WingNews logo WingNews
top | item 41998477

(no title)

semenko | 1 year ago

I was optimistically hoping some of the MV3 changes would result in Chrome webstore policy enforcement being standardized, but that hasn't happened.

Sensor Tower (https://sensortower.com/) makes a lot of popular extensions, like StayFocusd https://www.stayfocusd.com/. They seem to resell ad data (in violation of [1]?) and ship likely obfuscated code [2] (in violation of [3]?), but there's no enforcement or even clear reporting mechanism.

[1] https://developer.chrome.com/docs/webstore/program-policies/...

[2] https://robwu.nl/crxviewer/?crx=https%3A%2F%2Fclients2.googl...

[3] https://developer.chrome.com/docs/webstore/program-policies/...

discuss

order

palant|1 year ago

Note: I am the author of this article.

MV3 makes it considerably harder to introduce a security vulnerability, but it doesn’t really help with outright malicious extensions. In the end this isn’t an issue which can be solved by technical means. It’s a moderation issue, and Google currently seems to be scaling back moderation despite not being great at it to start with.

Raed667|1 year ago

Event with MV3 you still have access to `chrome.webRequest.onBeforeRequest` and content scripts, so this particular issue won't be 100% solved.

I don't think the solution is technical. The solution would be a strict policy, and nuke every extension and publisher from the store who even hints at doing this kind of BS.