Unwanted Software Policy: How to Fix it?

PPC advertising is one of the most profitable digital strategies around. However, there are some rules to the game. Because online ads reach so many people, they’ve become attractive targets for hackers and cybercriminals of all kinds. Ads can act as vectors to spread viruses quickly.

Google Ads need to be relevant and trustworthy. For this reason, ad checkers have become more strict. If Google notices one of your ads violating their unwanted software policy, your ad will be suspended until you correct the error.

Ideally, you can understand how to prevent this error in the future. And if you find yourself with a suspended ad, it’s also useful to know what they are and how to deal with it.

In this article, we’ll explore the unwanted software policy from Google Ads, and show you how to stay on the right side of the law, so your PPC campaign isn’t penalized.

What is Malicious Content or Software?

With their unwanted software policy, Google defines malicious content or malware as follows:

“Malware is any software or mobile application specifically designed to harm a computer, a mobile device, the software it’s running, or its users. Malware exhibits malicious behavior that can include installing software without user consent and installing harmful viruses. Webmasters sometimes don’t realize that their downloadable files are considered malware so that these binaries might be hosted inadvertently.”

Your landing page likely contains no malware. However, the process for malware detection is automated. It aggregates data from various sources in an attempt to detect malicious content. Factors include geographic areas, content, and web technologies in use.

It is in Google’s best interest to keep malware out of their ecosystem of Google Ads. Thus, they sometimes err on the side of caution. You need to contact support if this happens and prove that your ad did not violate their policy. Then, you can submit for approval again.

The requirements extend to your ads and any additional software your site or app uses or links directly to within the content.  Under its unwanted software policy.

Google does not allow malicious software to gain unauthorized access to a device or network.

Examples:

• Trojan Horses – These often freeze up the user’s device or steal information in the background.
• Viruses – Viruses can come in many forms, but often hijack an aspect of the user’s device.
• Spyware – This type of software spies on users. Then, it reports the data that it collects back to the criminal or hacker. The spyware can watch browsers, native apps, and more. Google Ads uses advanced techniques to enforce their unwanted software policy and detect spyware whenever possible.
• Keyloggers – This is one of the most dangerous types of software, so it’s no wonder Google wants to prevent its users from running into it. A key logger records all keystrokes or keypad entries on a device. This includes laptops, cell phones, and tablets. This means that hackers could have access to private banking and other information even if they didn’t see your screen.

Ads or Destinations that Violate Google’s Unwanted Software Policy

There are various reasons you could trigger their algorithm to get your ads suspended:

• Not being transparent about the full implications of installing the software you need to let users know what they’re in for. If your software includes certain permissions or functionalities, they must be mentioned and made clear to the end-user. Otherwise, your account or ad may be suspended.
• Not including a Terms of Service or End User License Agreement – Your users and visitors expect transparency. Proper terms of the service agreement will lay out the framework for refunds, payments, and more. On the other hand, with an app, the license agreement dictates how they may use or not use your software. So, it benefits both the advertiser and consumer to include these documents.
• Bundling software without the user’s knowledge – Some hackers will attempt to add additional software to the download from a landing page. This is a malicious practice that Google takes very seriously. Make sure that you are only installing the software on your user’s device that they specifically requested.
• Making system changes without consent – For some apps, it is useful or even necessary to make system changes. However, some advertisers neglect to get permission first. This is not tolerated in Google Ads. You need to express consent to make changes to the user’s system.
• Making the software difficult to uninstall – A trick that unethical companies use is making their software hard to uninstall. There might be complex menus, or it might not even be possible without a third-party tool. To protect users, Google must ensure that your landing page or app does not lead to a download that causes difficulty in that regard.

Furthermore, here are some considerations that might keep your ad from running:

• The website only has ads – If your only intention is to drive visitors to your landing page to display ads to them, Google might suspend your site and your ads. Ensure you have a moderate number of ads to make it clear that you are offering a real product or service directly on your site.
• Outgoing URL- Your URL pointing to your landing page is HTTP where as your actual URL is HTTPS
• Malicious code, programs or custom scripts– If Google detects malware, they will suspend your ads right away. Be sure to set up your site and any software securely to avoid the potential for malware. Custom scripts added to the landing page are referencing external content deemed malicious by Google.
• Image hosting – If you are hosting images on a platform not approved by Google Ads. This is something that many advertisers run into when they try to speed up their cache or image delivery with third-party content delivery networks (CDNs). Be sure to check your image hosts against Google’s allowed platforms before trying to take your ads live.
• Landing Page Redirects – Users should remain on the landing page unless they choose to click away. Some people try to include JavaScript and other code on their landing page that eventually has a timer to redirect to another URL. This is a common technique for hackers and dishonest businesses.
• Automatic Downloads – If your landing page triggers automatic downloads, you’ll need to change your settings to enable downloads with a clearly labeled button. Again, think about it from the user’s perspective. If the ads they click on when searching Google take them to weird automatic downloads, why would they keep using the platform?
• You Collect Sensitive Information – Banking details and other information must be exchanged with secure portals. People are more sensitive than ever today about their personal data.
• Ads That Misrepresent Content – If your page has content for the sake of appearing legitimate while secretly installing software, this misrepresentation will cause your account to get suspended. Due to behind-the-scenes web technologies like JavaScript, it is possible to install something on a person’s device without them knowing. That’s why Google’s unwanted software policy strictly prohibits this practice.
• Flagged Images – Images with embedded code could host malware, often triggering the algorithm. Try to clean your images of embedded code to keep things simple.
• Not Enough Information – Simply having the word “Download” or “Play” without identifying the software does not provide enough information. You need to tell the visitor the name of your software or service as well on the same page.
• Deceptive Play Button – A play button that leads to a download is another version of the malware. It’s something the user doesn’t expect, want, or need. Not only could your ad be suspended, but potentially your entire account after such an incident.

How to Troubleshoot for Malicious Code

• Check Your Files and Databases – Use a scanning tool that can help you identify critical changes. If there were recent changes before your ads were disapproved, you can work quickly to resolve the issue.
• Check the Google Console – Look for indications that your website has been blacklisted. As a PPC specialist, you should become familiar with Google Search Console. This platform provides alerts to help you stay on top of potential ad violations, and it also offers valuable data insights that you can analyze and learn from to improve your site.
• Plugins – If you use WordPress, then some plugins help you analyze your site for malicious content. This is much faster than manually poring over code for hours.
• Hosting Provider – Some hosting providers will scan your website, so you don’t have to deal with the technical aspects. So if you don’t use WordPress, consider asking your hosting company what they can offer.
• Support – Contact support to receive custom feedback about your suspension. This is perhaps the best option once all of the other remedies have been exhausted. You can speak with a real person and troubleshoot what the issue may be.

Additional Tips for Dealing with the Unwanted Software Policy

The first step to take is to back up your files. Make sure that your database is safely stored in another location so that you can go back to the original files if necessary.

Then contact the Google Ads support team and request the links with malicious code. From here, you can remove the code and then update your database. You might need to update plugins and other software again after reverting your database to a former state.

Ask your web developer to manually scan all files for encrypted code before asking for another review. Wait 12 hours and scan the website again. After this, you can ask for yet another review.

Troubleshooting Tips

• Check the Google Search Console to see if it reports any problems. If so, consult with your webmaster to resolve the issue.
• Use Help for Hacked Websites to help you fix your website and remove malicious code.
• Edit your ad and resubmit it for review. This can sometimes take one business day or longer, depending on the review.
• Use a firewall to protect you from future attacks and remove current malicious software.
• Once you remove the malware to bring your account in line with the unwanted software policy regulations, you should be able to approve your ads automatically.

Wrap Up

With the right goals and analytics, you can craft an excellent campaign. Your software or product can achieve high levels of conversions to help you grow your business. But there are some challenges along the way.

Even the best ad campaign is useless if it’s suspended. If you have violated the unwanted software policy, according to Google, you might have some work ahead of you. Still, it is worth it to fix your ad, website, and any aspects that could keep your ads in the dark.

Use the guide above as a checklist to review if you run into trouble. It could save you hours or days. That way, you can get back to generate results for your brand or your client.