 09.46.55.png

You can find their bio here: https://chaturbate.com/smoker919/
 
Upvote 0
I also think that if it's true that Chaturbate doesn't get involved in any apps and have no reporting functionality yet that's kind of an issue.

Consider the following theoretical scenario:
  • Imagine i'm a malicious actor. I decide to copy a popular app and publish it as my own.
  • It gains popularity and a lot of cam models install it. I make the code closed off from the app directory so nobody can copy it and I can inject malicious scripts into it without other users knowing.
  • I now have access to data about the Model and users tipping. If any user makes a mistake and publishes their address, payment details etc... I could make a script to recognise these strings quite easily and save this data to a key value store.
  • I also know how much each user is tipping so they would be my targets and I could discriminate based on their gender or name if I wanted 2.
  • I could then look at all the users who are using my app very easily and run a command in chat. This command could send this info back to me only without the model ever knowing anything had happened.
I am not a hacker at all and a bit of an idiot when it comes to security and if i'm able to figure this out then the chances you have malicious apps on the platform doing this is very high if you aren't moderating them properly.
 
Upvote 0
Now obviously performers can opt to make this kind of data accessible through something like a Longpoll JSON feed at their own discretion and malicious actors can user scrapers but it makes it just that much easier for app developers especially when malicious users posting sensitive info they've found about performers in chat such as their address can be collected and placed in a key-value store by a malicious developer even after the user is banned.
 
Upvote 0
Maybe a good way of at least giving perfomers a chance to find these malicious bots would be to make it possible to easily view a copy of the Key-value data stored on them and other users. This seems like a very basic GDPR requirement more than anything to be honest.

This is something that should be very easy to do. For e.g. converting to a JSON file and adding an export button visible only to the performer in the broadcast page. Why this hasn't been done already confuses me a bit but I guess it may have not been a priority at the time or something.
 
Last edited:
Upvote 0
I made apps so i know about apps.
The problem has always been, you make them open source , people copy them as closed source , make aggressive promotion and your own app goes to the background.
or you make them closed source. And the broadcasters do not care , they don't even look at it.

It's also not only the code that makes a good app. It's also the idea.
Some apps are simple but brilliant and i can write with different code a new app that does exactly the same.

And some app writers want to make some advantage of their apps , for example charging some token for new functions.
I can not blame them for that. You do a lot of work for a high commercial company ... for free ?
And then your app must be closed source.

I know there are apps with malicious code. You may remember Insidio but i know bots from i_n_p also got some "undocumented features".
and even V2 apps , i know that the most famous hidden show app got a "bug" that can be exploited.

maybe an idea ... @punker barbie

give a big red warning if a broadcaster starts a closed source app.

or ... and this can be nice ....

make open source apps free to use and closed source apps 1 token a day and that token goes to the developer.
 
Last edited:
Upvote 0
droopla said:
I made apps so i know about apps.
The problem has always been, you make them open source , people copy them as closed source , make aggressive promotion and your own app goes to the background.
or you make them closed source. And the broadcasters do not care , they don't even look at it.

It's also not only the code that makes a good app. It's also the idea.
Some apps are simple but brilliant and i can write with different code a new app that does exactly the same.

And some app writers want to make some advantage of their apps , for example charging some token for new functions.
I can not blame them for that. You do a lot of work for a high commercial company ... for free ?
And then your app must be closed source.

I know there are apps with malicious code. You may remember Insidio but i know bots from i_n_p also got some "undocumented features".
and even V2 apps , i know that the most famous hidden show app got a "bug" that can be exploited.

maybe an idea ... @punker barbie

give a big red warning if a broadcaster starts a closed source app.

or ... and this can be nice ....

make open source apps free to use and closed source apps 1 token a day and that token goes to the developer.
Click to expand...

I don't entirely understand what you mean here. You can still stop users from duplicating your apps directly without removing it from the app directory. Broadcasters can still see and add your apps the code just isn't directly visible.

Providing a "big red button" to purge apps that don't directly share their code would remove the vast majority of the apps on the platform as well. If you mean forcing developers to share their code with all users then I would immediately drop all the apps i've made so far because I don't want my apps to be duplicated by others without any credit potentially for malicious purposes.

I also wouldn't say charging tokens for apps or features in apps is taking advantage of anyone as long as it's clearly communicated in the app description and features are not removed from free existing apps to be made into paid features. It's also something Chaturbate allows and helps support developers who make large projects on the platform. Even popular developers who only publish free apps usually accept app commissions or sell other services alongside their work.

The issue isn't necessarily just to do with apps that have malicious code in them as well it's to do with the fact that it is painfully easy to make a malicious app and promote it to the front page. A Model can also be completely unaware of any data thats being stored on them in the Key-value data stores.

Because of this it's also difficult to even identify if an app is malicious or not. For apps that duplicate a popular app then hide the code they could be doing quite a lot behind the scenes without anyone except the developer knowing.

Whats needed to begin with is the absolute basics which are not available currently. The ability to report apps and the ability for a Model to see the key-value data stored in each app they have running.

If Chaturbate allowed a seperation of licensing for assets and code as well as giving developers credit by licensing projects under MIT not MIT-0 this would be a different conversation.
 
Last edited:
Upvote 0
SCRIPTA said:
All of this has already been discussed before...

How to deal with malicious CB apps?
Click to expand...

Not entirely. It's repeating a few issues that have been mentioned before but it's meant to mostly be about Streamersuite and the app directory as a whole.
It's also a genuine support query i've sent to Chaturbate so i'm still waiting for a reply back.
 
Upvote 0
For transparency, @NaomiNSFW contacted me after their initial communications with CB Support and we have discussed these issues and others in private communications.


StreamerSuite's intentions were obvious from the beginning, but full credit to @NaomiNSFW for identifying the fake reviews and the impact of skewing the app store ratings by manipulating keywords.

I 100% agree that the MIT-0 licence needs to be replaced by the regular MIT license or something comparable. Knowing that they would simply steal them, StreamerSuite's actions have slightly cooled my interest in contributing new and needed open-source apps to the ecosystem. Limitcam and statistics modules that I've developed will only be released as part of personal or subscription apps now whereas I had previously planned to release both open source.

CB published the v2 App Submission Guidelines nearly a year ago, but to date there has been no attempt to enforce it. It would take very little effort for CB, for example, to add a warning to models for all V2 apps whose descriptions are blank (§§ 1.1 and 1.5 of the v2 App Submission Guidelines).

A mechanism of some kind is desperately needed to report apps suspected of violating §§ 2.2 and 2.3 of the v2 App Submission Guidelines, with safeguards to prevent this mechanism from itself being abused and also clearly stating real consequences for developers if reported apps are indeed found to contain hidden or disruptive functionality.

A retroactive submission guidelines document for V1 apps and a reporting mechanism is also needed. It is a little ridiculous for CB Support to issue the reply that @NaomiNSFW received stating that all apps are open source when it is absolutely false. @punker barbie I really hope you can address this internally to CB as I received an almost identical response to a complaint I submitted in May of last year.
 
  • Hugs
Reactions: NaomiNSFW
Upvote 0
It looks like CB saw that there was some truth to these concerns because they removed the Top Rated section of the V2 app directory in today's dev portal update:

Screen Shot 2025-01-31 at 12.00.09 PM.png
 
Upvote 0
So it seems like the scam being orchestrated by StreamerSuite, aka Designurbate, is even bigger than previously thought. It looks like the Camgirl Survival Guide website and associated Reddit feeds are also them.
 
Upvote 0
smoker919 said:
So it seems like the scam being orchestrated by StreamerSuite, aka Designurbate, is even bigger than previously thought. It looks like the Camgirl Survival Guide website and associated Reddit feeds are also them.
Click to expand...
On top of this we've found smear campaigns against Smoker https://camgirlsurvivalguide.com/warning-remove-smoker919s-apps-from-your-room/ despite advertising apps directly stolen from Smoker919 https://camgirlsurvivalguide.com/spam-bot-blocker-for-chaturbate/ & other developers https://camgirlsurvivalguide.com/get-more-chaturbate-followers/

They also suggest a lot of false information including not using Overlays for the following reasons...

1740957429280.jpeg

None of which is true since Overlays run in a separate scene entirely to your main Webcam & take up a tiny amount of resources.
Most of the posts on the blog are simply there to drive traffic to Streamersuite and Designurbate and every single blog post has links to Designurbate.

We also found the Designurbate Reddit page called r/ChaturbateTemplates is operated by a lot of duplicate accounts likely owned by the same person: https://www.reddit.com/mod/ChaturbateTemplates/moderators/

In short if you see the words Streamersuite, Designurbate or Camgirl Survival Guide it's probably not worth whatever they're offering. If you find a really good Streamersuite Bot it's likely good because it's been taken from another developer.
 
Last edited:
Upvote 0
NaomiNSFW said:
On top of this we've found smear campaigns against Smoker https://camgirlsurvivalguide.com/warning-remove-smoker919s-apps-from-your-room/ ...
Click to expand...
Without choosing sides, what they're saying is not false in regards to the constant advertising of Smoker to "viewers". I agree that the constant advertising of Smoker's apps is unnecessary, and annoying thing to have thrust upon viewers. They're usually NOT broadcasters who would ever make use of any of the apps anyways, so why?!
 
Upvote 0
SCRIPTA said:
Without choosing sides, what they're saying is not false in regards to the constant advertising of Smoker to "viewers". I agree that the constant advertising of Smoker's apps is unnecessary, and annoying thing to have thrust upon viewers. They're usually NOT broadcasters who would ever make use of any of the apps anyways, so why?!
Click to expand...

Hi @SCRIPTA. I'll answer that in three ways:

First, apps advertising themselves is nothing new. Go into any room running the V1 "Roll The Dice" bot or "A Bettter Dice Roller by aety" or "The Menu" or "Baby Tip Menu" or many others and they're constantly advertising themselves in much more obtrusive ways, i.e., in the chat rather than just once when you enter a room. And then, of course, StreamerSuite:

NaomiNSFW said:
1738076964124.jpeg
Click to expand...

My apps follow simple rules for how they advertise themselves, and these rules have evolved, and continue to evolve, based on feedback from both models and viewers:
  1. Each app states near the very top of its app description that it will send occasional notices to users when they enter the room and what the content of those notices is (that it's an open source app and that it will contain a link to my room to read more about app safety).
  2. Notices are only sent to users when they enter the room after a 4-second delay.
  3. The enter notices are not sent to the broadcaster running the app because they receive a similar one when the app starts.
  4. A user entering and re-entering a room will only receive a notice a maximum of once every 10 minutes.
If a broadcaster is running 6 of my apps then, yes, you get 6 notices. There is no good mechanism available for apps to coordinate to combine multiple notices into just one notice. The only resource shared between apps is the limitcam user list and there are already too many apps that take malicious advantage of that fact to want to use it even for a well-intended purpose.

Second, while I won't minimize the risk to broadcasters, viewers are just as much at risk. Many apps contain blacklists that prevent certain users from doing things, and app developers like the author of The Menu use the backdoor commands in their apps against other viewers, not just against broadcasters. Reading tip notes is an invasion of privacy of both the viewer who wrote it and the model who is was for. Muting a user when you're not the broadcaster or a moderator is a violation of that user's right to be in a room and chat. Many viewers have had some experience with malicious apps and it helps them understand and process and avoid future issues.

Third, too many models are passive when it comes to app safety. Very few understand how apps work at all and most just rely on what they've been doing and the apps they've been using, or on what their studios told them, or on the advice of strong voices in their rooms steering them toward specific apps, in many cases for their own purposes and not because it's in the model's best interests. Educating viewers about app safety ultimately means that more models are hearing about it, too, because those viewers carry the message forward to the models they care about and at least try to make positive changes for the protection of those models and everyone in those rooms.
 
Last edited:
Upvote 0
smoker919 said:
Hi @SCRIPTA. I'll answer that in three ways...
Click to expand...
I appreciate your detailed and informative reply. To counter a couple of your points (and I'm only paraphrasing here); just because everyone else has done it that way, is not a good argument. If everyone else is jumping out of a plane without a parachute, doesn't mean it's necessarily the best thing to do. Also (and speaking only for myself here), my broadcast room is not the place to impose instruction/guidance for other models/users, even though it might be with good intentions. If other models/users are too passive when it comes to app safety, well that's their problem... not mine. Perhaps the education of app security should be on CB's end of things. I do understand your viewpoints, I just disagree with the advertisements. But, it's just a small inconvenience/gripe.

:happy:

Edit to add...

As I'm no longer able to edit my post earlier in the thread. I want to make clear that it's not my intention to single anyone out. I only wanted to state that the article was not wrong about apps advertising. The intent of the article to discredit Smoker, however, is malicious at a minimum. The original article is "hypocritical" - not sure if that is the correct word, as English is my third language; but that the article is about Smoker's obtrusive advertising, when in fact StremerSuite does exactly the same thing, and even to a worse degree.
 
Last edited:
Upvote 0
You must log in or register to reply here.

Similar threads

smoker919
  • Question
Looking for testers for new apps
Replies
2
Views
175
Chaturbate
studioWCBogotaCalle80
studioWCBogotaCalle80
smoker919
    • Like
    • Helpful!
  • Question
The Menuu: A safe version of The Menu
Replies
1
Views
195
Chaturbate
Wolfjaeger
W
smoker919
  • Question
🤖 SmokerBot Update
Replies
0
Views
67
Chaturbate
smoker919
smoker919
S
  • Question
How to deal with malicious CB apps?
Replies
79
Views
5K
Chaturbate
SCRIPTA
SCRIPTA
cexmental
  • Question
𝗦𝘆𝗻𝗲𝗿𝗴𝘆 (𝗮𝗹𝗹-𝗶𝗻-𝟭-𝗮𝗽𝗽) *𝗙𝗥𝗘𝗘*
Replies
1
Views
149
Chaturbate
cexmental
cexmental
Top Bottom
Back