Avast Antivirus protects your PC by detecting and blocking threats. To accurately determine whether a software program is well intended or not, we have created a set of guidelines that describes what we consider to be malicious and potentially unwanted behavior.
Best practices for clean software
Advertising
Must have:
- Landing page
- Clearly identify the product vendor, describe the software functionality, and provide cost information if applicable.
- Include a list of all bundled software, third-party components/dependencies (for example, monetization engines), plugins, or widgets.
- Visibly link to the product's EULA and Privacy Policy.
- Indicate if the software is ad supported, if applicable.
- Present information in line with industry standards for readability (for example, no green font on a greenish background, and no tiny letters).
- Disclosure and consent
- All app promoting pages must clearly identify the vendor.
Prohibited:
- Misleading ads
- All forms of threatening messages.
- All forms of deceptive behavior (for example, missing codecs, plugins, vulnerable/infected machine, when unnecessary).
- All forms of impersonation of system messages (for example, impersonating the Windows user interface, MSFT/Windows logo, etc.), other brands (such as Chrome, Flash, anti-malware, etc.) or web components (for example, download buttons).
- Displaying multiple 'call to actions' with different wording but leading to the same or a similar action.
- Advertising a free product for a cost.
- Download
- Auto or direct download from ads is strictly prohibited.
- Disclosure and consent
- Starting the app download or installation process without proper disclosure and user consent is strictly prohibited.
Installation process
Recommended:
- Signing software
- Every executable file should contain a vendor identifier. No specific format is required, but version information is preferred. Alternatively, a plain text description in a custom section is also sufficient.
- Availability of a digital signature is preferred.
- If the file is packed, it should have a Taggant.
Must have:
- Bundling software
- All included programs should be legitimate in nature and contain a clear, positive value to the installing user.
- Each program must be offered on its own offer/install screen with clear information about its functionality, behavior, cost (if applicable) and purpose.
- Each offer screen must have a clearly labeled skip/decline button or opt-in/opt-out checkbox enabling the user to decline the offer.
- Each offer screen must have the same wording, 'Call to Action' buttons, navigation style and button placement throughout the installation process.
- Any software that includes third-party components or software therein must provide appropriate disclosure to end users.
- User consent, control, and transparency
- All disclosure and consent clauses must be unavoidable to end users, must meet industry standards for readability, and must be presented in a language that an ordinary end user comprehends.
- User consent must be obtained before download/installation of any software.
- The installer must only install the software which the user provided their consent to install.
- The user must be able to stop the installation at any point.
- Any data acquisition must be made with the end user's consent.
- Each setup screen must include exit functionality.
- App installation must not be affected by any user decisions on the offers.
- The app must disclose to the user the name of the product, identify developer name or the brand name of the providing entity, and how to contact this entity.
- The software's EULA must disclose to the user if and how the app may affect any other programs on the user's PC and settings.
- It must be clear in which stage the installation currently is and show progress during longer stages (i.e. while copying/downloading files).
- Misleading behavior
- All of the app's functionalities must correlate with the description mentioned in the installation screens.
- Update
- A software updater can only update the main application (it must not install any additional software without the user's consent).
Prohibited:
- Bundling software
- Software without offer screens.
- Any form of promoting exaggerated or false claims about the user's system (health, registry, files, etc.).
- User consent, control, and transparency
- Sell or otherwise share a user's personal identifying information to third parties without the user's explicit consent.
- Any software must have its own privacy policy to describe its data collection, usage, and sharing practices.
- Software must not bypass/hack the system or other apps' security and consent features (browser hijack, disable notification, etc.).
- Software must not operate, access any content, or cause the use of a user's PC without prior informed consent (i.e. operate BitCoin miners).
- Software must not redirect/block/modify searches, queries, user-entered URLs, etc. without user consent.
- Software must not access any other site that doesn't directly relate to consented software functionality.
- Any type of installation which does not require the End Users' informed consent is expressly prohibited.
- Misleading behavior
- The installer must not mislead a user to take action that was previously declined.
- Revenue modules must not engage with fictional installations of the product or the revenue model.
- The software must not display exaggerated, misleading, or inaccurate claims about the health, files, registry or other items of the system of the user.
- The installer must not initiate the installation of an app based on false, misleading, or fraudulent representation.
- The software must not falsely claim to be a program from another brand (such as Avast, Microsoft, Google, Adobe, etc.).
- Interfering
- Software must not engage with interfering, replacing, uninstalling, or disabling any third-party content, application, browser functionality and/or settings, websites, widget, the operating system or any part thereof without the user's consent.
- Software must not engage in any fraudulent activity.
- Software must not interfere with the browser default search/search pages without the user's consent.
Program functionality
Must have:
- Transparency and attribution
- Ads must include a clear attribution to the providing application.
- Ads must be clearly labeled and identified as ads.
- When injecting data into external content (such as websites or search results), monetization services must be clearly labeled and distinguishable from any platform (such as a website) it appears on.
- Ads must provide a link to an 'Ad Info' webpage with the following prominent notices and information:
- A short explanation about why the ad was displayed.
- Links to the advertiser's full and clear description of the revenue module.
- Links to the product's terms of service and privacy policy.
Prohibited:
- Transparency and attribution
- A program must not fail to clearly indicate when the program is active, and must not attempt to hide or disguise its presence.
- Program behavior
- Software must not include monetization services such as pop-ups, pop-unders, expanding banners, etc.
- Software must not use the end user's device for purposes that are unwarranted and unexpected by the end user.
- Software must not decrease a PC's reliability and/or cause a poor end user experience.
Uninstallation process
Must have:
- Completely remove all components of the software and/or related monetization modules, leaving no remains on the user's PC.
- Function properly in an equivalent manner to the installation process.
- Include a corresponding 'Add/Remove' entry in the Windows Control Panel or equivalent on different platforms, and the user must be able to completely uninstall the software.
- Show the same software name as shown during the installation process and during operation of the app and/or monetization module. Likewise, the same software name must be visible in the Add/Remove section of the Windows Control Panel.
- Provide an easy way to close the software and/or ads attributed to it.
Privacy Policy and EULA
Must have:
- Privacy Policy
- The app and/or monetization service's privacy policy must comply with the applicable privacy and data collection and protection laws, and provide a clear and comprehensive description of the advertiser's data collection practices.
- The Privacy Policy must specify:
- Whether the software uses cookies or other means of collecting user data.
- Whether the software accesses, collects, uses, or discloses users' personally identifiable information (PII).
- What types of user data is accessed, collected, used, or disclosed, as well as what means it uses to do so and what is done with the collected data.
- How a user can opt out of PII collection and stop the app and/or monetization service from collecting PII data about them. Users must be able to achieve this in a straightforward way, and the app and/or monetization service must comply with the users' request immediately.
- EULA
- The app and/or monetization service must comply with the applicable laws and have an EULA that is easy to access during the installation process and from the app's website.
- The vendor and product must comply with the EULA as accepted by the user during installation.
- The app and/or monetization service should be clearly described in the EULA, any changes to the EULA require updated user consent.
Prohibited:
- Privacy Policy
- The app and/or monetization service must not sell or otherwise share with third parties personally identifying information without the user's specific consent in advance.
- The app and/or monetization service must not mislead users about the origin of cookies and/or other means of data collection, or cause a user to falsely believe it is associated with another app.
- All Avast consumer software products
- All supported platforms
Updated on: 02/06/2022