Inauthentic clones are at the fingertips of activist and human rights defenders across the globe.

They are particularly common among VPN, social media and messaging apps. Because of them, citizens fall into malware traps without knowing it. That is one of the most significant risks.

The authors of inauthentic clones range from state-sponsored posers phishing for personal information to hackers looking to make a few bucks by repackaging free open source code.

Even in the mildest case, absent of malware, inauthentic clones have a negative impact on the public-at-large. Clones pull active users away from official apps, affecting the overall success of honest work and the people behind it.

We're working to find ways to overcome this challenge. Within our internet freedom community, it’s a known problem faced by Psiphon, Lantern, and Onion Browser.

We have two primary objectives—

1. To understand why individuals download and use inauthentic clones

2. To generate solutions that help official app teams overcome this challenge

In our first round of research, we will begin to uncover the primary reasons why people install unofficial clones. We will start by reaching out to community members in China, Iran, Philippines, Nicaragua, Ethiopia, and Indonesia. You can sneak a peak at our field guide for these conversations at the end of this post.

In addition, we want to get more information about app distributors within each region. We want to learn about how they determine which apps they make available for customers. We expect the audience of app distributors to include mobile resellers, digital app stores, and key community leaders. It's unclear to us whether we will have access to these people. However, we understand that they are the gatekeepers for app distribution.

If the challenge of inauthentic clones is one you face, please reach out! We would love for this research and design work to be beneficial for you.


Field Guide for Communities

This guide captures the topics and questions we want to cover in conversations with activists and human rights defenders.

Access

  • Where do you normally get apps from?

  • How do you get app updates?

  • Are there any apps you're not able to get from your typical source.

  • How often do you use bluetooth file sharing to get apps from a friend?


Trust

  • If you're searching for an app in the app store and there are multiple results, how do you know which one to trust?

  • If you get a direct download link, how do you know you can trust an app?


Awareness

  • How concerned are you about using the official version of an app?

  • Are you aware that there are inauthentic clones of apps?

  • Are you aware of the risks they could pose?


Specific about [app name]

  • How did you hear about [app name]?

  • Are you able to access the authentic version of [app name]? Please send the link to the app you would download.

    • From whom, did you receive link?

  • Which website is the official site of [app name]?

  • Do you know what the 'real' app looks like?

    • Have you ever seen the app logo before?

    • Can you identify the most updated app logo?


Potential Barriers of the Official App

  • Does the official app work on your phone? (wouldn't actually ask this one)

  • Is the official app available in your language?


Contextual

  • What is your main source for information (ex: Facebook, Google search, friends, etc.)?

  • How often are you connected to the internet?

  • What type of phone do you have?


Photo attribution: "Clones" by Fernando Barrientos is licensed under CC BY-NC-ND 2.0