AVG Threat Labs - Mobile application clean guidelines

Personal information

Must have:

• Disclosure agreements must inform the user of what information the app accesses, and how it is used and stored.
• Disclosure agreements must be present in a visible and easily accessible location.
• The user must be informed of the disclosure and agree to it before the app can access personal information.
• Information may only be used for the purpose for which the user has given permission.
• If personal or sensitive information is stored, the app must do so securely.
• Any user data must remain private unless the user has given informed consent to share the data with a third party.
• The app must present its real vendor or authorized publisher. Products must not provide false or misleading information (for example, title, icon, description, or screenshots).
• The app must not divert users or link to any other site that simulates or impersonates another app or service (for example, a phishing landing page).
• The app must not impersonate or resemble any popular third-party or system-provided apps and services.
• The app must not make changes to the user's device outside of the app without the user's informed consent. This includes, but is not limited to, replacing or reordering the default arrangement of apps, widgets, or other settings on the device.
• The app must notify the user prior to applying changes to the device, and the user must be able to reverse the changes easily.
• Apps must not trick, force or mislead users into removing or disabling third-party apps. Apps that may provide any form of paid services must present the terms and conditions of payment and may only use such features if the user accepts the terms and conditions. Such terms and conditions must be presented in a visible and easily accessible location.

Prohibited (Categorized as Malware):

• Any user data must remain private unless the user has given informed consent to share the data with a third party.

Advertising

Prohibited (Categorized as PUP/Malware based on additional information about APK):

• Ads must not simulate or impersonate the visual appearance of any other app's operating system or interface.
• Ads must not modify browser settings or bookmarks, add Home screen shortcuts or add icons to the user's device without the user's informed consent.
• Ads must not display advertisements through system-level notifications on the user's device, unless the notifications derive from an integral feature provided by the installed app (for example, an airline app that notifies users of special deals, or a game that notifies users of in-game promotions).
• It must be clear to the user which app generated the ad.
• Interstitial ads may only be displayed inside the original app.
• Ads must provide a prominent closing option so users can dismiss the ad without penalty or accidental click-through.
• App functionality must not be affected by any user decisions regarding the advertised offers.
• Ads must not interfere with ads from other apps.

Impersonations or Deceptive Behavior

Prohibited (Categorized as Malware):

• Apps must present the real vendor or authorized publisher. Products must not provide false or misleading information (for example, title, icon, description, or screenshots).
• Apps must not divert users or link to any other site that simulates or impersonates another app or service (for example, a phishing landing page).
• Apps must not trick, force, or mislead users into removing or disabling third-party apps. Apps that may provide any form of paid services must present the terms and conditions of payment and may only use such features if the user accepts the terms and conditions. Such terms and conditions must be presented in a visible and easily accessible location.

Root Access

Prohibited (Categorized as Malware):

• Apps providing root access to a device through exploits will be classified as malware. If the app provides complete information about rooting, its security risks, and the method used to grant root access, it will be classified as PUP.

Mining

Prohibited (Categorized as Malware):

• Apps that use scripts to mine crypto-currencies without user consent will be classified as malware. If the app provides complete information on mining, its security risks, and the mining method, it will be classified as PUP.