Tuesday, 24 January 2017

[Android] Annoyed of reconnecting? Here comes the solution

One of the biggest complaints from our users are: why my VPN app is disconnected again?

To be fair, it's already better than many of our competitors who would just drop the connection silently without notifying user. But still, we have build-in reconnect logic and why it's not working?

After a few days investigation and experiment, we think we found a reason.

What makes my VPN connection unstable?

Apart from unstable mobile network, one of the biggest causes of frequently disconnect / reconnect is Android Doze feature introduced in Marshmallow (Android 6.0), which is designed to save battery when you are not actively using the phone. This is accomplished by blocking notifications and networks, and preventing wake up app unless user want to. For more details, there is a good blog in lifehacker.

It's a good idea for most of the case, but VPN is a very special type of app. It's not always a good idea to save some battery at the cost of anonymity and security. Here is how you can turn off battery optimisation if you want.

How can I whitelist Just Proxy VPN?

Step 1: open the left drawer menu. You would see a newly added Battery Optimisation option. Tap it.

Step 2: a new dialog will popup, to confirm if you really want to switch off Battery Optimization

Step 3: another dialog from Android will be prompted to confirm on behalf of system

Step 4: done! If you want to re-enable battery optimisation, then just tap the same option from left drawer, another guide will popup for you to configure.

Manual configuration

If it's not getting better, then most likely you are using a firmware that is having a different implementation than native Android, like MIUI. Here are the steps to manually configure:

Native Android 6.0 (Marshmallow)

Step 1: find Battery configuration in settings

Step 2: inside Battery main page. Expand top right menu and tap Battery Optimisation 

Step 3: make sure you filter by App apps so that you can find Just Proxy VPN app from the list

Step 4: select Don't optimise option

Step 5: make sure Just Proxy app is now Not Optimised

MIUI 6.0

Step 1: find Battery configuration in settings

Step 2: tap Manage apps battery usage

Step 4: Choose apps

Step 4: find Just Proxy VPN and make sure it's changed to No restrictions

Monday, 2 January 2017

Buy Chrome extension membership via your Android phone

One of the top complaint we received since adjusted pricing model is: what if I don't have a Paypal account?

Here comes the solution:

pay through Google Play with your Android phone

Step 1: install the App

Go to Google Play store, download and install Just Proxy VPN app. Because of the way Google Play works, you would have to install the app in order to make any in-app purchase.

Step 2: open the app and open drawer menu

You will see a similar screen as Chrome extension. Now open drawer menu from top left toggle.

Step 3: tap Buy for Chrome

Step 4: enter email address

Enter your Chrome extension account email address. If you haven't got one, you can signup by:
  1. Install from Chrome webstore
  2. Click settings (=) at bottom right
  3. Click Complete your account

Step 6: tap the button to finish your payment.

Enjoy and happy new year!

Wednesday, 9 November 2016

New pricing model: premium users are no longer paying for free users

TL;DR our pricing model is changed from freemium (free + premium) to trial + premium. New premium fee is $1.99 per year per device (except UAE, I will explain later).  You are right, that's an annually price.

What's wrong with freemium model?

Freemium model seems to be the de facto standard pricing model nowadays. The benefits are clear:

  • it's usually easier to convert a premium user in two phases than directly from a stranger
    1. convert a new user to setup a free account
    2. upgrade a free account to a premium account
  • you get free marketing when ppl lower their expectation on free services
We bought this philosophy initially, so Just Proxy was launched with freemium model. It indeed helped a lot at the beginning by attracting lots of installs. But the natural free to premium conversion is just too low to make the whole model sustainable.

Let's do the math, assuming the free to premium conversion ratio is 1/1000 for a newly launched app (it's not our number but not far off). This is not scalable at all, I can hardly imagine any service would break even with 0.1% users paying for the rest 99.9%. This is extremely true for VPN industry, when bandwidth and servers are still expensive. 

What are the options?

We discussed a few options:
  1. Increase the premium membership fee. Until today we are charging $5/month, or $50/year. This is slightly cheaper than our competitors. But given we are rated (4.72/5.0) higher than our competitors, can we try to increase our fee for a better service?
    • Rejected: with the raised premium charge, we might end up having even less premium users (say 1/5000) paying for the rest (say 4999/5000), then shall we raise again? On the other hand, do we really want to rip off a group of people but actually spend the money on another group? 
  2. Increase the free to premium conversion ratio. 
    1. Throttling network speed for free users
      • Rejected: we are harming 99.9% users experience simply to make that 0.01% looks more compelling? 
    2. Prompt premium plan more aggressively, like extension popover, email etc.
      • Rejected: our ultimate goal is to make a VPN that just works. It should be something start-and-forget. All the complexities should be handled seamlessly in the background. This approach is against our goal. 
  3. Introduce advertisements
    1. extension ads
      • Rejected: same as 2-2. With extension ads, we would inevitably complicate the operations to get more ads presences. This is fundamentally against our goal to make a perfect VPN app. 
    2. inject ads to the page by replacing existing ads or content with ours
      • Rejected: this is harming website's benefit. They are already getting the traffic but ends up showing someone else's ads. I wonder it might even be illegal in some countries. We discussed this option because some of our biggest VPN competitors are surprisingly doing this. 
So what are the other options?

Our new pricing model

The new pricing model is very simple. All new installs are given one hour trial, and then $1.99 per year per device for unlimited access. By unlimited we mean:

  1. no location limitation. You can freely access all 18 locations instead of 3. 
  2. no speed limitation. Feel free to stream 1080p videos.
  3. no time limitation. You can keep the extension on 24 x 7 if you like.
  4. no total bandwidth usage limitation. 
And again, $1.99 is for a whole year. When a premium user is only paying for his/her own usage, the total fee can actually be reduced from $5/month to $1.99/year.  Although Paypal is charging even more on small amount transactions, we anticipate healthier financial conditions with the new plan. 

What about existing users?

Thanks for all the early adopters, we won't be able to improve so much without your timely feedback.

All existing free users can enjoy the trial until the end of November (instead of one hour), and then decide whether they want to

All paid users can request refund anytime and re-join with the cheaper plan. There is no more 14 days money back limitations for for any plans started on or before Nov 9th.

Any questions feel free to write to justproxy.crx@gmail.com. We actually monitor this address.

Monday, 5 September 2016

The underground industry to manipulate play store ratings, and any other rating communities.

cannot really post images on Reddit so have to setup a new blog to post this. Feel free to discuss on reddit post or write to us directly: justproxy.crx@gmail.com

What's happened to our app?

So we have been developing our Android VPN app. It's not an easy one if you are familiar with Android's VpnService interface.

After a few months hardworking, we released our first version at the end of July. Initially it was great! Without any marketing we had more than 100 downloads in the first few days with all 5 reviewers giving us 5 stars! (Fine I rated the first one myself) We were even day dreaming Google guys noticed it and put us on editor's choice list.

Second week there was a 1 star and a 2 stars, which dilutes our score to 4.5. But that's not too bad. With the reported crash report, we managed to optimise our memory usage and released an enhanced new version.

The following week was rewarding. Our enhanced version was getting more downloads and all 11 ratings of 5 stars! On Aug 20 our overall score climbed up to 4.7!

That sounds like a perfect world isn't it? You work hard, you get reward.

But it isn't.

Starting from Aug 20, we are receiving one star every day with no obvious reason, which cut down our rating to 4.08 in 2 weeks.

This is definitely fatal to a new app:

as expected, our installation has dropped as well:

which absolutely make sense. If you see 2 VPN app in your search result, one 4.5 with 10 million download, the another is only 4.1 with 10k download. You wouldn't even download the second one would you?

Why do we think our rating is manipulated?

Unlike the previous one star, we suspect this time our rating is manipulated from one of our competitors. For the following reasons:

  1. Most of the bad ratings come between Hong Kong 12pm and 2pm. However, Google Analytics says there are almost no installs during that period at all. (unless Google always notify owners during this period? can anyone confirm this?)
  2. Our retention rate is quite stable through out past 2 weeks, which means whoever installs the app are still enjoying it.
  3. App itself is working fine. No crash reported from various channels:
  4. VPN servers are working fine. Our Chrome extension using the same set of servers are still getting (nearly) full marks:
  5. Most of the one star reviews are anonymous. Those with reviews are not really sensible. Like this one, hey we are not even published in China!

Shocking Facts: there is an industry to manipulate play store ratings, and any other rating communities.

While we are investigating ratings, I found something really astonishing to me from Taobao.

For those new to Taobao: this is the Chinese eBay + Amazon under Alibaba group. yes, the one listed in Nasdaq last year. Taobao was started in mainland China around 10 years ago, now getting more and more popular in Hong Kong and other greater China areas as well.

This screenshot is the search auto completion for "Play Store", the first few suggestions are:

  • Buy Android Play store volumes (I take it as downloads and reviews)
  • Buy Android Play store top charts (how?)
  • Buy Android Play store source code (really?)

There are hundreds of service providers for each keywords. Take "Buy Android Play store volumes" as an example, each thumbnail indicates a provider:

click into one of them, new account registration + download + 5 star rating with review is only 1 RMB, which is about US $0.15. From the history they have so far sold 50k units.

looking at the description, they even provides legitimate receipt from Chinese government:

Let's do the math. Say there is a new app out there and getting first 100 ratings all 5 star. For such a star product, you only need to pay $15 ($0.15 x 100), to pull the average from 5 to 3. Low enough that no one even bother trying it out from now on (like ours)

Yes, it will be risky to buy good reviews to your own app. Google can detect unnatural pattern and delist your app. But I cannot think of any risk if you buy ppl to downvote your competitor's product. What can Google do? Delist your competitor's app? :)

To me the most astonishing part is not the existence of the industry, but the way they made it so easy to access at such an affordable price without any risk.

Taobao is only the market I am personally familiar with. Surely any of our competitor will have access to similar service in their own commodity. It's not really

How does it work?

So how does this industry work? It's not straightforward to me at all. If I am running a Taobao shop I can hardly make it breakeven.

First of all, $0.15 is not enough to hire anyone on the planet to register an email -> register play store -> download certain app -> upvote / downvote the App etc. No, not even in mainland China in 2016. The whole process has to be automated.

Additionally this automation cannot be a simple script chaining steps together. It needs to be intelligent, otherwise it's very easy to be caught, especially by Google, who has many years rich experience protecting PR not being manipulated by SEO industry.

In order to make ratings looks more natural, you would need to make your script really smart, something like:
  1. Only x% of ppl downloading the app will rate it. Of course, x would be the industrial average, which will be different for each country / category etc.
  2. A few random apps should be installed and rated before the targeted app, so that it looks like a real user.
  3. Your script will need to fool Play Store that you are from different places of the world using different internet provider. You don't want to have 1,000 5-star ratings from same IP belonging Hong Kong Broadband claims they are actually 1000 irrelevant users. 
  4. etc, etc, you get the picture
Unless, unless you already have a list of accounts representing a natural distribution? 

Hmm, that's a good and scary guess. A simple google confirmed this is (sadly) actually doable. Now that everything makes sense now, at least to me.

First there is a group of ppl writing trojan / malwere. I call them broiler farmers. They write, spread malware around to infect Android phones (broilers). Before writing this I thought sandbox based architecture is very hard to infect, because OS strictly limit what an app can do. Security issue should only be a concern for rooted phones. I was so wrong: http://www.techrepublic.com/article/1-2-million-infected-android-malware-hummer-could-be-biggest-trojan-ever/.

Broiler farmers are eager to sell their broilers but it's hard for to market. It's not fun at all to risk yourself with 20 years jail unless the selling channel is secured. So they would only deal with stable broiler brokers who can continuously bring them buyers without having buyers aware they are actually buying broilers. 

Rating manipulation industry is a perfect broiler broker. They are eager to find neutral distribution of broilers to cast their voting for their clients. At the same time their clients don't really care how this is done.

This union can be really powerful. A big broiler farm can easily provide interface like this:
  1. Give me 20 users who has used Play Store for at least 2 months, 10 from US, 2 from Canada, 3 from UK etc.
  2. In next 20 days, having one day each to download a certain app, and open app for once or twice in next 24 hours. 
  3. 5 of them uninstalled the app in 24 hours, and another 5 uninstalls in the coming 7 days. 
  4. For the remaining 10 ppl, give a 5 star at any time in the next month.
How does that sound? Would you be able to detect the pattern if you were Google? This is just one example. In fact, broiler farmers is so powerful to collect any data without worrying about any privacy policy. They can in theory produce a perfect natural traffic which is impossible to be captured by any pattern recognition algorithms. 

Disclaimer: I have no proof at all on how the industry work. But I strongly feel this can be one of the possibilities. 

What else (good) can we do?

Obviously we won't give up. How can we leave our innocent users to those assholes? :) But sadly there isn't much we can do apart from checking crash report and server logs.

We tried to contact Google. As expected, the response was some standard but already known guidelines. Anything else? Any suggestions will be much appreciated!

PS: if you want to help test, then here is the link. Please please please do tell us if you think there are something indeed wrong with the app. We really hope that's something we can actually improve by ourself.

I guess I am still young. We would like to build great products instead of dealing with this xxxx.

Thanks for your time!