Google Tackles Spammy Chrome Extensions By Forcing Developers To Enable 2FA
Google has been trying a lot lately to clean up the cesspool that is the Chrome Web Store. Just last year, it created a new “seal of approval” for extensions that respect user privacy and data, introduced new protections against downloading malicious extensions, and prevented them from sharing content. process to increase their performance and even partnered with Apple. , Microsoft and Mozilla to create an alliance that would define a standard of development.
In an email sent to Chrome extension developers (brought to our attention by XDA developers), Google is cracking down further on spam extensions by requiring developers to enable two-step verification or two-factor authentication . With this, it will be much more difficult for hackers or hackers to grab extensions and inject malicious code into them.
“Over the years, we’ve made a number of product and policy enhancements to ensure that users feel secure when installing extensions on the Chrome Web Store. As part of this work, we’ve updated best practices and named unwanted behaviors in key areas such as security and trust. Today we are further clarifying three policies to keep the quality of extensions high and the developer experience consistent.
Google email content
In addition, it no longer allows developers to offer multiple extensions as part of the same extension stream or for one extension to “disrupt” other extensions or applications, as this goes against its policies. deceptive installation and notification abuse tactics. Imagine going to the mechanic to have your oil changed and then being pressured to have everything else done as well – wait, it’s already happening! Google’s policies stop such tactics in their tracks – if you click to install an extension, you get that extension.
Next, the company requires all extensions to clearly and transparently indicate what features will be included during installation so that users fully understand what they are getting when they click the blue “Add to Chrome” button. The promise of what it will do for them is no longer allowed to be buried in a long unrelated text description. Likewise, everything that is promised by this add-on must be respected. If the outcome of a user interaction does not reasonably match what is expected, then that developer could potentially fall into hot water for misleading others.
Finally, if there is an action the user takes that is unrelated to the promised feature or functionality, the developer might have issues as well. Have you ever clicked on something and it opened an ad or something that you absolutely disagree with? I imagine this seeks to avoid a similar problem with extensions, but Google wasn’t specific.
These chances will go into effect on August 2, 2021, and any developers who have not enabled 2FA at that time will not be allowed to download new extensions from the Chrome Web Store and will not be able to update their existing extensions. Additionally, any extensions or developers that violate Google’s new protection policies will be removed completely. Does it renew your faith in the web store and extensions, or are you avoiding them like the plague?
I imagine the company is doing all of this work in an effort to clean things up enough to merge it with the Google Play Store, but I’m just spitting it out. If it can merge the Web Store with the Play Store, people will be less confused when they return home with their Chromebooks, and one day we may have a unified store for everything!