Best practices for clean software

Advertising

Must have:

1. Landing page
   • Clearly identify the product vendor, describe the software functionality, and provide cost information if applicable.
   • Include a list of all bundled software, third-party components/dependencies (for example, monetization engines), plugins, or widgets.
   • Visibly link to the product's EULA and Privacy Policy.
   • Indicate if the software is ad supported, if applicable.
   • Present information in line with industry standards for readability (for example, no green font on a greenish background, and no tiny letters).
2. Disclosure and consent
   • All app promoting pages must clearly identify the vendor.

Prohibited:

1. Misleading ads
   • All forms of threatening messages.
   • All forms of deceptive behavior (for example, missing codecs, plugins, vulnerable/infected machine, when unnecessary).
   • All forms of impersonation of system messages (for example, impersonating the Windows user interface, MSFT/Windows logo, etc.), other brands (such as Chrome, Flash, anti-malware, etc.) or web components (for example, download buttons).
   • Displaying multiple 'call to actions' with different wording but leading to the same or a similar action.
   • Advertising a free product for a cost.
2. Download
   • Auto or direct download from ads is strictly prohibited.
3. Disclosure and consent
   • Starting the app download or installation process without proper disclosure and user consent is strictly prohibited.

Installation process

Recommended:

1. Signing software
   • Every executable file should contain a vendor identifier. No specific format is required, but version information is preferred. Alternatively, a plain text description in a custom section is also sufficient.
   • Availability of a digital signature is preferred.
   • If the file is packed, it should have a Taggant.

Must have:

1. Bundling software
   • All included programs should be legitimate in nature and contain a clear, positive value to the installing user.
   • Each program must be offered on its own offer/install screen with clear information about its functionality, behavior, cost (if applicable) and purpose.
   • Each offer screen must have a clearly labeled skip/decline button or opt-in/opt-out checkbox enabling the user to decline the offer.
   • Each offer screen must have the same wording, 'Call to Action' buttons, navigation style and button placement throughout the installation process.
   • Any software that includes third-party components or software therein must provide appropriate disclosure to end users.
2. User consent, control, and transparency
   • All disclosure and consent clauses must be unavoidable to end users, must meet industry standards for readability, and must be presented in a language that an ordinary end user comprehends.
   • User consent must be obtained before download/installation of any software.
   • The installer must only install the software which the user provided their consent to install.
   • The user must be able to stop the installation at any point.
   • Any data acquisition must be made with the end user's consent.
   • Each setup screen must include exit functionality.
   • App installation must not be affected by any user decisions on the offers.
   • The app must disclose to the user the name of the product, identify developer name or the brand name of the providing entity, and how to contact this entity.
   • The software's EULA must disclose to the user if and how the app may affect any other programs on the user's PC and settings.
   • It must be clear in which stage the installation currently is and show progress during longer stages (i.e. while copying/downloading files).
3. Misleading behavior
   • All of the app's functionalities must correlate with the description mentioned in the installation screens.
4. Update
   • A software updater can only update the main application (it must not install any additional software without the user's consent).

Prohibited:

1. Bundling software
   • Software without offer screens.
   • Any form of promoting exaggerated or false claims about the user's system (health, registry, files, etc.).
2. User consent, control, and transparency
   • Sell or otherwise share a user's personal identifying information to third parties without the user's explicit consent.
   • Any software must have its own privacy policy to describe its data collection, usage, and sharing practices.
   • Software must not bypass/hack the system or other apps' security and consent features (browser hijack, disable notification, etc.).
   • Software must not operate, access any content, or cause the use of a user's PC without prior informed consent (i.e. operate BitCoin miners).
   • Software must not redirect/block/modify searches, queries, user-entered URLs, etc. without user consent.
   • Software must not access any other site that doesn't directly relate to consented software functionality.
   • Any type of installation which does not require the End Users' informed consent is expressly prohibited.
3. Misleading behavior
   • The installer must not mislead a user to take action that was previously declined.
   • Revenue modules must not engage with fictional installations of the product or the revenue model.
   • The software must not display exaggerated, misleading, or inaccurate claims about the health, files, registry or other items of the system of the user.
   • The installer must not initiate the installation of an app based on false, misleading, or fraudulent representation.
   • The software must not falsely claim to be a program from another brand (such as Avast, Microsoft, Google, Adobe, etc.).
4. Interfering
   • Software must not engage with interfering, replacing, uninstalling, or disabling any third-party content, application, browser functionality and/or settings, websites, widget, the operating system or any part thereof without the user's consent.
   • Software must not engage in any fraudulent activity.
   • Software must not interfere with the browser default search/search pages without the user's consent.

Program functionality

Must have:

1. Transparency and attribution
   • Ads must include a clear attribution to the providing application.
   • Ads must be clearly labeled and identified as ads.
   • When injecting data into external content (such as websites or search results), monetization services must be clearly labeled and distinguishable from any platform (such as a website) it appears on.
   • Ads must provide a link to an 'Ad Info' webpage with the following prominent notices and information:
     • A short explanation about why the ad was displayed.
     • Links to the advertiser's full and clear description of the revenue module.
     • Links to the product's terms of service and privacy policy.

Prohibited:

1. Transparency and attribution
   • A program must not fail to clearly indicate when the program is active, and must not attempt to hide or disguise its presence.
2. Program behavior
   • Software must not include monetization services such as pop-ups, pop-unders, expanding banners, etc.
   • Software must not use the end user's device for purposes that are unwarranted and unexpected by the end user.
   • Software must not decrease a PC's reliability and/or cause a poor end user experience.

Uninstallation process

Must have:

• Completely remove all components of the software and/or related monetization modules, leaving no remains on the user's PC.
• Function properly in an equivalent manner to the installation process.
• Include a corresponding 'Add/Remove' entry in the Windows Control Panel or equivalent on different platforms, and the user must be able to completely uninstall the software.
• Show the same software name as shown during the installation process and during operation of the app and/or monetization module. Likewise, the same software name must be visible in the Add/Remove section of the Windows Control Panel.
• Provide an easy way to close the software and/or ads attributed to it.

Privacy Policy and EULA

Must have:

1. Privacy Policy
   • The app and/or monetization service's privacy policy must comply with the applicable privacy and data collection and protection laws, and provide a clear and comprehensive description of the advertiser's data collection practices.
   • The Privacy Policy must specify:
     • Whether the software uses cookies or other means of collecting user data.
     • Whether the software accesses, collects, uses, or discloses users' personally identifiable information (PII).
     • What types of user data is accessed, collected, used, or disclosed, as well as what means it uses to do so and what is done with the collected data.
     • How a user can opt out of PII collection and stop the app and/or monetization service from collecting PII data about them. Users must be able to achieve this in a straightforward way, and the app and/or monetization service must comply with the users' request immediately.
2. EULA
   • The app and/or monetization service must comply with the applicable laws and have an EULA that is easy to access during the installation process and from the app's website.
   • The vendor and product must comply with the EULA as accepted by the user during installation.
   • The app and/or monetization service should be clearly described in the EULA, any changes to the EULA require updated user consent.

Prohibited:

1. Privacy Policy
   • The app and/or monetization service must not sell or otherwise share with third parties personally identifying information without the user's specific consent in advance.
   • The app and/or monetization service must not mislead users about the origin of cookies and/or other means of data collection, or cause a user to falsely believe it is associated with another app.