#Ransomware style 'lite' assets.

I am seeing new trend in the asset store. 'lite' version of add-ons that "Stop your game from Building, until you pay for the full version."
I am reporting each one with the following.
"Any 'add-on' that stops my game from building until i pay for it is not a 'lite' version. it is ransomware. This new trend of this type of assets needs to stop, and current 'assets' of this state need to be removed from the store immediately. Do not repeat the same type of BS with this new ceo. everyone is watching."
here is an example that is in the Free section right now
https://assetstore.unity.com/packages/tools/visual-scripting/narramancer-apprentice-280929

As stated in the Submission Guidelines for assets (Thanks for the reference @ SteveSmith):

1.4 Restrictive Content and Lite products

1.4.a Submissions do not include any digital rights management (DRM), time restrictions, or functionality that restricts users from directly using content or features to their full extent, including registration, sign up, or paying extra costs (such as having a subscription-based payment system). Functionally necessary or third-party limitations, such as API throttling, are an exception, but they are disclosed transparently in the package description.


1.4.b Packages do not include watermarks or otherwise obstruct the use of the product.


1.4.c Submissions do not have any artificial limits implemented on functionality or usability. You can provide a "lite" (smaller/cheaper/indie/free) version of your package with fewer features compared with the full product, provided that each included feature has identical functionality to your main product.

This is just one example of an asset that is in clear violation of 1.4a and 1.4c. possibly 1.4b as well

damn, i thought they carefully checked every asset before allowing them on the asset store. now i am afraid to download or buy anything from the asset store in case i get something like this, or even worse, a virus or some other malicious things 🤮

I was under the same impression, so i am anxious to see their response. It will be another corporate suicide for them to say "Oh yeah, that is SOP now"

<@&502880774467354641>
Want a response on this too.
This is unacceptable.

@zenith minnow thanks for bringing this up

I dont think viruses would get trough as they are atleast scanned automatically

You can report the publisher using proper channels, specifically on their publisher page

https://assetstore.unity.com/publishers/50556

idk if they can catch other malicious stuff though for example deleting your game's scripts or hidden telemetry or such

Jeez thanks for sharing this

yeah its not just them tho, we need a unity response on this and unity needs to take action against all of them,
without the users needing to search for them and report them, its unitys job to maintain their sites integrety, not the user

true tho, but thats hard to catch even on manual review

thats why they're paid a salary i guess

Hi folks, I've contacted the Asset Store team and will get back to you once they respond. Thank you for bringing this up!

Hi folks, just got a response from the Asset Store team:
This kind of setup is not allowed, and the asset has been removed. Thank you for reporting this!

Excellent. Thank you 🙂 Hopefully they will do better in filtering the asset Before they reach the market.

Hey thanks. But you do realise this is about multiple assets doing that, its only this one as an example.

could the asset store team explain how this asset managed to slip through the cracks? do they not check every asset as rigorously as they should? what else might they have missed, potentially even more malicious than this example?

The curation team is absurdly backlogged. They have a review queue that is several months long for new submissions. Yes, you heard that right - no asset can be published without sitting in a queue for several months.

Update curation is different. For existing assets on the store, its faster (days/1 week), and does not evaluate the asset as thoroughly. It's pretty easy to slip in code changes after the first submission that are not reviewed. I'm assuming that is what happened here, or the initial submission simply has no basis to evaluate this type of issue. Curation is mostly outsourced, so who knows.

Thats just pathetic, especially with the new pricing plan....

Millions of $ but such slow and badly curation would be unacceptable. But the other options are either bloated to fuck (unreal) or just plain bad (godot), so we cant do but accept this.

Its just sad

The 4 people still doing the job are overloaded and working sloppy, unity is saving money at the wrong place apparently.

Well, it's not really the UAS team's fault. They have limited resources and struggle to get the changes they really need implemented (funding, talent, etc). Plus, Unity doesn't really make much money from the Asset Store department and it is technically functioning just fine, so they don't have a great deal of incentive to frontload money into it. Additionally they have a monopoly on Direct Engine Integration (EULA prevents any 3rd party direct integration) so objectively there is minimal reason to invest more into it because no one can compete with them.

The queue actually used to be worse until they made some big changes which basically cleared the queue completely (0 day publishing) and then it slowly scaled back up so super slow again. Likely due to growing popularity and spam assets that get rejected but still flood the work queue.

The UAS team does what they can, but this has been a growing struggle for years.

Its not UAS fault but Unity allocating too little resources, they dont make much money from it but an asset store is a must have for an engine and shouldnt be left to rot like this

Since Muse is a thing, they should be running all asset through it (to the extent possible). And in the case of this particular example, it was clearly self stated in the description what it would do (not allow the project to build without paying). This is not something that slipped through in a sneaky fashion. This simply was not checked at all, beyond some basic virus scans and a check for compilation errors (I assume). this Is an error by the UAS team. there is no excuse for this, @ Lane

Maybe so. Just trying to give some context for fairness.

what does 3rd party direct integration mean?

Imagine that you went and made a Marketplace website, and publishers sold unity packages there. You are competition to the UAS. However, UAS has a seamless integration with the store, so users have a clear interface between purchases and the Editor where you use them. However, you are not allowed to do that, so users have a less seamless process to obtaining/updating/importing their purchases.