Windows Store Policies
Document version: 6.3
Document date: April 29, 2015
Thank you for your interest in developing apps for Windows and Windows Phone. We’re committed to a relationship with you that supports your ambitions and encourages a diverse catalog of high-quality, engaging apps for customers worldwide. We publish these policies with the dual goals of enabling developers and delighting our customers.
A few principles to get you started:
- Offer real value with your app. Provide a compelling reason to download your app from the Store.
- Don’t mislead our joint customers about what your app can do, who is offering it, etc.
- Don’t attempt to cheat customers, the system or the ecosystem. There is no place in our Store for any kind of fraud, be it ratings and review manipulation, credit card fraud or other fraudulent activity.
Adhering to these policies should help you make choices that enhance your app’s appeal and audience.
Your apps are crucial to the experience of hundreds of millions of customers. We can’t wait to see what you create and are thrilled to help deliver your apps to the world.
If you have feedback on the policies, please let us know by commenting in our forum. We will consider every comment.
Your app and its associated metadata must accurately and clearly reflect the source, functionality, and features of your app.
- The screenshots, app name, developer name, tile, category and app description, and any other related metadata you provide with your app, should make it easy for a user to understand the functions, features, and any important limitations of your app.
- Your app may not use a name or icon similar to that of other apps.
- You should not represent your app to be from a company, government body, or other entity if you do not have permission to make that representation.
- If your app contains content or features restricted to certain languages, markets or geographies or has other important limitations, they should be clearly described.
- Your app must be fully functional and offer customers unique, creative value or utility.
- If your app declares an association with a given file type or extensibility point, it must provide the functionality that a customer would expect, given that association. For example, if your app declares an association with the .jpg file type, the app should be able to open the image for viewing or editing.
Your app must not jeopardize or compromise user security, or the security or functionality of the Windows or Windows Phone device(s), system or related systems and must not have the potential to cause harm to users or any other person.
Apps must always run within the permitted sandbox provided by the system. Thus, the following applies:
- Your app must not invoke code outside the allowed security model. For example, see Security Changes in the .NET Framework 4.
- Your app must not communicate with local desktop applications (on Windows devices) or services via local mechanisms, including via files and registry keys.
- Your app may only depend on Windows Runtime APIs allowed for Store apps and must remain within the boundaries allowed for Store apps (e.g., cannot break out of the AppContainer).
All app logic must reside within the app package. Your app must not attempt to change or extend the packaged content through any form of dynamic inclusion of code that changes how the application behaves with regard to Store Policies. Your app should not, for example, download a remote script and subsequently execute that script in the local context of the app package.
The app must be testable. If it is not possible to test your app for any reason, including, but not limited to, the items below, your app may fail this requirement.
- If your app requires login credentials, provide us with a working demo account using the Notes to Tester field.
- If your app requires access to a server, the server must be functional to verify that it's working correctly.
- If your app allows a user to add a gift card balance, give us a gift card number that can be used in the testing.
Your app must meet Store standards for usability, including, but not limited to, those listed in the subsections below.
The app must run on devices that are compatible with the software, hardware and screen resolution requirements specified by the application.
If an app is downloaded on a device with which it is not compatible, it should detect that at launch and display a message to the customer detailing the requirements.
The app supports graceful shutdown. The app must handle exceptions raised by any of the managed or native system APIs and not close unexpectedly. An app that closes unexpectedly fails certification. The app must continue to run and remain responsive to user input after the exception is handled.
The app must start up promptly and must stay responsive to user input.
Where applicable, pressing the back button should take the user to a previous page/dialog. If the user presses the back button on the first page of the app, then the app terminates (unless it is allowed to run in the background).
The following requirements apply to apps that access personal information. Personal information includes all information or data that identifies or could be used to identify a person, or that is associated with such information or data. Examples of personal information include: name and address, phone number, biometric identifiers, location, contacts, photos, audio & video recordings, documents, SMS, email, or other text communication, screen shots, and in some cases, combined browsing history.
Additionally, apps that receive device location must provide settings that allow the user to enable and disable the app's access to and use of location from the Location Service API. For Windows Phone apps, these settings must be provided in-app.
Your app can publish a customer's personal information to an outside service or another person only after obtaining opt-in consent. Opt-in consent means the customer gives their express permission in the app user interface for the requested activity, after you have:
(a) described to the customer how the information will be accessed, used or shared; and
(b) provided the customer a mechanism in the app user interface through which they can later rescind this permission and opt-out.
If your app publishes a person's personal information to a service or a third party, but the person whose information is being shared is not a customer of your app, you must obtain express written consent to publish that personal information, and you must permit the person whose information is shared to withdraw that consent at any time. If your app provides a customer with access to another person’s personal information, this requirement would also apply.
The capabilities you declare must legitimately relate to the functions of your app, and the use of those declarations must comply with our app capability declarations. You must not circumvent operating system checks for capability usage.
For more information about app capability declarations, see app capability declarations.
You must localize your app for all languages that it supports. The text of your app’s description must be localized in each language that you declare. If your app is localized such that some features are not available in a localized version, you must clearly state or display the limits of localization in the app description. The experience provided by an app must be reasonably similar in all languages that it supports.
If your app includes in-app purchase, billing functionality or captures financial information, the following requirements apply:
- You must use the Microsoft in-app purchase API to sell digital items or services that are consumed or used within your app.
- In-app products sold in your app cannot be converted to any legally valid currency (e.g. USD, Euro, etc.) or any physical goods or services.
- If you created your app on or before June 29, 2015, you may continue using a third-party API for digital items or services until June 29, 2016.
You must use a secure third party purchase API for purchases of physical goods or services, real world gambling or charitable contributions. If your app is used to facilitate or collect charitable contributions or to conduct a promotional sweepstakes or contest, you must do so in compliance with applicable law. You must also state clearly that Microsoft is not the fundraiser or sponsor of the promotion.
The following requirements apply to your use of a secure third party purchase API:
- At the time of the transaction or when you collect any payment or financial information from the customer, your app must identify the commerce transaction provider, authenticate the user, and obtain user confirmation for the transaction.
- The app can offer the user the ability to save this authentication, but the user must have the ability to either require an authentication on every transaction or to turn off in-app transactions.
- If your app collects credit card information or uses a third-party payment processor that collects credit card information, the payment processing must meet the current PCI Data Security Standard (PCI DSS).
If your app collects financial account information, you must submit that app from a Business account type.
You must provide in-app purchase information about the types of in-app purchases offered and the range of prices. You may not mislead customers about the nature of your in-app promotions and offerings.
Your app must respect system settings for notifications and remain functional when they are disabled. This includes the presentation of ads and notifications to the customer, which must also be consistent with the customer’s preferences, whether the notifications are provided by the Microsoft Push Notification Service (MPNS), Windows Push Notification Service (WNS) or any other service. If the customer disables notifications, either on an app-specific or system-wide basis, your app must remain functional.
If your app uses MPNS or WNS to transmit notifications, it must comply with the following requirements:
Because notifications provided through WNS or MPNS are considered app content, they are subject to all Store Policies.
You may not obscure or try to disguise the source of any notification initiated by your app.
You may not include in a notification any information a customer would reasonably consider to be confidential or sensitive.
For all advertising related activities, the following requirements apply:
- The primary purpose of your app should not be to get users to click ads.
- Your app may not do anything that interferes with or diminishes the visibility, value, or quality of any ads it displays.
- Your app must respect advertising ID settings that the user has selected.
If you purchase or create promotional ad campaigns to promote your apps through the “Promote Your App” capability in Dev Center, all ad materials you provide to Microsoft, including any associated landing pages, must comply with Microsoft’s Creative Specifications Policy and Creative Acceptance Policy.
Any advertising content your app displays must adhere to Microsoft’s Creative Acceptance Policy.
If your app displays ads, all content displayed must conform to the advertising requirements of the App Developer Agreement, including the following requirements:
The primary content of your app may not be advertising, and advertising must be clearly distinguishable from other content in your app.
If your app is directed at children under the age of 13, all ad content displayed in your app must be appropriate for that category.
Your app may not sell, link to, or otherwise promote mobile voice plans.
The following policies apply to content and metadata (including publisher name, app name, app icon, app description, and app screenshots and any other app metadata) offered for distribution in the Store. Content means the app name, publisher name, app icon, app description, the images, sounds, videos and text contained in the app, the tiles, notifications, error messages or ads exposed through your app, and anything that’s delivered from a server or that the app connects to. Because Windows and Windows Phone apps and the Store are used around the world, these requirements will be interpreted and applied in the context of regional and cultural norms.
- Apps that contain content that would warrant a rating over PEGI 16 or ESRB MATURE are not allowed, unless the app is a game, is rated by a ratings board that is supported in the Store, and otherwise complies with all Store Policies.
- Metadata and other content you submit to accompany your app may contain only content that would merit a rating of PEGI 12, ESRB EVERYONE 10+, or lower.
All content in your app and associated metadata must be either originally created by the application provider, appropriately licensed from the third-party rights holder, used as permitted by the rights holder, or used as otherwise permitted by law.
Your app must not contain any content that facilitates or glamorizes extreme or gratuitous violence, human rights violations or the creation or illegal use of weapons against a person or animal in the real world.
Your app must not contain any content that is defamatory, libelous, slanderous, or threatening.
Your app must not contain any potentially offensive content or content that advocates discrimination, hatred, or violence based on considerations of race, ethnicity, national origin, language, gender, age, disability, religion, sexual orientation, status as a veteran, or membership in any other social group.
Your app must not contain any content that facilitates or glamorizes excessive or irresponsible use of alcohol or tobacco products, drugs, or weapons.
Your app must not contain or display content that a reasonable person would consider pornographic or sexually explicit.
Your app must not contain content or functionality that encourages, facilitates or glamorizes illegal activity in the real world.
- Your app must not contain excessive or gratuitous profanity.
- Your app must not contain or display content that a reasonable person would consider to be obscene.
Content that is offensive in any country/region to which your app is targeted is not allowed. Content may be considered offensive in certain countries/regions because of local laws or cultural norms. Examples of potentially offensive content in certain countries/regions include the following:
- Prohibited sexual content
- Disputed territory or region references
- Providing or enabling access to content or services that are illegal under applicable local law
- If a rating under any particular rating system is required by law in any country, you must assign a rating to your app. If applicable law also requires documentation, include the rating documentation for that rating system along with your app.
- If your app is optionally rated by a Supported Ratings Board or Ratings Boards for Windows Apps, you must submit a valid rating certificate for the app and include the appropriate content descriptors in your product description.
Your app must have a Windows age rating, and you must submit third-party ratings for your app if you have them
You must assign a Windows Store age rating that most accurately matches your app. The Age rating page contains more detailed descriptions of the content that is suitable for each Windows Store age rating.
If your app provides a user with uncontrolled: (i) access to online social networks, or (ii) sharing of personal information with third parties, including other gamers or online acquaintances, then you must assign it a Windows Store rating of at least 12+. For such activity to be considered "controlled", your app must be governed by controls that require parental permission to use such sharing features, and you must identify those and explain their functionality in the Notes to testers.
We understand that in some cases, apps provide a gateway to retail content, user generated content, or web based content. We classify those apps as either Storefront apps, whose primary function is to aggregate and sell third party media or apps, or Streaming apps, whose primary function is to aggregate and stream web-based images, music, video or other media content. In some cases, it may be acceptable for a Storefront or Streaming app to include some content that might otherwise be prohibited in a single purpose app. If your app is more likely than not to include some user generated content that would otherwise be prohibited under these requirements, you must include a mechanism for users to bring the presence of such content to your attention, and you must provide filtering tools such that users must opt in to receiving access to feeds or content that has a higher likelihood of violating these requirements.
If you submit a Storefront or Streaming app, you should rate your app in accordance with this section. You should also consider the target audience for your Storefront or Streaming app in your rating, based on the content that users of your app may be able to access.
If a rating under any particular rating system is required by law in any country, you must include the rating documentation for that rating system along with your app.
If your app has multiple rating board ratings that each correspond to different Windows Store age ratings, you should assign the Windows Store age rating that corresponds to the older audience. Apps with a rating over ESRB MATURE are generally not allowed.
If your app is a search engine that enables users to search broadly across the Internet, then your app must be rated 12+. Apps that enable search for a distinct content set (such as news only or video only), are not search engines under this definition. The age rating for such apps should be determined by the purpose, function and content of the app.
If your app is a Web browser, enabling broad access to Internet content, then the app must be rated 12+.