Rules

Rules are requirements created to evaluate websites, applications, or services. These requirements were set by AppEsteem Corporation and Virus Activity as a combined effort to establish objectivity when determining whether the advertising, distribution, functionality, monetization or any other activity is unwanted, unacceptable, and dangerous.

Our mission is to ensure that users can browse the Internet and download applications without the fear of being victimized in any way, such as being tricked by misleading statements or paying for services or software that does not provide the intended functionality.

If the activity of the site/app or service does not meet the determined criteria and is found violating Virus Activity project requirements, it is included in the Deceptors list.

If you are the owner of such an entity, you will have to eliminate violations to remove yourself from our database. More information about Deceptors is provided in How to fix my deceptor page.

2CR-001 Does not interrupt user with pop-up ads, deals, surveys, and similar content which is considered dubious (clickbait).
2CR-002 Does not rely on any deceptive behavior to trick user into installing questionable app.
2CR-003 Does not attempt to collect, store, or transmit data related to user online activities and personal data.
2CR-004 Does not hijack browsers, e.g. change the homepage, default search engine, new tab URL.
2CR-005 Does not limit or deny user's ability to access certain browser settings.
2CR-006 Does not rely on deceptive techniques to install on the system without user's consent
2CR-007 Does not engage with deceptive techniques to prevent user from closing the ad, screen, or web browser.
2CR-008 Does not redirect search queries to bogus sites filled with potentially malicious content.
2CR-009 Does not use encryption and similar methods to prevent user from accessing personal data.
2CR-010 Does not rely on fraudulent techniques to convince the user to pay a ransom.
2CR-011 Does not use hate speech/cruel language to humiliate and offend a specific social group.
2CR-012 Does not use racist speech to humiliate and offend a specific social group, usually ethnic and religious minority.
2CR-013 Does not rely on misleading, deceptive, fraudulent or harmful content to attract visitors and gain benefit from them.
2CR-014 Does not rely on content representing sexual behavior to attract visitors and gain benefit from them.
2CR-015 Is not included to the database of anti-malware, antivirus or another type of security software
2CR-016 Does not show false positives to mislead visitors and gain benefit from them
2CR-017 Does not propagate or endorse misleading information, specifically those that are clear disinformation campaigns or blatantly false facts.
2CR-018 Does not display ads without undergoing regular, documented audits to prevent promotion of harmful, spammy, or health-compromising products.
2CR-019 Does not overwhelm the user with excessive floating ads on a single page or within a single user session, detracting from the primary content.
2CR-020 Does not display floating ads that are non-dismissible within a 3-second window of their appearance.
2CR-021 Does not avoid engagement with recognized third-party fact-checking organizations or protocols to ensure content accuracy.
2CR-022 Does not algorithmically promote content or ads that have been flagged as spam or harmful by recognized third-party organizations.
2CR-023 Does not feature floating ads that redirect users to a different website or app without clear and prior notification.
ACR-003 Consumers are not misled to believe they have an issue, a problem with, something out of date, or something missing from their system. This includes no exaggerated or unsubstantiated claims about system's health.
ACR-004 When showing free scan results with the intent to monetize, results are substantiated and avoid any exaggerated sense of urgency, and app provides free fixes for all free scan results shown when the fix is not anticipated to be permanent or the
ACR-005 Does not impersonate or mimic a system, browser, or component message or prompt.
ACR-007 Has no false claims or implications to be from another vendor or misleading users about their source, owner, purpose, functionality/features. Provides explicit notification to all affected parties and obtains informed user consent when reducing
ACR-009 Has no threatening messaging.
ACR-010 Is not malicious and does not propagate viruses, worms, trojans, Deceptors, or the like.
ACR-014 Is truthful and not misleading or confusing with the intent to deceive; can be substantiated; is not unfair.
ACR-016 Downloads are not launched directly from advertisements.
ACR-017 Certifications, representations, and endorsements are not false, misleading, or fraudulent.
ACR-020 Easily distinguishable from the web site's existing ads and web site content.
ACR-024 Honors the relevant passed-through platform policies and terms of use for advertising, content, and search advertising.
ACR-025 Injects no more than one interstitial ad, one non-interstitial ad, five hyperlink-based ads, and one search box per page.
ACR-030 Consumer can navigate away from interstitials (and interstitial will close), including at a minimum a close button. If the interstitial restricts access to publisher content, then the consumer must be able to use the back button, the address bar
ACR-032 Shown only after the consumer clicks to do something besides exiting the page. If interstitial displays in a different window or tab, shown only after a positive user action.
ACR-039 Everything installed per app, especially other apps, offers, and download managers, has clear indications of the relationship to the app.
ACR-042 No other apps or unrelated components are installed or used before obtaining the consumer's permission through explicit user action.
ACR-043 Nothing is installed that was not disclosed.
ACR-046 Disclosures and options are conspicuous and visible without requiring scrolling or other user actions. The method to enable and disable options is clear and conspicuous.
ACR-047 Does not deceive or mislead consumers to take any action that they previously declined or cancelled.
ACR-048 Does not hide and/or limit the consumer's ability to close, delete, disable, or uninstall the app.
ACR-050 User consent dialogs and features settings from the browser, search, or operating system, and existing security/safety apps, are not circumvented or blocked.
ACR-051 Uses available APIs to change browser settings and behaviors. If no API is available, browser is not extensible.
ACR-053 If more than two offers will made before, during, or after install, all but the final offer has a "skip offers" option.
ACR-055 Accept, cancel, skip, and decline options are obvious and/or explained to the consumer, consistently simple, and consistent across the install and offer experiences.
ACR-057 Provides a clear way for consumers to accept or decline.
ACR-059 Clearly marked as an offer, clearly implies it is optional, and only claims to be recommended when the recommender is explicitly disclosed.
ACR-071 Each offer must be able to be accepted or declined independently.
ACR-075 No apps are installed, and no more apps are offered, when the consumer cancels or declines the carrier, or the carrier install fails.
ACR-083 App updates do not install or uninstall other apps and unrelated components without explicit offers following these requirements.
ACR-084 Does not attempt to hide or disguise its presence or whether it is active.
ACR-086 Does not hide from any affected consumers how it collects, stores, or transmits their user activities, and to whom it provides user data.
ACR-089 Does not automatically or unexpectedly send spam, make calls, or click on ads and links.
ACR-097 App does not attempt to evade security investigation or detection, and does not attempt to hide or cloak the software's behavior.
ACR-103 App has an accessible primary function and a value proposition that can be verified, and that goes beyond launching another app, theme, extension, search, or web page.
ACR-104 Does not change or offer other search providers, or redirect and/or block searches, queries, user-entered URLs, and/or access to other sites unless this functionality is the value proposition of the app, and the app provided the consumer with cl
ACR-107 Obtained proper authorization from the carrier, the offers, the ads, and any third party components included.
ACR-109 Only downloads and/or installs apps that the consumer chose and agreed to install.
ACR-110 Does not hijack existing monetization relationships by cookie stuffing, replacing hyperlinks, replacing ads, or other related techniques.
ACR-111 Has given clear notification and obtained explicit, informed user consent for modifying or manipulating webpage content and redirecting web traffic.
ACR-114 If injecting, provides a standard uninstall method for the app using the same name as shown in the ads it produces.
ACR-116 Can be uninstalled by platform standard features (e.g., operating system's or browsers uninstall and disable features).
ACR-117 Does not engage in any deceptive behaviors to deter uninstallation.
ACR-118 Does not install, retain, or reinstall any apps or executables without user consent during the uninstall process.
ACR-119 Functionally removes all monetization components of the app.
ACR-122 Once app is disabled or deleted, it isn't re-enabled by itself or another app.
ACR-124 Uninstallation doesn't add unnecessary friction for the consumer. Shows no more than one uninstallation confirmation prompt with obvious and clear options presented to the consumer to continue with the uninstallation or keep the product, and no
ACR-155 Ads and offers are not inserted to masquerade as part of existing committed user workflows.
ACR-168 If additional offers may be made to the consumer as a result of one-to-one interactions, this must be clearly and simply disclosed alongside the interaction option. One-to-one interaction options for app purchase and app feature activation must