Mobile security firm AdaptiveMobile has named three apps that it says are guilty of using ‘app growth hacking’ irresponsibly. In this instance, app growth hacking is the practice adopted by some apps of encouraging the person using the app to invite their contacts to download the app via SMS. While Adaptive believes that app growth hacking is a legitimate marketing tactic for promoting an app, it says the practice is being misused, and names three apps – Glide, Meow and Secrets – that are “using this technique to make mobile users the spammers of their own contact list”.

We downloaded Glide to see for ourselves. When you launch the app for the first time, you get a splash screen inviting you to “Get started by inviting all your friends to chat!” and a Continue button. At that point, for fear of spamming my contacts, I quit the app.

According to Adaptive, mobile operators are seeing these app-generated invites occupy a higher and higher percentage of spam being received by their subscribers. During an in-depth two-week study conducted by Adaptive, over 20 popular social networking, communications and community-playing apps all generated varying degrees of customer complaints as a result of app growth hacking. Subscribers who installed the most aggressive apps found it very difficult to avoid texting their contact lists about the service, due to the app design.

“Growth Hacking can be a valid marketing tactic when implemented responsibly,” said Cathal McDaid, head of security operations at AdaptiveMobile. “But apps need to implement ‘ethical’ growth hacking, by ensuring there is an easy way for users to opt out of apps accessing contact lists, giving users easier control of who they are inviting.”

The company says its research also identified technical errors in some apps that cause issues within mobile networks and may allow unsolicited communications from unknown or unwanted individuals. In one recent case, a badly designed social networking app, affecting several thousand mobile phones in N. America, sent tens of thousands of invites repeatedly, draining handset batteries and leading to mobile network issues. In a separate case, another social networking app had insufficient controls on permissions on who could access whom, leading to spamming vulnerabilities. AdaptiveMobile has disclosed the vulnerabilities to the app developers, but other issues remain.

“We are encountering basic problems in these apps’ implementation that are causing them to repeatedly send invites, resulting in mobile phone and carrier issues, as well as identifying apps with potentially more serious concerns,” said McDaid. “We call on the app industry to avoid making notifying all contacts standard practice, to look at the implementation of their apps and to work with the mobile industry in addressing these concerns. This is to avoid these apps ‘forcing’ their users to become spammers and to ensure they are not causing problems for both mobile subscribers and wireless carriers.”