Your App and the Microsoft Ecosystem
App security compliance starts in the development stages, which means the entire app ecosystem must be considered from Microsoft’s perspective. Your app connects to an evolving and complex system of devices and related software as well as business system and AV protocols. As apps and their markets diversify and proliferate, the need to form and maintain an agile channel that, in itself promotes commerce through its ease of use, is of paramount concern. Compliance brings about order and uniformity and that creates an environment in which it is easier to spot and eradicate fraud and other criminal behavior.
Your app creates consequences and so it must not jeopardize or compromise user, device, or functional integrity. This includes the need to build in feature safeguards that will not disable or compromise any platform safety, or platform UX features. Safeguards include effective measures to resist unauthorized intrusion by malware or hackers and it shouldn’t enable malware through flaws in the code. Your app must not offer to install secondary software from others especially if it doesn’t enhance your apps functionality. Doing so will get your app flagged immediately.
All legally required and industry standard warnings, notices and disclaimers must be prominently displayed.
Your product can depend upon non-integrated software to deliver primary functionality if:
- The dependency is clearly disclosed right at the top of the description metadata.
- It does not depend upon non-Microsoft provided drivers or non-NT services. If such is the case, you must disclose this in the certification notes in Microsoft Partner Center and apply for an exception.
To ensure compatibility and security of UX, apps that browse the web must use either the Chromium or the Gecko open source engine and be withing two major versions. Known security issues must be immediately patched when announced. Compatibility and continuity of web site experience is the overriding requirement here. This includes private and proprietary components which must also be licensable on reasonable terms to other browser publishers.
Microsoft store policies forbid changing or extending your app’s described functionality through any form of dynamic inclusion of code. Do not generate activity that is not clearly described in your certificate acquisition.
Enabling the mining of crypto-currency on devices are not allowed. What is allowed is the enabling of remote management of the mining of cryptocurrency.
The user must be able to easily and cleanly uninstall and remove your app from their device. Clear uninstall instruction easily accessed is required.
Existing supported methods and user consent are required to change any user’s Windows settings, preferences, settings UI or the modification of the user’s Window experience in any way.
Direct Install Links
Download URL direct links to the app’s installer are permitted if they meet with specific requirements.
Learn More: Microsoft Store Security Guidelines