Simple cure for this type of problem
I use Spotify occasionally, but only in a browser and only with NoScript and Adblock blocking most of the crap. If you want users to trust your application then you need to distributed an application rather than a security vulnerability package dressed up as an app. Get rid of the crap or end up like the AIM client. I wouldn't run their app in a disposable VM.