Google has been trying very much to clean up the cesspool that is the Chrome Web Store as of late. In just the past year alone, it’s created a new ‘seal of approval’ for extensions that respect user privacy and data, has introduced new protections against downloading malicious extensions, stopped them from sharing processes to increase their performance, and even joined forces with Apple, Microsoft, and Mozilla to create an alliance that would define a standard for development.
In an email that went out to Chrome extension developers (brought to our attention by XDA Developers), Google is further cracking down on spammy extensions by requiring devs to enable two-step verification or two-factor authentication. With this, it will be much harder for hackers or hijackers to take over extensions and inject malicious code into them.
“Over the years we’ve made a number of product and policy improvements to help ensure that people feel safe when installing extensions on the Chrome Web Store. As part of this work, we’ve updated best practices, and named undesirable behaviors in key areas like security and trust. Today we’re further clarifying three policies to keep the quality of extensions high, and the experience for developers consistent.”Contents of email from Google
Additionally, it’s no longer allowing developers to offer multiple extensions as a part of the same extension flow or for one extension to ‘upset’ other extensions or apps as that goes against its Deceptive Installation Tactics and Notification Abuse policies. Imagine going to the mechanic to get your oil changed and then being pressured to get everything else done as well – wait, that already happens! Google’s policies stop tactics like that in their tracks – if you click to install one extension, you get that one extension.
Next, the company is requiring all extensions to clearly and transparently state what functionalities will be included upon install so that the users understand completely what they’re getting when they click that blue ‘Add to Chrome’ button. The promise of what it will do for them is no longer allowed to be buried in a long description of unrelated text. Similarly, whatever is promised by that add-on must be delivered upon. If the outcome of a user interaction does not reasonably match what is expected, then that developer could potentially get in hot water for misleading others.
Lastly, if there is an action that the user takes that is not related to the functionality or feature promised, the developer could get in trouble as well. Have you ever clicked on something and it popped open an advertisement or something you absolutely did not agree to? I imagine this seeks to prevent a similar issue with extensions, but Google was not specific.
These chances go into effect on August 2, 2021 and any developers that have not enabled 2FA by that time will be disallowed from uploading any new extensions to the Chrome Web Store and unable to update their existing extensions. Also, any extensions or developers that violate Google’s new protective policies will be taken down completely – sweet. Does this renew your faith in the Web Store and in extensions, or do you avoid them like the plague?
I imagine that the company is doing all of this work in an effort to clean things up enough to merge it with the Google Play Store, but I’m just spitballing. If it can merge the Web Store with the Play Store, users will be less confused when they get their Chromebooks home, and one day, we may just have a unified store for everything!