Slashdot Mirror
Google Updates Chrome Web Store Review Process and Sets New Extension Code Requirements (venturebeat.com)
Google is finally turning its attention to Chrome Web Store. On Monday, the company announced a range of big changes that would make the online store more secure for customers. From a report: The first two are happening now: Developers are being subjected to a more rigorous review process, and the Chrome Web Store no longer accepts obfuscated JavaScript files. In a couple of weeks, Chrome users will get the option to restrict host access for their extensions. And in 2019, two more changes will take effect: Chrome Web Store developer accounts will require 2-step verification, and Google will introduce manifest version 3 of the extensions platform.
[...] Effective today, extensions that request powerful permissions will be subject to additional compliance review. Google doesn't offer much detail here, but it does say your extension's permissions should be as narrowly scoped as possible and all your code should be included directly in the extension package to minimize review time. If your extension uses remotely hosted code, Google will also be taking a closer look (and will monitor on an ongoing basis).
[...] Effective today, extensions that request powerful permissions will be subject to additional compliance review. Google doesn't offer much detail here, but it does say your extension's permissions should be as narrowly scoped as possible and all your code should be included directly in the extension package to minimize review time. If your extension uses remotely hosted code, Google will also be taking a closer look (and will monitor on an ongoing basis).
I don't run chrome on my desktop and laptop for several reasons, but on my android smartphone, which includes Chrome as the default browser, I don't run it because of the licensing.
The Chrome license includes an Adobe license, due to their using an Adobe product as a component.
The Adobe license, while apparently intended as a no-reverse-engineering prohibition, amounts to a non-compete that would forever taint my ability to work on software similar to Adobe's.
(Clicking "accept" on a cellphone can be expected to leave a database record that is personally identifiable by its connection to my cellphone account with the carrier.)
So I haven't activated it. At the moment, having not gotten around to installing a replacement browser (and figuring out how to do so without use of the un-enabled Chrome browser) I don't have browser-based functions on the cellphone. This largely cripples it as a smartphone.
(Fortunately I can get by using it as a "dumb phone" and tethering it to my laptop (currently using Firefox) when I really need to get on the net. The latter works great. But it's a pain if I'm on the move.)
Bantam Dominique roosters crow a four-note song. Once you've heard it as "Happy BIRTHday" you can't NOT hear it that way
And this is likely the reason Google is making this change. Google provided the tools for users to see what things extensions wanted access to, and users did not care. So now Google has to be more selective with their approval process.
The other big reason is the practice of selling legitimate extensions to "developers" who promptly pump it full of malware and push an update to all of the existing users.
It sounds like Google's changes will address these problems and I welcome them.