Guidelines

Clean Software Alliance Guidelines

Guiding Principles

These Guidelines are derived from, and are designed to promote and protect, the CSA’s guiding principles of: Clarity, Consent and Control. Offers for software products must be clear to the user; software must not install on, or make changes to a user’s computer without informed consent; and, at all times during and after the software is installed on the user’s computer, the user must remain in control.

These Guidelines apply to all users of all ages and in all geographies, wherever the user happens to be online, and to whatever the user happens to be doing.

These Guidelines are divided into the following topics:

  • Advertising

    the promotion of software must not trick or mislead users.

  • Installation Process

    the installation of software must be done in an upfront manner, witheach material element of the software being installed having been disclosed to the user.

  • Program Functionality

    a product’s actual functionality must comport with the disclosuresin that product’s advertising and installation flow.

  • Uninstallation Process

    all software should be able to be located and uninstalled in a straight forward manner, without undue effort or skill.

     

A. Advertising

In these guidelines, advertising covers any promotion of Software Products presented to the user, and includes, without limitation –

Browser‐based ads: e.g., search helper, textbox helper, hover link (in‐line), banner, panel, slide up, slide down, fold down and interstitials; and

Ads displayed outside of the browser: e.g., pop up, pop under, balloon, slide and toast notifications.

1. Misleading ads

1.1 Advertisements must not use threatening messaging.

1.2 Advertisements must not mislead users to believe they need something that is missing from their computer.

1.3 Advertisements must not mislead users to believe they have an issue or problem with their system (including misleading messaging that they need to update a program on their computer).

1.4 Advertisements must not impersonate a system message or component.

1.5 Advertisements must be distinguishable from the underlying web page and any associated call to action must clearly be attributed to the ad and not the page.

1.6 Advertisements must not falsely or misleadingly use trust marks, company logos or certification marks.

1.7 Advertisements must not falsely claim to be for a program from another vendor or mislead users about their source, owner, purpose, functionality/features (for example, claiming to be a program from Adobe, Microsoft, or Google when they are not).

1.8 Advertisers must only market programs that they are authorized to market.

2. Direct Download/Auto Download and Direct Download

2.1 A Product download may only be invoked by a user click on a Landing Page or Offer Screen.

2.2 A Product download must not be directly invoked from an advertisement.

2.3 A Product download must not be automatically invoked.

3. Landing Page

3.1 A Carrier Product must have a Landing Page that clearly explains what the Product is, including its name, key functionality, main effects on the user’s computer, and whether it is ad supported.

3.2 A Product’s Landing Page must identify the Carrier Product Source and have links to the Product’s EULA, Privacy Policy and uninstallation instructions. A Product’s EULA and Privacy Policy must include up‐to‐date contact information for the Product Source.

B. Installation Process.

1. User consent, control, transparency

1.1 Prior to installation, each Software Product must disclose, either on the Landing Page (in the case of Carrier Products) and/or in the applicable Offer Screen (in the case of all Software Products): (a) the Product’s name, (b) the Product Source, (c) the Product’s key features and functionality, specifically including disclosure of any system or browser settings impacted by the Product and whether the Product is supported by advertisements; and (d) links to the Product’s EULA and Privacy Policy, and assent language signifying the user’s agreement to such EULA and Privacy Policy.

1.2 Any disclosures required by these Guidelines (including those for features and settings changes) must be displayed without the user having to take any other action (i.e., no hiding disclosures behind “Custom” or “Advanced” install options, etc.).

1.3 Opt‐in or opt‐out controls, as well as the means of declining an offer or particular feature or functionality must not be displayed as if inactive or otherwise disabled (e.g. in a grayed‐out state). Landing Pages do not require a means of declining so long as there are no barriers to navigating away from such Landing Page.

1.4 The adequacy of disclosures is determined by considering the totality of the Landing page and/or Offer Screen. Otherwise adequate disclosures may be deemed insufficient when viewed together, for example, if font size, font color, background color or design and/or graphical or other design elements adversely impact the display of the required disclosure(s).

1.5 Each Product must obtain End User consent before downloading and/or installing; an installer may only install Products or services that the End User chooses and agrees to install.

1.6 If a Product collects or transmits Sensitive Information, that fact must be clearly disclosed to the End User in the offer screen and consented to by the End User. The specific types of Sensitive Information being collected or transmitted, as well as an explanation of how the Sensitive Information may be used, must be described in the Product’s Privacy Policy.

1.7 All disclosure and consent clauses should be presented to users in a clear and conspicuous manner that is easy to read and understand, and without the need for the user to click on an “Advanced” or “Custom” option.

1.8 Cancel and decline options must be obvious and/or explained to the user within the Offer Screen. If a user decides to cancel the installation process before the final offer for a Bundled Product has been made and the Carrier Product begins its installation, such cancelation should cancel the install execution of all Software Products within the Software Bundle.

1.9 If an installer’s installation process is cancelled by the user, the installer must not place shortcuts to continue the installation later on the user’s PC.

1.10 Any Product with material functionality embedded from a third party must disclose and describe such functionality in the Product’s EULA and/or Privacy Policy, as applicable.

1.11 A Product must disclose to the user if and how it may affect any other programs or settings on the user’s device either in the Landing Page or Offer Screen, as appropriate depending on Product type, or otherwise in advance of the event impacting the other program(s) or settings.

2. Misleading Behaviors

2.1 The installation of a Product must not be initiated based on false, misleading or fraudulent representation.

2.2 The distributor of a Product must either own or be authorized to distribute such Product. An installer must only distribute Products whose owners/publishers agree to such distribution or whose EULA permits such distribution, and who haven’t requested such distribution to be terminated.

2.3 A Product’s features and functionalities must match the description presented on the Landing Page and/or offer screen.

2.4 The language used during installation must not be confusing to the user (for example, double negative questions to confuse opt‐out with opt‐in).

2.5 A Product and its installer must not act differently in the presence of anti‐malware software or anti‐malware environments or virtual machine environments for the purpose of evading investigation or detection. The modification of Product or installer behaviors for the purpose of avoiding investigation or detection by other companies, browsers or platforms is expressly forbidden.

2.6 Software must be installed in a location where the user can expect to find software installations in a manner which clearly identifies the Product, Product Source (e.g. %PROGRAMFILES%\<Vendor or Product Name Folder>\), as well as the actual install date.

2.7 Existing program shortcuts cannot be altered or replaced by other programs and/or installers.

3. Signing Software

3.1 Each Installer, Product, and Product Update must be signed by its respective Product Source.

3.2 Each signature must clearly and transparently identify the entity that signed the component. The entity name must be disclosed to CSA.

4. Bundling software

4.1 General

4.1.1 All disclosure requirements in these Guidelines apply equally to Carrier Products and Bundled Products.

4.1.2 All Products within a Software Bundle must be disclosed on an offer screen, such disclosure conspicuous to the user before acceptance without requiring excessive scrolling or the need to access “custom” or “advance” install options

4.1.3 Each Product within a Software Bundle must be accepted independently.

4.1.4 No Product may be installed that has not been disclosed on an Offer Screen in accordance with these Guidelines.

4.1.5 The same Bundled Product may not be offered more than once in the same bundle.

4.2 Offer Screens. In addition to the requirements set forth in Section B.1.1:

4.2.1 Each Offer Screen should provide users with a clear way to accept or decline the offer.

4.2.2 The presentation of the accept and decline options within an Offer Screen shall be of equal prominence.

4.2.3 An Offer Screen must have the brand of the Product offered in the screen; any display of the Carrier Product’s logo/brand or any other third party brand or logo on the Offer Screen for a Bundled Product must not mislead the user as to the Product actually being offered.

4.2.4 If the bundle has more than one Bundled Product, then there must be a ‘skip all’ option on all Bundled Product offer screens, excepting only the final offer screen.

4.2.5 Each Bundled Product should be clearly marked as optional and/or promoted content. For example:

  • Promotional offer
  • Optional offer
  • Advertisement
  • Promoted content

4.2.6 The name of the Product shown in the Offer Screen during the installation must be identical to the product name in the OS and browser libraries and removal dialogs, as applicable.

4.2.7 When the user cancels or declines to install the Carrier Product, the installer should end without offering any Bundled Product(s).

C. General Program Functionality.

1. Product Behavior

1.1 Products must not hide and/or limit the user’s ability to close, delete, disable or uninstall the program.

1.2 Products must not install, reinstall, uninstall or remove third party software without the user’s consent, except in the case of a bona fide anti‐virus/security Product acting in a security/user protection capacity or where such behavior is integral to the functionality of the Product (for example, in the case of utilities such as driver/product updaters).

1.3 Products must not hide or disable other programs without the user consent.

1.4 Products must not modify third party programs without the user’s consent.

1.5 Products must not modify system or browser settings without clear disclosure and the user’s consent.

1.6 A Product must not attempt to hide or disguise its presence or operation; except for legitimate background processes, a Product must not fail to clearly indicate when the program is active.

1.7 Products must meet user expectations that the actions it takes towards a system maintenance or optimization towards system performance are actually beneficial.

1.8 A Product’s actual functionalities must comport with the disclosures and description provided in the Landing Page and Offer Screen.

1.9 Products must include a copy of or link to the applicable EULA and Privacy Policy; the EULA must include the name of the Product and the identity of, and contact information for, the Product Source.

2. Misleading Behaviors

2.1 Products must not falsely claim to be a program from another vendor, must not mislead users about their source, owner, purpose, functionality/features (for example, claiming to be a program from Adobe, Microsoft, or Google when they are not).

2.2 Products must not alter or replace existing shortcuts.

2.3 Products may not use misleading branding (icons, names, etc.) to confuse users (for example, a Chromium browser must use a distinctly different icon from Chrome and may not call itself Chrome).

2.4 Products must not display misleading or exaggerated claims about the system’s health, such as make misleading or inaccurate claims about files, registry entries, the danger of leaving an identified issue as‐is, or other items on the system.

2.5 Products must not deceive or mislead users to take any action that the user has previously declined.

3. Prohibited Products

3.1 Products must not be malicious or contain viruses, worms, trojans or the like.

3.2 Products must not be designed for the purpose of engaging in activity that violates any applicable law.

4. Update

4.1 A Product’s updater can only update the original Product and may not install or uninstall other products or other unrelated components as part of the update without an explicit offer affording proper disclosure and user consent.

4.2 A Product’s updater must not materially change the Product’s functionality from what was described during the original installation without proper disclosure and user consent. For the avoidance of doubt, the addition or removal of a key feature or functionality (i.e., a feature or functionality disclosed in the offer screen for the Product), or the change to any system or browser setting shall constitute a material change.

5. Security Compliant Behavior

5.1 Products must neither act maliciously, nor take measures to avoid and/or evade anti malware detection or analysis.

5.2 Products will not engage with interfering, hiding, uninstalling or disabling any third party content, application, browser functionality and/or settings, websites, widgets, the operating system or any part thereof without user consent.

5.3 Except in connection with bona fide security or parental control Products used for their intended purposes, products will not subvert security settings or protocols (e.g. SSL) for any purpose.

6. Browsers; Operating Systems

This section describes changes made to browsers or operating systems.

6.1 Products must not change browser or system settings without explicit user consent. For example:

  • Browser homepage, start page or new tab page.
  • Default search provider.
  • Default program settings (e.g., default browser, default media player).

6.2 When changing a setting or behavior in a Member Product browser, if there are available APIs or other methodologies documented by the Product Source of such browser to effectuate such change, a Product must utilize that API or methodology.6.3 Products should not limit the user’s ability to view or modify system settings, browser settings or extensions either directly or by another product to which the user gave consent to change browser setting.

6.4 Once disabled, programmatic re‐enablement of any program by a Product is prohibited without disclosure and user consent.

6.5 Products must not redirect and/or block searches, queries, user‐entered URLs, and/or access to other sites without providing the user with clear notification and attribution.

7. Program generated advertising

This section applies to advertisements that are presented on a user’s machine that would not otherwise be there but for the existence of a Product. All such advertisements are the responsibility of that Product.

7.1 Advertisements. All promotions must adhere to the following rules:

7.1.1 Any ads served by a Product must be identifiable as coming from that Product. The name of the Product installed on the user’s machine that caused the advertisement to be displayed must be attributed to the ad and such attribution must link to the Product’s EULA or official website, and uninstall instructions.

7.1.2 The attributed name from the advertisement must match install and uninstall Product name.

7.1.3 The user must be able to close the advertisement by obvious means via user interaction.

7.2 Ad type specifics. This section talks about some of the specific criteria for the different types of advertising.

7.2.1 Interstitials

7.2.1.1 The attribution must be clear and recognizable at the top of the browser screen.

7.2.1.2 The attribution must state that the page being visited is an advertisement and attribute the Product that created/displayed it.

7.2.1.3 The interstitial must also contain the ability to continue on to the customer’s intended page.

7.2.1.4 When the customer moves on to the intended page the advertisement must close.

7.2.1.5 Interstitials must not require the user to wait until they can proceed to their intended page.

7.2.1.6 Sequential interstitials are prohibited (i.e., an interstitial cannot follow another interstitial).

7.2.1.7 Users must be able to navigate away from interstitials, including at a minimum by using the back button and by using the address bar.

7.2.1.8 Interstitials can only be triggered after a user click.

7.2.1.9 Interstitials cannot be shown in the original page.

7.2.2 Hyperlinks

7.2.2.1 A Product must not redirect existing hyperlinks.

7.2.2.2 If a Product introduces new or modified hyperlinks, they should be identified differently than normal hyperlinks.

7.3 User Opt‐Out. With respect to Products that inject into, or otherwise display advertising in or on top of third party properties, the Product Source or author of such a Product must provide users a means to either turn off, opt‐out from having specific types of advertisements so injected or otherwise displayed, or remove the Product entirely.

D. Uninstall.

1. Uninstallation method

1.1 A Product must be uninstallable either via the operating system’s standard install/uninstall features (such as Add/Remove Programs) and/or through a browser’s extensions/add‐on library. All Product entry data in the OS or browser add/remove programs settings must be accurate and complete. This includes, without limitation, Product name, Product Source and installation date.

1.2 A Product may only show a single uninstallation confirmation prompt. Such confirmation prompt must not be misleading (including suggesting that the uninstallation is complete when it is not), nor may it leverage scare tactics to dissuade the user from uninstalling the product, nor may it introduce unnecessary friction. The options presented to the user to continue with the uninstallation or keep the product must be obvious and clear. The Product’s owner may include an advertisement for a single substitute product in the confirmation prompt. Such advertisement must not interfere with the uninstallation of the original Product, and may not trigger the install of the substitute product.

1.3 Products must offer the ability to be completely removed, not just disabled.

1.4 When operating, a Product must not limit or hide user controls thereby making it difficult for users to close, delete or uninstall the Product.

1.5 A Product’s name must be disclosed by its Product Source to CSA, and be consistent across all points of user interaction so that the user can clearly identify the app they may want to uninstall. This includes, without limitation:

  • The Product Offer Screen or Landing Page;
  • The Product name displayed during the operation of the product.
  • The Product name in the operating system’s add/remove control panel and/or browser extension library, as applicable.
  • The Product name displayed in the “Ads by” or similar attribution.
  • The code signing CN value.

1.6 Products must not install, reinstall, uninstall or remove any software without the user’s consent during the uninstall process.

2. Complete uninstallation

2.1 A Product’s uninstaller must functionally remove all components of the Product so that no active or executable components remain.

2.2 A Product’s uninstaller must either roll back any system or setting changes to the state of the user’s system prior to the installation or provide the user with instructions how to do so manually.

2.3 The uninstallation of a Product must not be made conditional on payment of a fee or the download of other products.

Glossary

“Bundled Product” means a distinct, supplemental Product or service that is offered during the download or installation of a Carrier Product.

“Carrier Product” means the primary, or marketed Product or service. (Contrast with Bundled Product which is always bundled with a Carrier Product.)

“End User” means an individual user who installs and/or uses any Software Product.

“EULA” means the end user license agreement governing an End User’s use of a Product.

“Landing Page” means the web page wherein a Carrier Product’s key features and functionalities are disclosed and from where an End User can initiate the download and installation of said Carrier Product.

“Member Product” means a Product whose Product Source is a member in good standing of the CSA.

“Offer Screen(s)” means any screen(s) displayed to the End User during the installation process of a Product on which details of the specific Product or an offer for a Bundled Product is presented.

“Privacy Policy” means the privacy policy applicable to the relevant Software Product.

“Product” means an application, plug‐in, helper, component, reset technology or other executable code, including, without limitation, desktop/client applications, cloud‐based applications, browser extensions and javascript. For purposes of these Guidelines, a Product may include a single item, or a combination/suite of contextually‐ or functionally‐related items from a single Product Source.

“Product Source” means, with respect to any specific Product, the owner, the sponsor, or in the case of open source, the distributor. Typically the Product Source is the entity or individual(s) responsible for actively placing the Product into the relevant channel of distribution. A Product Source must always be identified by a validly registered company name or a live, human individual’s name.

“Sensitive Information” means personally identifiable information, which if lost, compromised, or disclosed without authorization, could result in substantial harm, embarrassment, inconvenience, or unfairness to an individual, and specifically includes: governmental identifiers (e.g., social security number, alien registration number, passport number); biometric identifiers; health records; banking or similar information; log‐in credentials; or a comprehensive browsing or keystroke history for a particular individual.

“Software Bundle” means an installation flow comprising a Carrier Product and one or more Bundled Products.

“Software Products” means Carrier Products and Bundled Products.

“TOS” or “Terms of Service” means the terms governing an End User’s use of a particular website.