My kid found this app called winner winner. (I promise this isn’t spam or an ad. play it or don’t, I am not affiliated in any way.) Apparently you can remotely control carnival game machines through it, like claw machines and the like. And if you win stuff, they ship it to you. (we had to buy a one time $5 token pack to qualify for free shipping, but since then it’s been truly free to play for us.) So my kid collects the free tokens or whatever every day, and when they have enough saved up, plays a claw machine, and sometimes wins some tchotchke, which eventually shows up in the mailbox a couple weeks later.
This doesn’t appear to be a scam of any kind. We’ve only been charged the original 5 bucks, and multiple little garbage stuffed toys have been received. Way cheaper than a trip to Dave & Busters or even Chuck E Cheese.
The first few prizes came from Tajikistan of all places. OK, international shipping isn’t cheap, but I guess maybe warehouse space for a bunch of claw machines with cameras pointed at them, and labor costs for someone to wrap up the toys as they fall out and package and ship them is probably cheap there. And I suppose they are counting on addictive personalities who can’t restrain themselves to free-to-play, and maybe a few “whales” keep them in business.
But, here’s what I don’t understand: the last package came from Thailand, by way of Azerbaijan. There were two postage stickers on it, both with my kid’s screen name, one from Thailand, partially covered up with another from Azerbaijan. So it’s not just a re-used envelope. Can it really be profitable to ship a 5 inch stuffed toy internationally, TWICE, for less than the $5 we originally gave them? Why not ship directly? Is there some customs benefit? Are we part of some money-laundering or drug running scheme? should I check this stuffie’s insides for listening devices?
International shipping by post is a weird thing. The postal treaties require that the recipient nation’s postal service bears the cost of delivery once it drops on their shores. This has already led to friction over delivery from China and especially Hong Kong. The treaties assume that the number of packages and letters is pretty even each direction. For businesses sending near worthless stuff in packages this is great.
It bothers me that the app is apparently providing real time control of some remote device. This implies that there is a two way channel punched through between the remote site and the app. This isn’t necessarily a happy and secure thing to allow. I can think of ways that this could be used to create minimally a man in the middle attack on the phone, and possibly worse.
So if your kid doesn’t have a banking app on his phone, and can’t do much damage, it probably isn’t a huge risk. But in general, this app seems to have a bit more freedom than I would like to see, and there is a lot of trouble being gone to to get people to have their phones running for periods of time with an active connection.
Based on the reviews of the store from play.google.com, the business model is to hook kids with the option of a limited amount of free play and get them excited about winning. The app probably makes it very easy to win once or twice to get kids hooked. Then, the game can sell them more credits to play more often. It seems that if kids don’t pay for more credits, the app just makes the claw machine harder and harder to control for users of free credits so that it stops paying out altogether. It seems obvious that the prizes they are giving away are worth less than the amount they expect to receive from tokens purchased by parents.
As noted above, it can sometimes be surprisingly cheap to mail cheap light things internationally.
Also, at least one review says that the players don’t see the actual prizes they are picking up. Is the claw machine entirely simulated in the game? It’s easy to fake the outcomes even using a real robot claw but easier still if it’s just a video game.
Additionally, such apps typically rely on a small number of “whales” for profit. Even if most users pay little or nothing to use the app, it only takes a few big spenders with addictive personalities to make it profitable.
They’re making money, or they wouldn’t still be doing it.
Opening up a two-way channel is dangerous, even if you don’t have any banking apps on the device. Would you want someone to wander around your computer searching for who knows what? They likely gather information and sell it to spammers or anyone interested in accessing your device. It may seem harmless, but that doesn’t mean it is.
Not sure what you guys mean about opening a “two-way channel”. 99% of mobile games send data to and from a server. If we were to avoid that, we’d be hard pressed to find any game to allow the kids.
Without allowing permissions for the app to access local files (which we haven’t, and haven’t been asked to do), there should be no way for the app to run malicious code, no? I mean, sure, maybe they are stealing cycles from the phone to mine crypto while the app is open or something, but they shouldn’t have access to bank accounts or other data on the phone. That’s what OS security is supposed to do. The two-way communication here is no more scary than watching youtube. the phone sends commands (up, down, left, right and drop for the crane, or play, pause, skip forward, skip back, request this video, etc. to youtube) and then the site sends video back (either a livestream of a crane for winnerwinner, or videos of the hyrdraulic press guy breaking stuff for youtube). I’m not saying it’s impossible for a bad actor to hack a phone, but that goes with the territory of smartphones, and isn’t unique to this app.
Yeah, the prizes we get sent are not the actual prizes from the machines. When you get the claw to grab something and “win”, you then get your choice of actual prizes to select from. So the warehouse with the prizes doesn’t actually have to be the warehouse with the machines. And they just need someone to periodically throw the “won” prizes back into the machines.
I guess I’m just surprised by international shipping being so cheap. Is it because the prizes aren’t very heavy? Every time I’ve tried to buy something substantial from overseas, the shipping was prohibitive. And any guess about that double-shipping from Thailand to Azerbaijan and then from Azerbaijan to the US?
Shipping a parcel is stupid-expensive. Mailing a package is stupid-cheap. That’s the difference. One is private industry, the other is government agencies.
The critical thing the shipper needs to manage is that international mail only handles rather small rather lightweight things. Stuffed plushies a few inches long are ideal.
Are you controlling an actual claw machine? Are there really warehouses full of real claw machines, each one with its own webcam and controlled by a single player? That seems really expensive and inefficient. The power requirements, equipment costs, and maintenance costs would be really high. I doubt that’s what’s really going on. I would guess this has to be some kind of computer graphics that makes it look like you are controlling a real claw machine. It may look real, but I’m guessing it’s animated.
Lots of these “free” games only give you so many plays per day. If you want to play more before the next day, you have to buy more plays with real money. The game “Candy Crush” made millions per day with this model. The game was free for a few plays per day, but addicted players would buy more and more plays so they could keep playing.
In the interest of science, “For, Science!!,” I tried it. You really do seem to be controlling claw machines. I would be shocked if it was computer graphics. I even had a machine malfunction and got my tokens refunded.
During my few free plays, I won a 12 inch plushie. I’ll be very interested to see if/when I get it.
Yeah, this is it. I got a number of free plays to start off with and then the price went up dramatically. To play again today, I’d have to watch about 50 ads (not an exaggeration) or pay real money. If it’s worth maintaining real claw machines in a public venue, I’m sure it’s easily worth maintaining these claw machines.
There is more to the app. You can also play more standard app type games to earn tickets. If you get a bazillion tickets, you can trade those in for prizes as well.
When I won the plushie, I wasn’t trying to grab plushies. I was trying to grab very bouncy, cubish ball things that were very difficult to grab on to. I got lucky and when the bouncy cube slipped out of the claw on the way back, it bounced into the prize hole.
My concern about the open channel to the game was that is a real time connection sending user input and receiving video. That places almost the entire user interaction outside of the app. The usual basic checks done on apps can’t see the nature of what is displayed or how users interact with it. It becomes a blank canvas onto which any content and user interface can be placed.
That sets off alarm bells. The above description of monetisation of playing makes sense. But the weird nature of the entire thing makes me nervous. If I was working for a nefarious state this would be a great sleeper trojan. It could operate for ages, and only when needed used against a very specific target to attempt to steal credentials and escalate a focused attack.
They get valuable marketing info about a confirmed person and address that can be sold multiple times to various companies which worth multiple times the cost of the cheap prize and shipping.
Watch your email inbox and mail for the numerous unsolicited offers sure to come your way.
Well, I got it! It’s supposed to be a Kawaii Sparrow. It’s big and fairly cute. The wings look more like wings though. Next to a Boston Terrier for size reference.