google removed my extension, trying to understand why - google-chrome-extension

My chrome extension was removed from google chrome store and I don't know why, I'm not using remote hosted code. I am using manifest V2
Does anyone can suggest why they removed my extension?
Time line (emails that I received from google):
18 November 2020:
Dear Developer,
Protecting users and their data is a fundamental aspect of the work we do on Chrome. Last year we announced a set of policies to protect users and their data by requiring that extensions request the narrowest possible permissions, and we required more extensions to post privacy policies and handle user data securely.
Today, we are announcing policy changes that build upon those protections by:
Limiting what extension developers can do with the data they collect.
Requiring developers to certify their data use practices.
Starting January 2021, each extension’s detail page in the Chrome Web Store will show the data collected by the extension, in clear and easy to understand language.
Data privacy policy update
We’re introducing an additional policy focused on limiting usage of user data collected through a Chrome extension. More specifically:
Reiterating that the sale of user data is never allowed. Google does not sell user data and extension developers may not do this either.
The use or transfer of user data should be for the primary benefit of the user and in accordance with the stated purpose of the extension.
The use or transfer of user data cannot be used for creditworthiness or any form of lending qualification.
The Chrome Web Store will also help users understand an extension’s privacy practices directly on the Chrome Web store listing.
On each extension detail page, the data collected by the extension will be displayed in a standardized manner. Additionally, whether a developer has certified their compliance with the limited use policy will also be displayed.
Developer-provided privacy disclosures
To publish or update an extension, developers must provide data usage disclosures directly from the developer dashboard. These disclosures include:
The nature of the data being collected from users.
The developer’s certification that they comply with the new policy on limited use.
The content of the form is grouped by category to make it simpler for developers, and maps exactly to the disclosures that will be displayed to Chrome users. Most of this information should be consistent with the existing privacy policies that developers have provided to the Chrome Web Store.
Implementation timeline
Data disclosures collection will be made available to developers today and will be displayed on the Chrome Web Store listing starting January 18, 2021.
Starting in March 2021, the Chrome Web Store team will reach out to developers with a warning to complete the disclosure requirement. Inaction after 30 days of the warning will result in the suspension of affected items and the deactivation of the existing user base.
See the limited use policy FAQ and the corresponding blog post for additional detail.
Thank you for your cooperation, and for your participation in the Chrome extension ecosystem!
The Google Chrome Web Store team
5 February 2021:
"Dear Developer, Last year, we announced the rollout of Manifest V3 support for Chrome extensions alongside Chrome 88. These updates to the extension platform make the extension experience safer, more privacy-preserving, and more performant for Chrome users. One of the key changes for V3 extensions is the disallowing of remotely hosted code. Now that you can submit to the Chrome Web Store, we’ve updated our Developer Program Policies to reflect these new guidelines. Please refer to our Developer Program Policies for more details on these updates. Thank you for your cooperation and for your participation in the Chrome extension ecosystem!"
31 March 2021
"We regret to inform you that the item has been removed from the Chrome web store. Details are shown below."
"We did not receive an update from you regarding the Google Chrome item before the end of the warning period specified in our previous email. Because the item still does not meet our policy requirements mentioned in the previous email, it was removed from the Chrome web store. "

Based on your timeline it doesn't look like you received a warning email. Try reaching out to CWS Developer Support using the following options:
My item (extensions, app, or theme)
My item was warned / removed / rejected
I did not receive any communication
Yes
In the additional comments section, note that you did not receive a warning email and that the takedown email you received did not state the reason for the takedown. A member of the review team should follow up with you in less than 24 hours.

Related

Chrome extension rejection for narrow and unclear purpose

When submitting updates for our extension, we receive the following message with rejection from the Chrome store:
"To have your item reinstated, please ensure:
The purpose of the extension is clear to users; and
The extension either limits its functionality to a narrow focus area of subject matter or to a narrow browser function.
To serve multiple purposes with your extensions, please package each purpose as a separate extension."
Does anyone know the criteria used when determining if the purpose is clear or if the extension is trying to do too much? Our extension is used to demonstrate metrics more conveniently that our clients would normally go to our webpage to see, so it shows a few different but very related items (all of which fit the central theme of showing connected metrics).
Check the Chrome Extension Quality Guideline:
Extensions Quality Guidelines
An extension must have a single purpose that is narrow and
easy-to-understand. Do not create an extension that requires users to
accept bundles of unrelated functionality, such as an email notifier
and a news headline aggregator, or downloads a local executable. If
two pieces of functionality are clearly separate, they should be put
into two different extensions, and users should have the ability to
install and uninstall them separately. For example, functionality that
displays product ratings and reviews, but also injects ads into web
pages, should not be bundled into a single extension. Similarly,
toolbars that provide a broad array of functionality or entry points
into services are better delivered as separate extensions, so that
users can select the services they want.
This is further explained in the FAQS page answering these questions:
Why did Google launch a “single purpose” Chrome extensions policy?
Where can I find the “single purpose” policy?
What does “single purpose” actually mean?

401 error on CWS Payment Flow

My Google Chrome Extension (Annotate for Chrome) has successfully received payments.
I have updated the app recently but not the payment flow.
Now when a user initiates a payment the Google modal pops up (that displays the Google payment - from Buy.js) the spinner just runs endlessly and console shows a 401 error.
I double-checked manifest and in-app purchase SKU etc and don't see any differences from previous versions that worked. My check for current license is working fine - which tells me my app is being recognized by the Google Web Store and returning data on specific users license status...
Any thoughts on what could cause this? Many thanks.
(I submitted a ticket to CWS support - nothing yet). Probably something stupid but I don't know how to debug. Or epic fail on Google's part.
The root cause of this issue has been fixed and purchase flows should be working as expected now. Details over here: https://groups.google.com/a/chromium.org/d/msg/chromium-extensions/bxoptYk8--Y/Mh_qJp4gDQAJ
This is a problem with the Chrome Web Store.
I tried to purchase another Extension (https://www.twinword.com/blog/how-to-quickly-monetize-your-chrome-browser/) that uses in-app purchases and saw the exact same problem.
So Google's Web Store purchasing process has been broken for a week+ and no one at Google cares. Maybe they should get out of the payments business and require developers use 3rd party solutions. Utterly disgusting on Google's part. I'd like my 6 hours of troubleshooting back...

Is there a way to get an email for all bug reports and feedbacks I receive for a published chrome extension?

I have a chrome extension published in chrome store. The problem is that I don't receive any emails or notifications for any feedbacks or bug reports users raise. Is there any option to enable them? The only way to find now is to manually check if there are any feedbacks or open bugs, which is very inefficient.
Web Store provides no way to access feedback (or reviews), with the exception of web scraping those pages.
Here's the (old) feature request for this. It's in limbo for well over a year.

Chrome Web Store review mistakes and inconsistencies

Before deciding to write this issue on Stackoverflow, we tried everything that we could through the normal/official (and slow) contact process (contact form and developers emails).
So this is actually our last try to solve it and also expose some of the Google's review mistakes and inconsistency when reviewing new items (extensions).
We currently have an extension (item hjdkfeeffbfcoanbnkeedjccphcmpehm) that was approved and published few months ago and that is now used by more than 70,000 people, with excellent rating on Chrome Web Store.
https://chrome.google.com/webstore/detail/ad-block-chega-de-publici/hjdkfeeffbfcoanbnkeedjccphcmpehm?hl=pt-BR
This extension is an Ad Blocker and was primarily focused in the Brazilian market, for Portuguese-speaking people.
Due the success of this extension, last week we decided to add two new extensions (Ids: mmcgdfakfmbepgnoogipkccigohjjcim and hgekbffcnpflnhfjkdfdlhffigdfbnae) that would focus on English-speaking and Spanish-speaking countries and, when we tried to add these extensions with the exact same source code that we used for the item that is approved and published, the Chrome review team is always rejecting with these arguments below:
To have your item reinstated, please make any necessary changes to ensure:
All of the files and code are included in the item’s package.
All code inside the package is human readable (no obfuscated or minified code).
Avoid requesting or executing remotely hosted code (including by referencing remote javascript files or executing code obtained by XHR requests).
So, just to make it clear:
1) The extension that is currently approved and published (item hjdkfeeffbfcoanbnkeedjccphcmpehm) does have minified code and even so was approved.
Even so, we did what Chrome's team was requesting and uploaded new packages with human-readable code (not minified) and even so, again, our extensions were rejected;
2) The extension that is currently approved and published (item hjdkfeeffbfcoanbnkeedjccphcmpehm) does load dynamic content from our server, as we need to daily and automatically update our URL list for blocking ads, its impossible to simply build and publish a new extension version every time we need to block a new URL or type of Ad.
Ad Block Plus, uBlock and other Ad Blockers do the same and they are approved and published on the Chrome Web Store.
3) The extension source code of the new items, except by the text that needed to be changed, as the new extensions are in different languages (English and Spanish), is exact the same of the extension that is approved and published, line by line;
In order to prove that from them, we even created a diff file comparing line by line the source of the approved extension with the new extensions, even so this was not enough to prove them we were right and also to simply get some answer on our emails.
We have already argued all of that through email with Chrome's team, but never received any answer or reply, except by the standard "rejection and removal" emails. They simply don't care.
That being said, it's clear to me that:
Google Chrome team is deliberately trying to prevent us for publishing two new Ad Blocker extensions, because they saw the growth that we had with our first extension (that is approved and published);
or
Someone at Chrome's team is simply making repeated mistakes and no one cares nor read our emails;
I hope this message can help us get some human attention within Google's team and also alert you guys about the "really strange" problems that we are facing.
Although this issue was more related to Google's policies than programming in the first place, the solution is still relevant to share for other Chrome extension developers, as it was somehow related about how to load remote resources for your extensions.
After posting this issue Google's team contact us and their question for keeping rejecting our extensions was related to the way we were loading remote resources for our extension.
Google's reply by email
Your new extensions are fetching resource(s) from AAA.com.br. However, the official website(s) registered for your new items is BBB.com. This means that the resource(s) being fetched are coming from remote/third-party source(s) and as per our program policies, we had requested you to check the following:
If all of the files and code are included in the item’s package,
All code inside the package is human readable (no obfuscated or minified code), and
If the items are requesting or executing any remotely hosted code (including by referencing remote javascript files or executing code obtained by XHR requests)
The specific issue here is with #3.
It'll be great if you can give us some context on the resource that you're fetching and how the two websites in question are related. Once we have that information, we'll be happy to help you guys with the publishing process.
As we have two different URLs related to the same extensions (we have three extensions), for the new extensions the URL BBB.com was configured on Chrome Web Store Developers Console, but we were actually loading the resources from the URL AAA.com, that have being in use since we published our first extension.
Although both URLs were added and owner-validated to our Chrome Web Store Developers Console and both URLs were related to the same extensions, we now understood that is a good practice to load the resources from the URL that is actually configured on the extension details, even if you have more than one URL for the same extensions.
So, if you have URL AAA.com and BBB.com, and both are used for the extensions A and B, try to load the resources of the extension A from the URL AAA.com and the resources of the extension B from the URL BBB.com, even with both share the same backend.
This will avoid Google's team to think that you might be loading resources for your extension from unknown 3rd parties, that is forbidden according to the program policies.

Use Autoupdating in Google Chrome Web Store

I'm making an extension for Google Chrome and I use code for autoupdating. This is because the extension isn't yet in Google Chrome webstore. But in a few days I will upload it to the Webstore and Google says you can use the Webstores autoupdating. But if I don't want to use that, will my app still update by my own server, like the way it does now?
Thanks in advance!!
I agree that docs are not very clear about this:
If you publish your extension using the Chrome Developer Dashboard,
you can ignore this page. You can use the dashboard to release updated
versions of your extension to users, as well as to the Chrome Web
Store.
But, I've tested it myself and your update_url setting in manifest.json will be overridden when you publish your extension via Chrome Web Store (CWS). In other words, publishing to CWS means that you can't use self hosted autoupdating anymore.
The reasons for that, that I could think of, may be as follows:
CWS wants to keep track of each extension stats (i.e. number of users using each extension)
privacy concerns (people don't want you to track them when they update extension)
security concerns (each extension update must go through CWS verification process)
If you want to track people (please don't) use Google Analytics on i.e. background page of your extension.

Resources