Why my browser extension was taken down?
ShopBack’s browser extension is a fantastic tool that offers shopper a quicker and faster way to earn cashback. You can visit our tutorial page if you are interested on it. However, since we launched our new browser extension to Chrome and Firefox, we faced three times taken down just within one year. So in below section, I will share what we experienced and how we tackled it!!
If you are a browser extension developer, you are supposed to read the policies of Chrome extension and Firefox add-ons.
Google and Mozilla have similar policies especially on handling user privacy data. So I believe if you are following those common policies carefully, your extension will be safe on both platforms.
Before sharing our experiences, let’s introduce how Chrome/Firefox inform developer if your extension is taken down:
Google Chrome
Unfortunately, Google do not inform you if your extension is taken down. The ways to find out your extension is taken down is via Chrome WebStore Dashboard or the extension install page.
Mozilla Firefox
Mozilla is much friendly on this part, they will send email to you and explain a roughly reason. So you just keep watch your email and don’t let it go into the spam.
In the next, I’m going to share three times take down experiences from Google Chrome and Mozilla Firefox.
Obfuscate code
In Chrome policy, they describe it as Code Readability Requirements. Actually, they allow you to minify the source code in the following forms:
- Removal of whitespace, newlines, code comments, and block delimiters
- Shortening of variable and function names
- Collapsing files together
However, this policy is not only apply on your source code but also all the external code or resource fetch by extension.
Last time, the reason of our extension was taken down is because we were accidentally include a Font Awesome library via Font Awesome’s Free CDN. Here is how we use Font Awesome in extension popup:
<script defer src="https://use.fontawesome.com/releases/v5.0.6/js/all.js"></script>This external resource is minified and uglified. Seems like extension reviewer doesn’t like it and we fixed this issue via a directly reference to Font Awesome source file. Anyway, if there’s a third party library is bundled in one file, that is fine, for example: we use react and use webpack to bundle the source code. So just be careful about those external resources.
User Data Privacy
Google and Mozilla they emphasize the user’s privacy in the their policy. In fact, your extension is able to collect the user’s data or behavior absolutely. However, user also have right to disable this mechanism if they don’t like. Because ShopBack’s extension is very care the user’s experiences and behaviors when they are shopping, so we did collect a lots of shopper’s information but we didn’t give them a way to disable this mechanism. Hence, we faced the second time take down by Google.
So.. How to fix it? It’s simple, just implement a Options page to let user have ability to enable/disable the mechanism of collecting user data.
Package Extension
The third time take down is from Firefox and it was a little bit tricky. The reason is there are something different between our uploads and their builds. Actually, Firefox will ask you to upload the source code and add-on when you publish. The third time taken down is they found the result of building is different from the upload one. Yes.. it’s a mistake from engineer. However, it illustrate that Mozilla’s review is much strict on the final build files. BTW, We also faced an issue that their reviewer can not build our extension cause of some environment problem.
So the lesson learn is we provide a docker in the source code and write a README to instruct them to build the our extension in a right way. Anyway, just make sure the builds are always the same in a release.
Conclusion
In the past of year, I think the most difficult thing is figure out why your extension is taken down by Google. Because they don’t say anything usually. So we just learn a lesson when we face a taken down every time. Anyway, developer should pay more attentions on the policies when you develop a browser extension.
It’s welcome to share any taken down experiences in below comments :)
