Google warning puts Chrome extension with more than 1 million users at risk of unsubscription
by
In 2018, Google made it impossible to install Chrome extensions that were distributed outside of the Chrome Web Store, making it the only place the Chrome Web Store can get Chrome extensions today. At the time of article creation, the Chrome extension ' Pushbullet ' used by more than 1 million people was in danger of being locked out of the Chrome Web Store due to a Google warning, he reports on his blog.
Let's Guess What Google Requires In 14 Days Or They Kill Our Extension | Pushbullet Blog
https://blog.pushbullet.com/2020/05/13/lets-guess-what-google-requires-in-14-days-or-they-kill-our-extension/
Our Chrome Extension Is Safe | Pushbullet Blog
Let's guess what Google requires in 14 days or they kill our extension | Hacker News
https://news.ycombinator.com/item?id=23168874
In May 2020, Pushbullet's development team said from Google, 'Pushbullet violates our privacy policy, so please give minimal permissions to your extension. If you see no improvement, stop the delivery of Pushbullet by Chrome web Store after 14 days 'to the effect that e-mail thing that they have received. The development team said it was shocked, as it included content that also suggested a freeze on the development team's account.
Google pointed to Pushbullet about the issue of 'use of permissions' and instructed by email that extension permissions should be limited to the minimum required to implement the feature, so the development team reviewed permissions To work on. Pushbullet used 'open tab' 'active tab' 'context menu' 'cookie' 'notification' 'idle' 'https: // * / *' 'http: // * / *' It was designed to also use 'background behavior' and 'read and write clipboard' depending on the user's permission.
The development team thinks that the excess permissions that caused Google's warning are mandatory for all users, except access to 'background activity' and 'reading and writing clipboard' that the user needs permission to do. It was Therefore, access authority to 'https: // * / *' 'http: // * / *' that is accessible to all domains is 'https: //*.pushbullet.com/*' 'http: / In addition to restricting access privileges to '/*.pushbullet.com/*' 'http: // localhost / *', we made improvements such as removing access privileges to 'open tabs' at the expense of some functionality. , Said that they have submitted a new version to Google.
by GotCredit
After 24 hours, Google returned the examination result, but unfortunately the result was 'rejected'. The development team contacted Google because there was no specific instruction from Google about what needs improvement, but there was no response. By the time the review results were returned, there were 7 days left before Pushbullet was removed from the Chrome Web Store.
The development team may need to restrict access to 'https: //*.pushbullet.com/*' to 'https://www.pushbullet.com', and if Android 10 or later has background applications Since it is prohibited to have read / write authority to the clipboard, he also considered the possibility that the user's permission required to read / write clipboard should also be deleted. However, if you submit a revised version many times without being clearly instructed by Google that you need to correct it, Google's system will misunderstand that you are looking for a 'loophole' of the examination and your account will be frozen. There is a fear.
The situation changed after Pushbullet reported a series of events on his blog. Chrome extension Advocate is the Google of Simon Vincent at Mr. Twitter, reported that Pushbullet has passed the examination. We apologize for initially rejecting the submitted modified version.
FYI the latest submission has been approved.Apologies to Pushbullet for the rejection after addressed the original violation & to the broader dev community for not providing more actionable rejections ???? https://t.co/b7Au7Mjppn
— Simeon .__ proto__ (@DotProto) May 14, 2020
Pushbullet also reported passing the review on his blog, saying 'I hope this case will have a positive effect on other extension developers who are also suffering from Google's ambiguous response'. .. In overseas IT news site ' Hacker News ', ' Maybe the examination is done with an automated system' 'The examination criteria are unclear, Google says that it needs improvement to the developer Should be clearly instructed. '
Related Posts:
in Software, Web Service, Posted by darkhorse_log