App policies for Windows Phone

[ This article is for Windows Phone 8 developers. If you’re developing for Windows 10, see the latest documentation. ]

[ This article is for Windows Phone 8 developers. If you’re developing for Windows 10, see the latest documentation. ]

To protect the Windows Phone Store service and users of the service, and to address mobile operator requirements, Microsoft has established the following policies for apps (including publisher name, app name, app icon, app description, and app screenshots) offered for distribution in the Windows Phone Store. Microsoft reserves the right to update these policies as needed.


Requirement Text


If your app includes in-app purchase, billing functionality or captures financial information, the following requirements apply:


If your app uses the Microsoft in-app purchase API provided by Windows Phone,

  • Your app can sell digital items or services only. The In-App Product sold in your app must be consumed or used in an app that you make available on a Microsoft platform.

  • In-App Products sold in your app cannot be converted to any legally valid currency (e.g. USD, Euro, etc.), or any physical goods or services, except when the app uses in-app purchase to sell a physical representation of digital content created by the user entirely in a Windows Phone, including photos, music, video, text or documents.


If your app includes in-app billing functionality or captures financial account information but does not use the Microsoft in-app purchase API provided by Windows Phone, the following requirements apply for the listed account types:

  • For all accounts,

    • At the time of the transaction or when you collect any payment or financial information from the customer, your app must identify the commerce transaction provider, authenticate the user, and obtain user confirmation for the transaction. The app can offer the user the ability to save this authentication, but the user must have the ability to either require an authentication on every transaction or to turn off in-app transactions. If your app collects credit card information or uses a third-party payment processor that collects credit card information, the payment processing must meet the current PCI Data Security Standard (PCI DSS).

  • For Individual and Student accounts,

    • Your app cannot collect sensitive financial account information or payment within the app.

    • You may accept payment outside the app through a pre-existing billing relationship and you may collect payment and personal account information outside of the app experience through an approved third-party payment processor or via a secure HTTPS website.


You may not use the Microsoft commerce engine to facilitate charitable contributions or sweepstakes. If your app is used to facilitate or collect charitable contributions or to conduct a promotional sweepstakes or contest, you must do so in compliance with applicable law. You must also state clearly that Microsoft is not the fundraiser or sponsor of the promotion.


Your app description must include information about the types of in-app purchases offered and the range of prices.


Your app may not sell, link to, or otherwise promote mobile voice plans.


Your app must not jeopardize or compromise user security, or the security or functionality of the Windows Phone device(s), system or related systems and must not have the potential to cause harm to Windows Phone users or any other person.













Apps that receive the location of a user’s mobile device must provide in-app settings that allow the user to enable and disable your app's access to and use of location from the Location Service API.












The following requirements apply to apps that access personal information. Personal information includes all information or data that could reasonably be used to identify a person. Examples of personal information include: contacts, photos, phone number, audio & video recordings, location, SMS or other text communication, screen shots, unique account identifiers, unique identifiers based on the computer's hardware, and in some cases, combined browsing history.


If your app has the technical ability to transmit data to you or a third party, you must maintain a privacy policy. This can be hosted within or directly linked from the app. The privacy policy must be accessible from your app at any time. App capability declarations that make your app network-capable include: internetClient, internetClientServer, privateNetworkClientServer, and ID_CAP_NETWORKING. Your privacy policy must inform users of the personal information accessed or transmitted by your app and how that information is used, stored, secured and disclosed, and describe the controls that users have over the use and sharing of their information, how they may access their information, and it must comply with applicable laws and regulations.


Your app can publish a customer’s personal information to an outside service or another person only after obtaining opt-in consent. Opt-in consent means the customer gives their express permission in the app user interface for the requested activity, after you have: (a) described to the customer how the information will be accessed, used or shared; and (b) provided the customer a mechanism through which they can later rescind this permission and opt-out.


If your app publishes a person’s personal information to a service or a third party, but the person whose information is being shared is not a customer of your app, you must obtain express written consent to publish that personal information, and you must permit the person whose information is shared to withdraw that consent at any time. If your app provides a customer with access to another person’s personal information, this requirement would also apply.


Your app must respect system settings for notifications and remain functional when they are disabled. This includes the presentation of ads and notifications to the customer, which must also be consistent with the customer’s preferences, whether the notifications are provided by the Microsoft Push Notification Service (MPNS), Windows Push Notification Service (WNS) or any other service. If the customer disables notifications, either on an app-specific or system-wide basis, your app must remain functional.

If your app uses the Microsoft Push Notification Service or the Windows Notification Service to transmit notifications, it must comply with the following requirements:


Notifications provided through WNS or MPNS are considered app content and are subject to all Windows Phone Store app policies, including the certification requirements.


Your app must not use excessive network capacity or WNS/MPNS bandwidth, or otherwise unduly burden a Windows Phone or other Microsoft device or service with notifications.




You may not obscure or try to disguise the source of any notification initiated by your app.


You may not include in a notification any info a customer would reasonably consider to be confidential or sensitive.


Your app and metadata must be fully functional and offer customers unique, creative value or utility in all the languages and markets it supports. For example, your app may not use a name or icon similar to that of other apps.


Your app and its associated metadata must accurately and clearly reflect the source, functionality, capabilities and features of your app. The screenshots, app name, developer name, tile, category and app description you provide with your app should make it easy for a user to understand the functions, features, and any important limitations of your app. If your app contains content or features restricted to certain geographies or has other important limitations, they should be clearly described. You should not represent your app to be from a company, government body, or other entity if you do not have permission to make that representation.




If your app has the capability to use the advertising ID, it may not collect or use it if the user has turned off the feature. If the user has chosen to reset the advertising ID, your app may not use any prior advertising ID values, or associate them with the new value.


The capabilities you declare must legitimately relate to the functions and value proposition of your Windows Phone Store app, and the use of those declarations must be compliant with our app capability declarations. You must not circumvent operating system checks for capability usage.

Learn more about our app capability declarations.


You must localize your app for all languages that it supports. Your app can only support the languages listed in Culture and language support for Windows Phone. The experience provided by an app must be reasonably similar in all languages that it supports.

You must provide a complete description of your app for your customers in each language that you declare in your app's package. The text of your app's description must be localized. If your app is localized such that some features are not available in a localized version, you must clearly state or display the limits of localization in the app description.

© 2015 Microsoft