| Story sharing time! I run a local user group that educates developers on Google's technologies that while proudly independent from Google, has a great working relationship with their developer relations teams. Back in March of 2012 (that's almost two years ago) I first brought to the attention of the Chrome developer relations team an extension called Bookmark Sentry that essentially contained a trojan that hijacks links to serve up spam ads. You can read more about it here: http://stopmalvertising.com/malvertisements/beware-of-the-go... What I found troubling was the response back. I received an official response that it was within compliance of Chrome App Store policies. Specifically I was told: "Ad injections are not in violation of the Chrome Web Store program policies. The policy requires that ads must be presented in the context of the extension or, when present within another page, ads must be outside the page's normal flow and clearly state which extension they are bundled with. We believe that ads are a legitimate way to monetize, but that they should be a known cost to the extension user." I certainly hope since then they've changed their policy on this issue and are actively policing and enforcing against spyware and malware. Chrome App extensions can access extremely sensitive data such as webforms with credit card, contact details, passwords and more and in the wrong hands can do untold damage. |