Rules are requirements created to evaluate websites, applications, or services. These requirements were set by AppEsteem Corporation and Virus Activity as a combined effort to establish objectivity when determining whether the advertising, distribution, functionality, monetization or any other activity is unwanted, unacceptable, and dangerous.
Our mission is to ensure that users can browse the Internet and download applications without the fear of being victimized in any way, such as being tricked by misleading statements or paying for services or software that does not provide the intended functionality.
If the activity of the site/app or service does not meet the determined criteria and is found violating Virus Activity project requirements, it is included in the Deceptors list.
If you are the owner of such an entity, you will have to eliminate violations to remove yourself from our database. More information about Deceptors is provided in How to fix my deceptor page.
| 2CR-001 | Does not interrupt user with pop-up ads, deals, surveys, and similar content which is considered dubious (clickbait). |
|---|---|
| 2CR-002 | Does not rely on any deceptive behavior to trick user into installing questionable app. |
| 2CR-003 | Does not attempt to collect, store, or transmit data related to user online activities and personal data. |
| 2CR-004 | Does not hijack browsers, e.g. change the homepage, default search engine, new tab URL. |
| 2CR-005 | Does not limit or deny user's ability to access certain browser settings. |
| 2CR-006 | Does not rely on deceptive techniques to install on the system without user's consent |
| 2CR-007 | Does not engage with deceptive techniques to prevent user from closing the ad, screen, or web browser. |
| 2CR-008 | Does not redirect search queries to bogus sites filled with potentially malicious content. |
| 2CR-009 | Does not use encryption and similar methods to prevent user from accessing personal data. |
| 2CR-010 | Does not rely on fraudulent techniques to convince the user to pay a ransom. |
| 2CR-011 | Does not use hate speech/cruel language to humiliate and offend a specific social group. |
| 2CR-012 | Does not use racist speech to humiliate and offend a specific social group, usually ethnic and religious minority. |
| 2CR-013 | Does not rely on misleading, deceptive, fraudulent or harmful content to attract visitors and gain benefit from them. |
| 2CR-014 | Does not rely on content representing sexual behavior to attract visitors and gain benefit from them. |
| 2CR-015 | Is not included to the database of anti-malware, antivirus or another type of security software |
| 2CR-016 | Does not show false positives to mislead visitors and gain benefit from them |
| 2CR-017 | Does not propagate or endorse misleading information, specifically those that are clear disinformation campaigns or blatantly false facts. |
| 2CR-018 | Does not display ads without undergoing regular, documented audits to prevent promotion of harmful, spammy, or health-compromising products. |
| 2CR-019 | Does not overwhelm the user with excessive floating ads on a single page or within a single user session, detracting from the primary content. |
| 2CR-020 | Does not display floating ads that are non-dismissible within a 3-second window of their appearance. |
| 2CR-021 | Does not avoid engagement with recognized third-party fact-checking organizations or protocols to ensure content accuracy. |
| 2CR-022 | Does not algorithmically promote content or ads that have been flagged as spam or harmful by recognized third-party organizations. |
| 2CR-023 | Does not feature floating ads that redirect users to a different website or app without clear and prior notification. |
| ACR-003 | Consumers are not misled to believe they have an issue, a problem with, something out of date, or something missing from their system. This includes no exaggerated or unsubstantiated claims about system's health. |
| ACR-004 | When showing free scan results with the intent to monetize, results are substantiated and avoid any exaggerated sense of urgency, and app provides free fixes for all free scan results shown when the fix is not anticipated to be permanent or the |
| ACR-005 | Does not impersonate or mimic a system, browser, or component message or prompt. |
| ACR-007 | Has no false claims or implications to be from another vendor or misleading users about their source, owner, purpose, functionality/features. Provides explicit notification to all affected parties and obtains informed user consent when reducing |
| ACR-009 | Has no threatening messaging. |
| ACR-010 | Is not malicious and does not propagate viruses, worms, trojans, Deceptors, or the like. |
| ACR-014 | Is truthful and not misleading or confusing with the intent to deceive; can be substantiated; is not unfair. |
| ACR-016 | Downloads are not launched directly from advertisements. |
| ACR-017 | Certifications, representations, and endorsements are not false, misleading, or fraudulent. |
| ACR-020 | Easily distinguishable from the web site's existing ads and web site content. |
| ACR-024 | Honors the relevant passed-through platform policies and terms of use for advertising, content, and search advertising. |
| ACR-025 | Injects no more than one interstitial ad, one non-interstitial ad, five hyperlink-based ads, and one search box per page. |
| ACR-030 | Consumer can navigate away from interstitials (and interstitial will close), including at a minimum a close button. If the interstitial restricts access to publisher content, then the consumer must be able to use the back button, the address bar |
| ACR-032 | Shown only after the consumer clicks to do something besides exiting the page. If interstitial displays in a different window or tab, shown only after a positive user action. |
| ACR-039 | Everything installed per app, especially other apps, offers, and download managers, has clear indications of the relationship to the app. |
| ACR-042 | No other apps or unrelated components are installed or used before obtaining the consumer's permission through explicit user action. |
| ACR-043 | Nothing is installed that was not disclosed. |
| ACR-046 | Disclosures and options are conspicuous and visible without requiring scrolling or other user actions. The method to enable and disable options is clear and conspicuous. |
| ACR-047 | Does not deceive or mislead consumers to take any action that they previously declined or cancelled. |
| ACR-048 | Does not hide and/or limit the consumer's ability to close, delete, disable, or uninstall the app. |
| ACR-050 | User consent dialogs and features settings from the browser, search, or operating system, and existing security/safety apps, are not circumvented or blocked. |
| ACR-051 | Uses available APIs to change browser settings and behaviors. If no API is available, browser is not extensible. |
| ACR-053 | If more than two offers will made before, during, or after install, all but the final offer has a "skip offers" option. |
| ACR-055 | Accept, cancel, skip, and decline options are obvious and/or explained to the consumer, consistently simple, and consistent across the install and offer experiences. |
| ACR-057 | Provides a clear way for consumers to accept or decline. |
| ACR-059 | Clearly marked as an offer, clearly implies it is optional, and only claims to be recommended when the recommender is explicitly disclosed. |
| ACR-071 | Each offer must be able to be accepted or declined independently. |
| ACR-075 | No apps are installed, and no more apps are offered, when the consumer cancels or declines the carrier, or the carrier install fails. |
| ACR-083 | App updates do not install or uninstall other apps and unrelated components without explicit offers following these requirements. |
| ACR-084 | Does not attempt to hide or disguise its presence or whether it is active. |
| ACR-086 | Does not hide from any affected consumers how it collects, stores, or transmits their user activities, and to whom it provides user data. |
| ACR-089 | Does not automatically or unexpectedly send spam, make calls, or click on ads and links. |
| ACR-097 | App does not attempt to evade security investigation or detection, and does not attempt to hide or cloak the software's behavior. |
| ACR-103 | App has an accessible primary function and a value proposition that can be verified, and that goes beyond launching another app, theme, extension, search, or web page. |
| ACR-104 | Does not change or offer other search providers, or redirect and/or block searches, queries, user-entered URLs, and/or access to other sites unless this functionality is the value proposition of the app, and the app provided the consumer with cl |
| ACR-107 | Obtained proper authorization from the carrier, the offers, the ads, and any third party components included. |
| ACR-109 | Only downloads and/or installs apps that the consumer chose and agreed to install. |
| ACR-110 | Does not hijack existing monetization relationships by cookie stuffing, replacing hyperlinks, replacing ads, or other related techniques. |
| ACR-111 | Has given clear notification and obtained explicit, informed user consent for modifying or manipulating webpage content and redirecting web traffic. |
| ACR-114 | If injecting, provides a standard uninstall method for the app using the same name as shown in the ads it produces. |
| ACR-116 | Can be uninstalled by platform standard features (e.g., operating system's or browsers uninstall and disable features). |
| ACR-117 | Does not engage in any deceptive behaviors to deter uninstallation. |
| ACR-118 | Does not install, retain, or reinstall any apps or executables without user consent during the uninstall process. |
| ACR-119 | Functionally removes all monetization components of the app. |
| ACR-122 | Once app is disabled or deleted, it isn't re-enabled by itself or another app. |
| ACR-124 | Uninstallation doesn't add unnecessary friction for the consumer. Shows no more than one uninstallation confirmation prompt with obvious and clear options presented to the consumer to continue with the uninstallation or keep the product, and no |
| ACR-155 | Ads and offers are not inserted to masquerade as part of existing committed user workflows. |
| ACR-168 | If additional offers may be made to the consumer as a result of one-to-one interactions, this must be clearly and simply disclosed alongside the interaction option. One-to-one interaction options for app purchase and app feature activation must |
