Mobile Unwanted Software (MUwS)
Stay organized with collections
Save and categorize content based on your preferences.
At Google, we believe that if we focus on the user, all else will follow. In
our Software
Principles and the Unwanted
Software Policy, we provide general recommendations for software that
delivers a great user experience. This policy builds on the Google Unwanted
Software Policy by outlining principles for the Android ecosystem and the Google
Play Store. Software that violates these principles is potentially harmful to
the user experience, and we will take steps to protect users from it.
This information is also available on android.com.
As mentioned in the Unwanted
Software Policy, we've found that most unwanted software displays one or
more of the same basic characteristics:
- It is deceptive, promising a value proposition that it does not meet.
- It tries to trick users into installing it or it piggybacks on the
installation of another program.
- It doesn't tell the user about all of its principal and significant
functions.
- It affects the user's system in unexpected ways.
- It collects or transmits private information without users' knowledge.
- It collects or transmits private information without a secure handling
(for example, transmission over HTTPS).
- It is bundled with other software and its presence is not disclosed.
On mobile devices, software is code in the form of an app, binary, framework
modification. In order to prevent software that is harmful to the software
ecosystem or disruptive to the user experience we will take action on code that
violates these principles.
In this document, we build on the Unwanted Software Policy to extend its applicability
to mobile software. As with that policy, we will continue to refine this Mobile
Unwanted Software policy to address new types of abuse.
Transparent behavior and clear disclosures
All code should deliver on promises made to the user. Apps should
provide all communicated functionality. Apps shouldn't confuse users.
- Apps should be clear about the functionality and objectives.
- Explicitly and clearly explain to the user what system changes will be made
by the app. Allow users to review and approve all significant installation
options and changes.
- Software should't misrepresent the state of the user's device to the user,
for example by claiming the system is in a critical security state or infected
with viruses.
- Don't utilize invalid activity designed to increase ad traffic and/or
conversions.
- We don't allow apps that mislead users by impersonating someone else (for example,
another developer, company, entity) or another app. Don't imply that your app
is related to or authorized by someone that it isn't.
Example violations:
Protect user data and privacy
Be clear and transparent about the access, use, collection, and sharing
of personal and sensitive user data. Uses of user data must adhere to all
relevant User Data Policies, where applicable, and take all precautions to
protect the data.
- Provide users an opportunity to agree to the collection of their data
before you start collecting and sending it from the device, including data about
third-party accounts, email, phone number, installed apps, files, location, and
any other personal and sensitive data that the user wouldn't expect to be
collected.
- Personal and sensitive user data collected should be handled securely,
including being transmitted using modern cryptography (for example, over HTTPS).
- Software, including mobile apps, must only transmit personal and sensitive
user data to servers as it is related to the functionality of the app.
- Don't request or deceive users into turning off device security protections
such as Google Play Protect. For example, you can't offer additional app
features or rewards to users in exchange for turning off Google Play Protect.
Example violations:
- Data Collection (cf Spyware)
- Restricted Permissions abuse
Example User Data Policies:
Do not harm the mobile experience
The user experience should be straightforward, easy-to-understand, and
based on clear choices made by the user. It should present a clear value
proposition to the user and not disrupt the advertised or desired user
experience.
- Don't show ads that are displayed to users in unexpected ways including
impairing or interfering with the usability of device functions, or displaying
outside the triggering app's environment without being easily dismissable and
adequate consent and attribution.
- Apps should not interfere with other apps or the usability of the device.
- Uninstall, where applicable, should be clear.
- Mobile software should not mimic prompts from the device OS or other apps.
Do not suppress alerts to the user from other apps or from the operating system,
notably those which inform the user of changes to their OS.
Example violations:
- Disruptive ads
- Unauthorized Use or Imitation of System Functionality
For more details about each content violation, review policy requirements on
the Play
Policy Center, GMS
requirements, and Google
Play Protect.
Mobile Unwanted Software (MUwS) categories
Data collection and restricted permissions abuse
An app that collects and transmits personal and sensitive user data without
adequate notice or consent. This may include collecting the list of installed
apps, the device phone number, email addresses, location, or other third-party
account IDs, or other personal information.
Social Engineering
An app that pretends to be another app with the intention of deceiving users
into performing actions that the user intended for the original trusted app.
Disruptive ads
An app that shows ads that are displayed to users in unexpected ways
including impairing or interfering with the usability of device
functions, or displaying outside the triggering app’s environment
without adequate consent and attribution.
Unauthorized Use or Imitation of System Functionality
Apps or ads that mimic or interfere with system functionality, such as
notifications or warnings. System level notifications may only be used
for an app's integral features.
Ad fraud
Ad fraud is strictly prohibited. Ad interactions generated for the purpose of
tricking an ad network into believing traffic is from authentic user interest is
ad fraud, which is a form of invalid
traffic. Ad fraud may be the byproduct of developers implementing ads in
disallowed ways, such as showing hidden ads, automatically clicking ads,
altering or modifying information and otherwise leveraging non-human actions
(such as spiders and bots) or human activity designed to produce invalid ad traffic.
Invalid traffic and ad fraud is harmful to advertisers, developers, and users,
and leads to long-term loss of trust in the mobile Ads ecosystem.
Here are some examples of common violations:
- An app that renders ads that are not visible to the user.
- An app that automatically generates clicks on ads without the user's
intention or that produces equivalent network traffic to fraudulently give click
credits.
- An app sending fake installation attribution clicks to get paid for
installations that did not originate from the sender's network.
- An app that pops up ads when the user is not within the app interface.
- False representations of the ad inventory by an app, for example, an app that
communicates to ad networks that it is running on an iOS device when it is in
fact running on an Android device; an app that misrepresents the package name
that is being monetized.
Content and code samples on this page are subject to the licenses described in the Content License. Java and OpenJDK are trademarks or registered trademarks of Oracle and/or its affiliates.
Last updated 2024-10-31 UTC.
[[["Easy to understand","easyToUnderstand","thumb-up"],["Solved my problem","solvedMyProblem","thumb-up"],["Other","otherUp","thumb-up"]],[["Missing the information I need","missingTheInformationINeed","thumb-down"],["Too complicated / too many steps","tooComplicatedTooManySteps","thumb-down"],["Out of date","outOfDate","thumb-down"],["Samples / code issue","samplesCodeIssue","thumb-down"],["Other","otherDown","thumb-down"]],["Last updated 2024-10-31 UTC."],[[["\u003cp\u003eThis policy outlines principles for software on the Android ecosystem and Google Play Store to protect users from harmful or disruptive experiences.\u003c/p\u003e\n"],["\u003cp\u003eGoogle will take action on code that violates these principles, such as software that is deceptive, hides functionality, or collects private information without consent.\u003c/p\u003e\n"],["\u003cp\u003eSoftware must be transparent about its behavior, protect user data and privacy, and not harm the mobile experience by displaying disruptive ads or imitating system functions.\u003c/p\u003e\n"],["\u003cp\u003eMobile Unwanted Software (MUwS) categories include: Data collection and permissions abuse, social engineering, disruptive ads, unauthorized system functionality use, and ad fraud.\u003c/p\u003e\n"],["\u003cp\u003eDevelopers should review the Play Policy Center, GMS requirements, and Google Play Protect for more details on policy violations and requirements.\u003c/p\u003e\n"]]],["Google's mobile software policy extends its Unwanted Software Policy to the Android ecosystem and Google Play Store. The policy aims to protect users from harmful software by outlining principles that prioritize transparency, user data privacy, and a positive mobile experience. Key actions include prohibiting deceptive practices, unauthorized data collection, disruptive ads, ad fraud, and impersonation. Apps must be clear about functionality, system changes, and data usage, and avoid interfering with device usability or mimicking system prompts. Violations are classified, and actions will be taken against offending code.\n"],null,["At Google, we believe that if we focus on the user, all else will follow. In\nour [Software\nPrinciples](https://www.google.com/about/software-principles.html) and the [Unwanted\nSoftware Policy](https://www.google.com/about/unwanted-software-policy.html), we provide general recommendations for software that\ndelivers a great user experience. This policy builds on the Google Unwanted\nSoftware Policy by outlining principles for the Android ecosystem and the Google\nPlay Store. Software that violates these principles is potentially harmful to\nthe user experience, and we will take steps to protect users from it.\nThis information is also available on [android.com](https://www.android.com/mobile-unwanted-software-policy/).\n\nAs mentioned in the [Unwanted\nSoftware Policy](https://www.google.com/about/unwanted-software-policy.html), we've found that most unwanted software displays one or\nmore of the same basic characteristics:\n\n- It is deceptive, promising a value proposition that it does not meet.\n- It tries to trick users into installing it or it piggybacks on the installation of another program.\n- It doesn't tell the user about all of its principal and significant functions.\n- It affects the user's system in unexpected ways.\n- It collects or transmits private information without users' knowledge.\n- It collects or transmits private information without a secure handling (for example, transmission over HTTPS).\n- It is bundled with other software and its presence is not disclosed.\n\nOn mobile devices, software is code in the form of an app, binary, framework\nmodification. In order to prevent software that is harmful to the software\necosystem or disruptive to the user experience we will take action on code that\nviolates these principles.\n\nIn this document, we build on the Unwanted Software Policy to extend its applicability\nto mobile software. As with that policy, we will continue to refine this Mobile\nUnwanted Software policy to address new types of abuse.\n\nTransparent behavior and clear disclosures\n\nAll code should deliver on promises made to the user. Apps should\nprovide all communicated functionality. Apps shouldn't confuse users.\n\n- Apps should be clear about the functionality and objectives.\n- Explicitly and clearly explain to the user what system changes will be made by the app. Allow users to review and approve all significant installation options and changes.\n- Software should't misrepresent the state of the user's device to the user, for example by claiming the system is in a critical security state or infected with viruses.\n- Don't utilize invalid activity designed to increase ad traffic and/or conversions.\n- We don't allow apps that mislead users by impersonating someone else (for example, another developer, company, entity) or another app. Don't imply that your app is related to or authorized by someone that it isn't.\n\nExample violations:\n\n- Ad fraud\n- Impersonation\n\nProtect user data and privacy\n\nBe clear and transparent about the access, use, collection, and sharing\nof personal and sensitive user data. Uses of user data must adhere to all\nrelevant User Data Policies, where applicable, and take all precautions to\nprotect the data.\n\n- Provide users an opportunity to agree to the collection of their data before you start collecting and sending it from the device, including data about third-party accounts, email, phone number, installed apps, files, location, and any other personal and sensitive data that the user wouldn't expect to be collected.\n- Personal and sensitive user data collected should be handled securely, including being transmitted using modern cryptography (for example, over HTTPS).\n- Software, including mobile apps, must only transmit personal and sensitive user data to servers as it is related to the functionality of the app.\n- Don't request or deceive users into turning off device security protections such as Google Play Protect. For example, you can't offer additional app features or rewards to users in exchange for turning off Google Play Protect.\n\nExample violations:\n\n- Data Collection (cf [Spyware](https://developers.google.com/android/play-protect/phacategories#spyware))\n- Restricted Permissions abuse\n\nExample User Data Policies:\n\n- [Google\n Play User Data Policy](https://play.google.com/about/privacy-security-deception/user-data/)\n- [GMS\n Requirements User Data Policy](https://support.google.com/androidpartners_gms/answer/7351400)\n- [Google\n API Service User Data Policy](https://developers.google.com/terms/api-services-user-data-policy)\n\nDo not harm the mobile experience\n\nThe user experience should be straightforward, easy-to-understand, and\nbased on clear choices made by the user. It should present a clear value\nproposition to the user and not disrupt the advertised or desired user\nexperience.\n\n- Don't show ads that are displayed to users in unexpected ways including impairing or interfering with the usability of device functions, or displaying outside the triggering app's environment without being easily dismissable and adequate consent and attribution.\n- Apps should not interfere with other apps or the usability of the device.\n- Uninstall, where applicable, should be clear.\n- Mobile software should not mimic prompts from the device OS or other apps. Do not suppress alerts to the user from other apps or from the operating system, notably those which inform the user of changes to their OS.\n\nExample violations:\n\n- Disruptive ads\n- Unauthorized Use or Imitation of System Functionality\n\nFor more details about each content violation, review policy requirements on\nthe [Play\nPolicy Center](https://play.google.com/about/developer-content-policy/), [GMS\nrequirements](https://docs.partner.android.com/gms/policies/overview/gms-requirements#mba-impersonation), and [Google\nPlay Protect](https://developers.google.com/android/play-protect/phacategories).\n\nMobile Unwanted Software (MUwS) categories\n\nData collection and restricted permissions abuse\n\nAn app that collects and transmits personal and sensitive user data without\nadequate notice or consent. This may include collecting the list of installed\napps, the device phone number, email addresses, location, or other third-party\naccount IDs, or other personal information.\n\nSocial Engineering\n\nAn app that pretends to be another app with the intention of deceiving users\ninto performing actions that the user intended for the original trusted app.\n\nDisruptive ads\n\nAn app that shows ads that are displayed to users in unexpected ways\nincluding impairing or interfering with the usability of device\nfunctions, or displaying outside the triggering app's environment\nwithout adequate consent and attribution.\n\nUnauthorized Use or Imitation of System Functionality\n\nApps or ads that mimic or interfere with system functionality, such as\nnotifications or warnings. System level notifications may only be used\nfor an app's integral features.\n\nAd fraud\n\nAd fraud is strictly prohibited. Ad interactions generated for the purpose of\ntricking an ad network into believing traffic is from authentic user interest is\nad fraud, which is a form of [invalid\ntraffic](https://support.google.com/admob/answer/3342054?ref_topic=2745287). Ad fraud may be the byproduct of developers implementing ads in\ndisallowed ways, such as showing hidden ads, automatically clicking ads,\naltering or modifying information and otherwise leveraging non-human actions\n(such as spiders and bots) or human activity designed to produce invalid ad traffic.\nInvalid traffic and ad fraud is harmful to advertisers, developers, and users,\nand leads to long-term loss of trust in the mobile Ads ecosystem.\n\nHere are some examples of common violations:\n\n- An app that renders ads that are not visible to the user.\n- An app that automatically generates clicks on ads without the user's intention or that produces equivalent network traffic to fraudulently give click credits.\n- An app sending fake installation attribution clicks to get paid for installations that did not originate from the sender's network.\n- An app that pops up ads when the user is not within the app interface.\n- False representations of the ad inventory by an app, for example, an app that communicates to ad networks that it is running on an iOS device when it is in fact running on an Android device; an app that misrepresents the package name that is being monetized."]]