This post gives some prescriptive guidance to our policy updates, and explains our Deceptor listing policy, for affiliates, download sites, and the affiliated apps.
If your affiliate site offers downloaded apps:
- Only do direct downloads from offers. The difference between an offer and an ad? An offer says it's an offer, and it has links to the app's (not your site's) EULA and Privacy Policy. An offer has a value proposition, and makes it clear that it's optional. Ads must redirect the consumer to a landing page (which is an offer).
- Make it clear that you are an affiliate of the app you are promoting, and not the maker of the app.
If your affiliate site provides removal instructions for malware, spyware, adware, Deceptors, or other "threats", and also offers an app:
- Do not claim that the app will remove the threat, unless you back up that claim with evidence.
- Get specific in your descriptions of the threat. Screen shots from the threat, actions the threat takes on the consumer machine, references to landing pages and makers, are all great ways to get specific. Making only generic or only "maybe" statements that can be found on many pages are not good ways to be specific.
If your site is a download site:
- Make sure you have permission to store/download the apps. If you don't have permission, point the consumer to app's landing page.
- If you are going to install a download manager and not the app, be clear about this, and don't mislead the consumer into thinking they are getting just the app's official installer.
- Make sure the ads you display don't masquerade as your "download" button. Use ad policies and ad network settings to control the content (for example, AdSense policies can block sensitive ads), and monitor your site to keep it compliant. If you cannot control the ad content, do not place the ads close to your download buttons.
Our policy for Deceptor listing:
- If an affiliate or download site comes to us with questions and we find violations, and if they commit to work in good faith with us, we'll generally give them two weeks to make their changes.
- When we hunt and find a violating affiliate or download site, we will generally list the site as an active Deceptor. The site owner can work with us to clear it (see below).
- If the affiliate app or download manager has directed their affiliate network to require our approval, we will work with the affiliate network.
- If the affiliated app or download manager is working with us to get certified, we will warn them.
- If neither of the cases apply, we will list the affiliated app or download manager as an active Deceptor, following our supply chain accountability policy.
You can find all our requirements, more prescriptive guidance, and some examples of good and violating behavior at our checklist page.
Your affiliate network or affiliated app may require our approval before you're authorized to offer some apps. Just let us know, and we're happy to give you feedback. Please note, though, that we expect that you'll work in good faith with us to fix all your sites.
If we have called out your site or affiliated app/download manager as an active Deceptor, we'll work with you, for free, to answer your questions, and to re-evaluate it and hopefully get it off our active Deceptor list. Just read our faq, then email us at [email protected] when you're ready.
It's been three years since we started this company and its proposition to help software monetizers thrive by building a self-regulation system.
It's been quite the journey. We spent the first year working through our requirements and building trust with both the security companies and the monetizers. We spent the second year operationalizing our workflow, introducing our Deceptor list, scaling out our business.
This third year has been a solidifying year for AppEsteem. We experimented with new ways to encourage companies to work with us, and we came up with new and improved value propositions. We moved our non-profit alignment from CSA to CleanApps.org. We started certifying anti-malware products and designating them as Deceptor Fighters. We ran several campaigns to help drive needed change, including one that prevents system utilities from abusing free scans results, and another that cleans up badly-behaving affiliates. And we certified three more call centers.
We're very proud of the positive impact we've made for consumers. We know they're in a much better place as they download apps for their PCs. The hundreds of apps we've certified, and the hundreds of apps that have successfully cleaned up after being called out as Deceptors, have helped transform the software monetization world into a kinder and gentler place.
But we're not done. We still see consumer abuse in call centers, download sites, and through rogue affiliates. Sometimes our customers don't act in good faith. And while Windows downloads are now much cleaner, MacOS has gotten noticeably worse, browser extensions and Android apps need more help, and we haven't figured out how to keep Apple and Google paying attention. We need to work on all these problems in our fourth year.
And there's more we're working on. We will soon release Blur, our browser extension that will help consumers "look ahead" and be warned if an ad or a search result will take them to an unsafe site. And we're tinkering with a Most Valuable App program that goes beyond measuring compliance and starts to look at an app's value to consumers.
All of the progress we've made only works because of three things: software monetizers who are committed to building consumer-respecting apps, security partners dedicated to rewarding them while still punishing the unwanted, deceptive vendors, and dedicated employees and partners who work like crazy to make it all happen. Thank you so much for your support!
Since last October, we've been calling out affiliate websites as Deceptors when we observed them making unsubstantiated claims, or when they auto-downloaded apps without presenting the consumer a valid offer.
This has led to good changes on many affiliate sites. Consumers don't have to read untrue statements, and they now get a chance to accept an app before it shows up on their machine.
But although these changes have been helpful, we still observe the following unwanted behaviors on affiliate sites:
- Vague and non-specific claims that have the intent to deceive consumers. An example of these kinds of generic claims are found on "how to remove" affiliate sites that offer malware and spyware removal tools. We think that sites making generic claims know they are scaring consumers into downloading the offered apps.
- Download sites that purposely allow confusing "start" and "download" ads and offers to surround the actual download button. We think these ads and offers are masquerading as the button the consumer wants to click, and the download site knows they are tricking the consumer into getting an unwanted download.
- Download sites that offer an app, but when the consumer accepts the offer, they get a "download manager" that first makes more offers to them. We think the consumer must only get the app that they accepted; if the download site wants the consumer to run their download manager, they must offer it to the consumer, and the consumer must accept that offer, before it's downloaded.
When we find a deceptive affiliate or download site, we'll consider both the site and the affiliated apps as Deceptors. We spent the past two months aligning this policy change with our security partners, and we're looking forward to implementing them later this month.