Mobile Unwanted Software
At Google, we believe that if we focus on the user, all else will follow. In our Software Principles and the Unwanted Software Policy, we provide general recommendations for software that delivers a great user experience. This policy builds on the Google Unwanted Software Policy by outlining principles for the Android ecosystem and the Google Play Store. Software that violates these principles is potentially harmful to the user experience, and we will take steps to protect users from it.
As mentioned in the Unwanted Software Policy, we’ve found that most unwanted software displays one or more of the same basic characteristics:
- It is deceptive, promising a value proposition that it does not meet.
- It tries to trick users into installing it or it piggybacks on the installation of another program.
- It doesn’t tell the user about all of its principal and significant functions.
- It affects the user’s system in unexpected ways.
- It collects or transmits private information without users’ knowledge.
- It collects or transmits private information without a secure handling (e.g., transmission over HTTPS)
- It is bundled with other software and its presence is not disclosed.
On mobile devices, software is code in the form of an app, binary, framework modification, etc. In order to prevent software that is harmful to the software ecosystem or disruptive to the user experience we will take action on code that violates these principles.
Below, we build on the Unwanted Software Policy to extend its applicability to mobile software. As with that policy, we will continue to refine this Mobile Unwanted Software policy to address new types of abuse.
Transparent behavior and clear disclosures
All code should deliver on promises made to the user. Apps should provide all communicated functionality. Apps should not confuse users.
- Apps should be clear about the functionality and objectives.
- Explicitly and clearly explain to the user what system changes will be made by the app. Allow users to review and approve all significant installation options and changes.
- Software should not misrepresent the state of the user’s device to the user, for example by claiming the system is in a critical security state or infected with viruses.
- Don’t utilize invalid activity designed to increase ad traffic and/or conversions.
- We don’t allow apps that mislead users by impersonating someone else (e.g. another developer, company, entity) or another app. Don’t imply that your app is related to or authorized by someone that it isn’t.
Example violations:
- Ad fraud
- Social Engineering
Protect user data
Be clear and transparent about the access, use, collection, and sharing of personal and sensitive user data. Uses of user data in must adhere to all relevant User Data Policies, where applicable, and take all precautions to protect the data.
- Provide users an opportunity to agree to the collection of their data before you start collecting and sending it from the device, including data about third-party accounts, email, phone number, installed apps, files, location, and any other personal and sensitive data that the user would not expect to be collected.
- Personal and sensitive user data collected should be handled securely, including being transmitted using modern cryptography (for example, over HTTPS).
- Software, including mobile apps, must only transmit personal and sensitive user data to servers as it is related to the functionality of the app.
Example violations:
- Data Collection (cf Spyware)
- Restricted Permissions abuse
Example User Data Policies:
Do not harm the mobile experience
The user experience should be straightforward, easy-to-understand, and based on clear choices made by the user. It should present a clear value proposition to the user and not disrupt the advertised or desired user experience.
- Don’t show ads that are displayed to users in unexpected ways including impairing or interfering with the usability of device functions, or displaying outside the triggering app’s environment without being easily dismissable and adequate consent and attribution.
- Apps should not interfere with other apps or the usability of the device
- Uninstall, where applicable, should be clear.
- Mobile software should not mimic prompts from the device OS or other apps. Do not suppress alerts to the user from other apps or from the operating system, notably those which inform the user of changes to their OS.
Example violations:
- Disruptive ads
- Unauthorized Use or Imitation of System Functionality
For more details about each content violation, review policy requirements on the Play Policy Center, GMS Requirements, and Google Play Protect.