Security Experts:

Google Steps Up Fight on Spam in Chrome Web Store

Google this week announced a new set of rules for its Chrome Web Store, meant to ensure that developers don’t spam users with extensions that have similar functionality.

The Chrome Web Store has been available since 2011, offering a total of more than 200.000 browser extensions that allow users to easily customize their browsing experience in Chrome.

Just as with other application storefronts, Chrome Web Store too was the target of cybercriminals looking to leverage it for malware distribution or for other malicious purposes.

The increase in extension adoption has resulted in spammers and fraudsters submitting to the marketplace low-quality and misleading extensions and tricking users into installing them, in an attempt to make a quick profit.

“We want to ensure that the path of a user discovering an extension from the Chrome Web Store is clear and informative and not muddled with copycats, misleading functionalities or fake reviews and ratings,” Google says.

To make sure it can eliminate low-quality extensions and duplicates from the store, the Internet giant has updated its spam policy, so as to prevent developers and affiliates from publishing multiple extensions offering the same experiences or functionality.

What’s more, Google now requires that extensions do not have “misleading, improperly formatted, non-descriptive, irrelevant, excessive, or inappropriate metadata.” Such information includes the extension description and developer name, along with title, icon, and screenshots.

“Developers must provide a clear and well-written description. Unattributed or anonymous user testimonials in the app's description are also not allowed,” Google says.

The updated policy also notes that developers should not attempt to manipulate the placement of extensions through illegitimately inflating product ratings, reviews, or installs counts.

The company is also banning extensions meant to install or launch another app, theme, webpage, or extension, as well as those that impact users’ browsing experiences by delivering spam, ads, promotions, phishing attempts, or unwanted messages.

“Extensions that send messages on behalf of the user without giving the user the ability to confirm the content and intended recipients are also not allowed,” Google says.

The new policy has been published in the updated Developer Program Policies and developers are required to comply by August 27, 2020. Past that deadline, all extensions that violate the updated rules will be taken down and disabled.

Related: Google Axes 500 Chrome Extensions Exfiltrating User Data

Related: Chrome Extensions Policy Hits Deceptive Installation Tactics

Related: New Service From Cisco's Duo Labs Analyzes Chrome Extensions

view counter