Software Download Policy
This Software Download Policy applies to all software (including, without limitation, desktop applications, desktop executables, browser extensions and mobile applications) distributed by Publisher (and, if distribution is expressly authorized by search provider, Publisher’s Syndication Partners) in connection with the Agreement. Unless otherwise defined herein, all capitalized terms have the meaning given in the Agreement. For the avoidance of doubt, other search provider Policies may also apply to the software governed by this policy.
- User Choice and Control. In addition to compliance with all search provider Policies, search provider also requires adherence to prevalent industry guidelines and best practices. Users must be provided with adequate choice and control both before, during and after installation of downloadable software. Software which does not provide adequate choice and/or control is prohibited.
Choice ensures that users are fully informed about how software may affect their experience on their devices, and that none of the functions of a program or settings on the device are altered without the user’s clear and informed consent. User notice must be clear, informed, unequivocal and not coerced or otherwise obtained through misleading claims, false representations or other fraudulent means. At a minimum, Publisher (and, if applicable, Publisher’s Syndication Partners) must clearly identify the software that is being installed and its source; explain the effects on the user’s browser settings or operating system and its settings; and allow easy uninstall and disablement. In determining whether disclosures to users are acceptable, search provider takes into account the totality of the experience on both the offer and the landing page and/or offer screen from the point of view of an average consumer. Material terms cannot appear only within the End User License Agreement (“EULA”), but must be prominently displayed up front (that is, what an average user can read and understand) and must not be misleading or hidden (for example only under the “Custom Install” option).
Software is not permitted if it limits choice such as using the following practices (list not exhaustive):
- Failure to provide prominent notice about the software’s behavior, its purpose and/or intent.
- Failure to clearly indicate when the software is active.
- Attempting to hide or disguise its presence.
- Installing, reinstalling, or removing software without user permission, interaction, or consent.
- Installing other software without a clear indication of its relationship to the primary software.
- Circumventing user consent dialogs from the browser or operating system.
- Falsely claiming to be software from trusted entities.
Disclosures enable users to exercise choice. All relevant and material information must be clearly and prominently disclosed up front to end users on the landing page, offer screen or store listing (as relevant) before install. This includes, but is not limited to:
- Origin and scope of the download, including if the download originates from a different domain.
- Actions and effects that the software will have on the user’s device and settings, including changes to the search providers, autocomplete, homepages, local file systems and other configurations and user’s settings.
- Alteration of existing software on the user’s device.
- Any variations from the official software.
- Software uninstall information that includes instructions on reverting back settings that the software changes.
Software must obtain user consent before installing and must provide a clear and straightforward way for users to install, uninstall, or disable it. Software is not permitted when it delivers a poor removal experience such as the following practices (list not exhaustive):
- Presenting confusing or misleading prompts or pop-ups while being uninstalled.
- Failing to use standard install/uninstall features, such as Add/Remove Programs.
Offer screens must clearly disclose and identify to users all software included in the offer (including appropriate branding/logo usage).
- The name of the software on the offer screen must match the name of the software as stored on the user device and uninstall dialogs. In other words, users must be able to clearly locate the software on their devices based on the original name presented in the offer screen at installation.
- Add/remove details must be accurate (for example, install date must match the date of the program installation).
- Offer screens may be presented to the user as either opt-in or opt-out.
- Users must be able to decline all secondary offers, individually or in bulk (“Skip All”).
- Accept and Decline options must be of equal prominence.
- Repeat offers are disallowed. As users decline any or all secondary offers, the offer screen must not prompt users to accept/decline the same offer(s) more than once.
- Offer screens must clearly disclose to the users any changes to the settings, existing software and applications. For example, modifications to the search provider, homepage and/or new tab must be clearly disclosed to the user.
Control ensures that users are in full control of the overall experience on their device, including all software applications they download. Users must be in control at all times, including if and when they elect to revert back to previous settings or uninstall or disable any previously installed software. Software is not permitted when it limits control such as the following practices (list not exhaustive):
- Preventing or limiting a user from viewing or modifying browser features or settings.
- Opening browser windows without intent or authorization.
- Redirecting web traffic without giving notice to and getting consent from the user.
- Modifying or manipulating webpage content without a user’s consent.
- Malicious Software. The promotion or distribution of malicious software is prohibited. “Malicious software” is software which performs malicious actions on the user’s device, such as compromising personal and financial information or security protocols. Malicious software may consist of an application or code that compromises user security. Malicious software might steal a user’s personal information, lock a user’s device until they pay a ransom, use a user’s device to send spam, or download other malicious software. In general, malicious software tricks, cheats, or defrauds users, places users in vulnerable states, or performs other malicious activities. Malicious software includes, but is not limited to, all forms of Malware and Potentially Unwanted Software.
search provider utilizes a series of signals and classifications to determine whether software meets the definition of malicious software.
- Malware. “Malware” refers to any software or downloadable program that meets at least one of the following criteria at any time during the preceding 12-month period: (1) a state or federal (or legally equivalent) law enforcement agency has charged such software or program with acting in violation of a criminal law or regulation in the relevant Territory; or (2) at least 2 of the following 4 industry-leading antivirus companies have publicly concluded that such software or program is a “virus,” “ransomware,” “trojan horse,” “rootkit,” “backdoor”, or similar types of malware classification developed by such companies: Kaspersky, McAfee, Sophos, Symantec.
- Potentially Unwanted Software. “Potentially Unwanted Software” refers any software or downloadable program that at least 2 of the following 4 industry-leading antivirus companies have publicly concluded that such software or program is a “potentially unwanted program,” “potentially unwanted software,” or similar classification developed by such companies: Kaspersky, McAfee, Sophos, Symantec.
- Representative Examples of Prohibited Malicious Software.
- Backdoor: A type of Malware that gives malicious hackers remote access to and control of a user’s device.
- Downloader: A type of Malware that downloads other Malware onto a user’s device. It needs to connect to the internet to download files.
- Dropper: A type of Malware that installs other Malware files onto a user’s device. Unlike a downloader, a dropper doesn’t need to connect to the internet to drop malicious files. The dropped files are typically embedded in the dropper itself.
- Exploit: A piece of code that uses software vulnerabilities to gain access to a user’s device and perform other tasks, such as installing Malware.
- Hacktool: A type of tool that can be used to gain unauthorized access to a user’s device.
- Macro virus: A type of Malware that spreads through infected documents, such as Microsoft Word or Excel documents. The virus is run when a user opens an infected document.
- Obfuscator: A type of Malware that hides its code and purpose, making it more difficult for security software to detect or remove.
- Password stealer: A type of Malware that gathers a user’s personal information, such as user names and passwords. It often works along with a keylogger, which collects and sends information about the keys a user presses and websites they visit.
- Ransomware: A type of Malware that encrypts a user’s files or makes other modifications that can prevent a user from using their device. It then displays a ransom note stating they must pay money, complete surveys, or perform other actions before the user can use their device again.
- Rogue security software: Malware that pretends to be security software but doesn’t provide any protection. This type of Malware usually displays alerts about nonexistent threats on a user’s device. It also tries to convince a user to pay for its services.
- Trojan: A type of Malware that attempts to appear harmless. Unlike a virus or a worm, a trojan doesn’t spread by itself. Instead it tries to look legitimate, tricking users into downloading and installing it. Once installed, trojans perform a variety of malicious activities, such as stealing personal information, downloading other Malware, or giving attackers access to a user’s device.
- Trojan clicker: A type of trojan that automatically clicks buttons or similar controls on websites or applications. Attackers can use this trojan to click on online advertisements. These clicks can skew online polls or other tracking systems and can even install applications on a user’s device.
- Worm: A type of Malware that spreads to other devices. Worms can spread through email, instant messaging, file sharing platforms, social networks, network shares, and removable drives. Sophisticated worms take advantage of software vulnerabilities to propagate.
- Disallowed Behaviors.
- Software may not be distributed without search provider’s review and pre-approval (which may be granted or withheld in search provider’s sole discretion) in each instance. In reviewing software, search provider may take into account the user value, functionality, and search experience offered by each item of software.
- Software must not include Malicious Software (including, but not limited to, Malware or Potentially Unwanted Software).
- Software must not create any unexpected behaviors. The software must behave consistently with the declared behavior and functionalities at install.
- Software must not perform activities that are hidden from the user or otherwise attempt to hide its presence or operation on the device, unless for legitimate background processes (which would be disclosed to users at install). For clarity, this does not include activities that would normally be expected to be hidden as part of regular product functionality, such as calculations.
- Software must not be designed to evade, circumvent or impair security checks, anti-Malware, operating system and browser security scans and protection, or spam filters.
- Cloaking behaviors or technology, or any behaviors meant to elude scans or detection, is not allowed. The software must not behave differently in a virtual environment or otherwise attempt to elude browser protection, anti-Malware detection or fraud filtering.
- Downloads must not alter, reconfigure or disable existing software or settings installed on the user’s device without clear disclosure and consent from the user before install.
- Software must not inhibit or otherwise limit the user`s ability to control and change settings on the device.
- Software that automatically dials a phone number, or connects remotely to another device or system without legitimate reasons and/or user consent is not allowed.
- Alerts or other technologies must not attempt to mislead users into believing something is wrong with their device that needs fixing when this is not the case (e.g., scareware), or otherwise misrepresent or make exaggerated claims about system health and performance (for example by claiming that the system performance will improve by removing files that do not positively affect system performance). PC cleaner/optimization software must provide error details to further specify their claims, as opposed to merely stating the presence of a certain number of issues.
- Free downloads must not be made conditional to any forms of consideration, including a sign up or the provision of a cellular phone number (except in the event where sign up/account creation needs to be validated by the user, such as an email account creation validated via text message, or a required app store account creation for example).
- Software must not weaken or attempt to compromise the security and/or protection of the user device or attempt to disclose any of the personal or sensitive information of the end user.
- Software may not replace, add to or remove from a webpage by injecting content, or causing site content not to display, from a source with which the site owner does not have an affiliation.
- Software must not limit the user’s control or programmatic control of the user’s browser default search settings, home page and new tab, either through additional questioning/prompts or other means of prevention when a change to the default search, home page or new tab settings is attempted.
- Unsigned software is not allowed. All software must be digitally signed by its author(s) using a valid certificate issued by a reputable certification authority.
- Unauthorized distribution is not allowed. Publisher (and, if applicable, Publisher’s Syndication Partners) may only distribute software which they are authorized to distribute.
- Free desktop software in particular is subject to heightened controls, which may require actual proof of authorized distribution from the software publisher.
- Software that changes browsing experience must adhere to the browser’s and/or operating system’s respective supported extensibility models and policies. For example, software may not suppress or otherwise circumvent browser consent dialogs.
- Users must be able to abort software installation prior to completion through a standard “close” button. Aborted installations must be complete, in that no traces of the software remain on the device (including discarding of any selections made prior to abort).
- Installation programs may only present one single dialog prompt confirming user intent to abort in clear, straightforward language.
- If a user declines an offer, or cancels the install before the installation process is completed, software may not place any shortcuts on the user’s device to continue the installation at a later time.
- Changes to user’s device and settings, including changes to the search providers, homepages, local file systems and other configurations and user’s settings that are not easily reversible without negative impact are not permitted.
- Uninstall Functionality.
- Undisclosed files that are unnecessary or unrelated to the software being installed must not be installed or delivered.
- Any software download must include an uninstall function in the Programs and Features or Add/Remove Programs control panel, or the browser’s or operating system’s default removal method.
- The uninstall process must not be difficult, confusing or made conditional to payments, subscriptions, other downloads, etc.
- Upon uninstall, a program may only display one single confirmation prompt. The confirmation prompt cannot be misleading or otherwise attempting to persuade the user not to proceed with the uninstall.
- During uninstall, software may not install, uninstall or reinstall other unrelated software on the device without user consent.
- The uninstall process must be complete and permanent for each software download. No traces of the specific uninstalled software can remain on the user’s device.
- Bundling Functionality.
- All software distributed as part of, or offered in connection with, a software bundle must also comply with the terms of search provider’s Software Bundling Policy.
- All software that is included in the download bundle must be clearly disclosed to the user.
- The software or bundles must not be altered from what was disclosed to the end user or after review by search provider (for example, by injecting code into the bundle).
- End users must be allowed to easily decline each individual software within the bundle, either individually or through a “skip all.”
- Installer and bundles must not crash or freeze programs or the device.
- Chained bundlers (bundle within a bundle) are not allowed.
- Legitimate software cannot be bundled with other software that is not allowed by this policy. For example, an otherwise “compliant” software cannot be bundled with spyware.
- Additional Requirements for Advertising Traffic Acquisition.
- Software must be available on the website as advertised in its ad copy.
- The software promoted in ad copy must be present on the landing page.
- If the ad copy promotes “latest version, free” of a download, users must be able to download the latest version of the software from the website at no cost, and without the need to download any additional software (either for payment or free).
- It must be noted in ad copy if access to content or services requires a software download (e.g., toolbars).
- Ad injection advertising platforms and the use of ad injection to drive software downloads and audience acquisition (i.e., using ad injection to directly install software or to route the user to a marketing page that then requires the user to download the software made available there) are prohibited.
- Additional Requirements for Browser Extensions.
- Except as specified below in this policy or as otherwise approved by search provider from time-to-time, all browser extensions must be distributed through an extension store or add-on marketplace approved by search provider from time to time. The current list of search provider-approved extension stores and add-on marketplaces consists of the following:
- Chrome Store for Chrome Extensions.
- Firefox Add-ons for Firefox.
- Safari Extensions in the App Store for Safari Extensions.
- Microsoft Store for Microsoft Edge Extensions.
- Internet Explorer Gallery for Internet Explorer Add-Ons.
Notwithstanding the foregoing, browser extensions for Internet Explorer (commonly referred to as “Internet Explorer Add-Ons”) may be distributed via a software download; provided, however, each such Internet Explorer Add-On must be managed (including, without limitation, its enablement and disablement) via Microsoft’s proprietary “Manage Add-Ons” functionality.
- All browser extensions are prohibited from clearing the HTTP Referrer.
- Additional Requirements for Mobile Applications.
- Except as specified below in this policy, all mobile applications must be distributed through a mobile application store or marketplace approved by search provider from time to time. The current list of search providerapproved mobile application stores and marketplaces consists of the following:
- Apple Inc.’s proprietary mobile application store (commonly referred to as the “Apple App Store” or “iTunes”).
- Google LLC’s proprietary mobile application store (commonly referred to as “Google Play”).
- Microsoft Corporation’s proprietary mobile application store.
Notwithstanding the foregoing, mobile applications for the Android operating system may be distributed via preload from the original equipment manufacturer.
- Publishers must pass, as the ServeURL, the URL of the developer’s website that is most applicable to the mobile application, or, if such website is not available, the URL of the installation page for such mobile application from the search provider-approved mobile application store or marketplace referenced above.
- Except for specified mobile browser applications pre-approved by search provider or mobile applications incorporating search provider’s proprietary software development kit, mobile applications owned or operated by third parties are expressly prohibited from resolving to a Search Results Page hosted by search provider.
Software Bundling Policy
This Software Bundling Policy applies to all software bundles distributed by Publisher (and, if distribution is expressly authorized by search provider, Publisher’s Syndication Partners) in connection with the Agreement. Unless otherwise defined herein, all capitalized terms have the meaning given in the Agreement. For the avoidance of doubt, other search provider Policies may also apply to the software bundles governed by this policy.
- Implementation Requirements.
- All software bundling practices must comply with the most current form of the software guidelines published by the Clean Software Alliance, as well as other guidelines and best practices made available by search provider, each of which may be updated from time-to-time.
- Publisher must maintain full and accurate records of all software bundles (including a list of all distribution points and partners for such software bundles) distributed by, or on behalf of, Publisher (and, if applicable, Publisher’s Syndication Partners) in connection with the Agreement, and must make such records available to search provider upon request.
- Publisher must maintain direct control over all software bundles distributed by, or on behalf of, Publisher (and, if applicable, Publisher’s Syndication Partners) in connection with the Agreement, including the ability to immediately terminate or suspend such software bundles upon search provider’s request.
- All software bundles must be limited to 5 offers or less.
- Offer Screens – Requirements and Restrictions.
- All offer screens for software bundles must clearly disclose to the user all of the software included in the offer.
- All offer screens for software bundles must be presented to the user as either opt-in or opt-out.
- Each offer screen for a software bundle may display no more than 5 offers.
- Offer screens for software bundles must include an option for users to decline all secondary offers, individually or in bulk (e.g., a “Skip All” option).
- All offer screens for software bundles must clearly disclose to the user all changes to the user’s settings, existing software and applications (including, without limitation, any changes to the default search provider or homepage).