Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
Google Chrome Privacy Security

Google Updates Chrome Web Store Review Process and Sets New Extension Code Requirements (venturebeat.com) 26

Google is finally turning its attention to Chrome Web Store. On Monday, the company announced a range of big changes that would make the online store more secure for customers. From a report: The first two are happening now: Developers are being subjected to a more rigorous review process, and the Chrome Web Store no longer accepts obfuscated JavaScript files. In a couple of weeks, Chrome users will get the option to restrict host access for their extensions. And in 2019, two more changes will take effect: Chrome Web Store developer accounts will require 2-step verification, and Google will introduce manifest version 3 of the extensions platform.

[...] Effective today, extensions that request powerful permissions will be subject to additional compliance review. Google doesn't offer much detail here, but it does say your extension's permissions should be as narrowly scoped as possible and all your code should be included directly in the extension package to minimize review time. If your extension uses remotely hosted code, Google will also be taking a closer look (and will monitor on an ongoing basis).

This discussion has been archived. No new comments can be posted.

Google Updates Chrome Web Store Review Process and Sets New Extension Code Requirements

Comments Filter:
  • Just lock people into the internet is yours, Google.
  • They will just ignore the permissions and install something that collects their data.
    • And this is likely the reason Google is making this change. Google provided the tools for users to see what things extensions wanted access to, and users did not care. So now Google has to be more selective with their approval process.

      The other big reason is the practice of selling legitimate extensions to "developers" who promptly pump it full of malware and push an update to all of the existing users.

      It sounds like Google's changes will address these problems and I welcome them.

      • Google can say all they want about how they're trying to protect users against malicious extension updates, but I won't believe a word of it until they change the fact that Chrome still won't:

        - Show you what extensions of yours have recently updated
        - Show you when a particular extension was last updated
        - Allow users to disable automatic updates for an extension

        These are pretty basic features, and they're all things the Play Store has done on Android for years. It boggles the mind that they would devel

      • by Raenex ( 947668 )

        Google provided the tools for users to see what things extensions wanted access to, and users did not care. So now Google has to be more selective with their approval process.

        Right. How dare these 3rd party apps spy on users. That's Google's job!

  • I don't run chrome on my desktop and laptop for several reasons, but on my android smartphone, which includes Chrome as the default browser, I don't run it because of the licensing.

    The Chrome license includes an Adobe license, due to their using an Adobe product as a component.

    The Adobe license, while apparently intended as a no-reverse-engineering prohibition, amounts to a non-compete that would forever taint my ability to work on software similar to Adobe's.

    (Clicking "accept" on a cellphone can be expected to leave a database record that is personally identifiable by its connection to my cellphone account with the carrier.)

    So I haven't activated it. At the moment, having not gotten around to installing a replacement browser (and figuring out how to do so without use of the un-enabled Chrome browser) I don't have browser-based functions on the cellphone. This largely cripples it as a smartphone.

    (Fortunately I can get by using it as a "dumb phone" and tethering it to my laptop (currently using Firefox) when I really need to get on the net. The latter works great. But it's a pain if I'm on the move.)

    • So I haven't activated it. At the moment, having not gotten around to installing a replacement browser (and figuring out how to do so without use of the un-enabled Chrome browser)

      Naturally, you install it through the play store. Or you download an APK onto your laptop, and sideload it using adb install.

Top Ten Things Overheard At The ANSI C Draft Committee Meetings: (10) Sorry, but that's too useful.

Working...