Weeks after changing its terms of service in an effort to force Chrome extension developers to keep their software “simple and single-purpose in nature”, Google has kicked out two from its Web store after violating the new rules.
According to the Wall Street Journal, the offending browser extensions – Add to Feedly and Tweet This Page – began to serve up ads after they were silently updated with adware code.
The Journal said that the new code, which injected ads onto pages where they wouldn’t usually appear, was introduced to the two extensions after the owners sold their work on to other developers who then introduced the monetization features to the software.
After the extensions started to serve up unwanted ads, their five-star ratings in the Chrome store quickly dropped to just one, with many users jumping onto message boards to air their grievances.
The move by Google over the weekend to remove the software from its store has shone a light on the practice of buying and selling extensions and their related data, and is a reminder of how Chrome extensions are automatically updated in the background without the user knowing. In contrast, Firefox allows users of its add-ons to choose between manually checking for updates or having them installed automatically.
‘A bad decision’
Add To Feedly‘s developer Amit Agarwal said in a recent blog post that selling his extension was “a bad decision.”
A month after making the four-figure sale, the new owner pushed an update to the Chrome store that “didn’t bring any new features to the table nor contained any bug fixes. Instead, they incorporated advertising into the extension,” Agarwal said.
“These aren’t regular banner ads that you see on web pages, these are invisible ads that work the background and replace links on every website that you visit into affiliate links.”
He continued, “The business model of the buyer is simple – they buy popular add-ons, inject affiliate links and the bulk of users would never notice this since the Chrome browser automatically updates add-ons in the background. And there are no changelogs either.”
A member of the developer team for a Chrome extension called Honey, which has around 270,000 users, revealed on Reddit recently that several offers have also come its way in the past year.
“We’ve been approached by malware companies that have tried to buy the extension, data collection companies that have tried to buy user data, and adware companies that have tried to partner with us,” Honey’s developer said, adding, “We turned them all down.”
While the best browser extensions can help to personalize your Web experience and introduce a ton of new functionality, it’s clear that if they fall into the wrong hands somewhere down the line, they can quickly become a lost cause for many users. If the practice of new owners introducing unwanted functionality causes increasing problems, Google may consider offering users the option to turn off automatic updates, or at the least, notifying them when an extension changes hands.
- Update Google Chrome now to patch this critical security flaw
- The best Chrome VPN extensions for 2021
- Update Google Chrome now to protect yourself from these severe vulnerabilities
- Windows 10 vs. MacOS vs. Chrome OS
- Google is making it easier to save Tab Groups in Chrome