I'm making an extension for Google Chrome and I use code for autoupdating. This is because the extension isn't yet in Google Chrome webstore. But in a few days I will upload it to the Webstore and Google says you can use the Webstores autoupdating. But if I don't want to use that, will my app still update by my own server, like the way it does now?
Thanks in advance!!
I agree that docs are not very clear about this:
If you publish your extension using the Chrome Developer Dashboard,
you can ignore this page. You can use the dashboard to release updated
versions of your extension to users, as well as to the Chrome Web
Store.
But, I've tested it myself and your update_url setting in manifest.json will be overridden when you publish your extension via Chrome Web Store (CWS). In other words, publishing to CWS means that you can't use self hosted autoupdating anymore.
The reasons for that, that I could think of, may be as follows:
CWS wants to keep track of each extension stats (i.e. number of users using each extension)
privacy concerns (people don't want you to track them when they update extension)
security concerns (each extension update must go through CWS verification process)
If you want to track people (please don't) use Google Analytics on i.e. background page of your extension.
Related
i've published a new chrome extension to the google chrome's web store, to my company account.
we already have few extensions there.
the extension's upload was completed successfully
and its status is "published"
uploaded it 3 days ago
in addition, I examined the manifest multiple times, and seems like I have all the relevant properties set there.
BUT, I can't see my extension available in the Web Store, nor find it in the search
any idea on what could be the problem ?
Make sure that your app is published as public to be visible to everyone. I think it usually takes a week for the app to be visible. You can also reach out to the Chrome team through their support page.
Everybody can download chrome extension, edit and reupload, how i can protect my chrome extension and what i need to do if i see someone reupload my chrome extension?
You can't bulletproof-protect it. The only thing you can reasonably guarantee to be unique is the extension ID for published items - but any checks you would do against it can be circumvented.
It's not a technical problem. It's a social/legal problem.
If you see someone doing it, you should use the Report Abuse function of the Web Store.
What other does is to load the "actual" code of their extension remotely (via CDN)
The code that is packaged with chrome extension just act as loader or their "real" extension code.
See Streak's InboxSDK (sdk to build chrome extensions for gmail). It uses the same concept. https://www.inboxsdk.com/docs/
We have authored a Chrome extension and would like to ensure that our extension does not at any time participate in being sync'd using Google Account synchronization, even if the user has specified in the Advanced sync settings dialog that extensions be sync'd. Is there a way to prevent this sync'ing on a per-extension basis? Is there some setting we could place in the extension manifest file to accomplish this? Or other way to accomplish this?
If that is not possible, can we force the Extensions checkbox to always be unchecked and unalterable by the user, using enterprise-level techniques such as Group Policy Update? This is not optimal, since we only want to stop the sync'ing of our extension, and not prevent sync'ing of all extensions.
We do see that the SyncDisabled policy registry setting is available to us, but that looks like it will disable ALL data synchronization including Apps, Extensions, Settings, History, etc. This is even less desirable to us, since we don't want to affect other synchronization -- we just want to prevent only our extension from being sync'd.
The use case for this involves the following:
A corporate user installs Chrome on his work computer. Our extension is useful in the enterprise environment and is installed on Chrome.
At some point, using the Chrome browser, this user logs into his personal Gmail account. He has set up his Google Account to turn synchronization on.
Now when this user, using his home computer and Chrome browser, logs in to Google, he will find that our extension has also been installed on his Chrome browser at home -- this is not desirable, since our extension has no usefulness in the home environment. Moreover, the user may consider the presence of our extension an unwanted intrusion into his home computing environment.
The only remedy for this user would seem to be that he could go to the Advanced sync settings and uncheck the Extensions checkbox, but then he would lose the benefit of extension sync'ing of other extensions, which he may want.
Well, if you're doing it in a corporate / managed environment, you don't need to publish your extension on Web Store at all (thus preventing the sync) if you can use Group Policy.
Any extension in ExtensionInstallForcelist will be installed even if it (and its update manifest) is hosted outside Web Store. This will prevent the extension itself from syncing (though will probably still allow chrome.storage.sync to function for it, which is a plus).
Other than that, I don't think there's a way to prevent an individual Store-hosted extension from syncing.
I have a chrome extension that i built for my company employees,
we have our own instance of google apps #ourcompany.com
I have a gae app that tells the extension that it needs to be updated but the actual update process has to be done manually.
is there a way where i can do this update automatically once it's available?
You should publish your app to Chrome Web Store, and enjoy the auto-update process it offers, unless it's impossible due to CWS policies or packaging complications like Native Hosts/NPAPI.
When you do, you have an option to restrict installs to users of your Google Apps domain.
There are legitimate cases when you don't want to migrate over to CWS.
If you have a way to force install of your extension (ideally via Group Policy) and not concerned by tightening of security for Windows, you can just use update_url field in the manifest.
We have a Chrome Extension application that we have developed and would like to distribute it only a limited number of internal users.
This would be a private app, but to install it, users now have to follow the manual steps of going to Settings -> Extensions -> clicking on Developer mode -> drop the .crx in there.
I would like to know if there is a way to just have private App Store to privately distribute this app and not have it on Chrome Web Store for anyone to see/download/use.
Thanks for your help in advance ---
You use the Chrome Web Store. 2 options are available:
Share an unlisted Chrome extension from the Chrome Web Store (anyone with the link will be able to install it)
Chrome customers using G Suite or Education can use the Chrome Web Store to host private apps restricted only to their users on the same domain.
See https://support.google.com/chrome/a/answer/2663860
Update 2016-05-20: From https://support.google.com/chrome/a/answer/2663860?hl=en
Chrome customers using Google Apps for Work or Education can use the Chrome Web Store to host private apps restricted only to their users or people who you share a direct link to the app with. Users from the same Chrome domain will see their organization's private apps in a private collection in the Chrome Web Store.
Update 2015-10-27: Google has updated installation policies in attempt to curb malicious extension activity on Windows. On the chrome extension hosting page:
Warning: As of Chrome 33, Windows users can only download extensions
hosted in the Chrome Web store, except for installs via enterprise
policy or developer mode (see Protecting Windows users from malicious
extensions). As of Chrome 44, no external installs are allowed from a
path to a local .crx on Mac (see Continuing to protect Chrome users
from malicious extensions).
With the latest versions of Google Chrome, users are no longer going to be able to just click a download link and have it install with the correct HTTP headers. This leaves you with 4 possible options:
user downloads extension and then drags the file into the extension management page (This no longer works on Windows per update note)
change registry settings on users computers
user downloads extension source folder and loads extension from source in the extension management page
Re-enable extension installs with command-line flag as suggested by Rob W
I have created and distributed several different Google Chrome extensions privately within my company and went with the first option. It is an extra step for the users but it wasn't a big deal. The users did not have to have developer mode enabled in their Chrome browser for this to work.
Yes, you can. You need to create the crx file through the google chrome "Extensions" page (visit: chrome://extensions/ NOTE: You cannot click the link you have to manually copy and paste it, chrome does not allow you to visit the link from href)
On the Extensions page, check the box "developer mode", choose "pack extension".
Now you get the following popup. Click "browse" for the Extension root directory and navigate to the folder containing your extension (the folder containing manifest.json).
The first time you do this, ignore private key file. It will generate one for you automatically and save it to the same folder.
When you release a new version of the extension, use the generated private key file. This way for someone to update the extension, it won't ask for permissions again.
TO INSTALL
To install the extension, just get each user to manually drag the newly created extension crx into the Extensions page (chrome://extensions/).
The first time it will ask for permissions just like when installing from the Chrome Web Store.
For each new version, as long as you used the same private key file for each new version, users just drag the new version into the Extensions page the same way except they won't be asked for permissions again. It will just update the extension.
WARNINGS:
Beware the way you distribute the extension crx file. When user downloads the extension .crx file in Google Chrome, it will think you're trying to install the extension from that page, and come up a warning "couldn't be installed from this site". You need to make sure that users know to ignore the error, and check their downloads folder for the extension to manually install it.
Whenever you download the .crx file, Chrome will give the user a warning saying it might contain a virus. There is no way around this. Even if you zip up the file, Chrome will read the contents and give the same warning. Some users won't install because of this. A workaround is to rename the .crx to something else, like .RENAME_TO_CRX, but this is a hassle and a lot of users either won't want to or won't be able to figure it out.
You can't update the extension automatically. It's just not possible because Chrome manually blocked this capability.
NOTE: Another way would be to release it on the Chrome Store, but only for certain users (not public). Only people with the link could install, OR you could make it only certain people can install and even if you had the link but weren't part of the group, they couldn't view the extension. Only problem here is if you don't want Google to see the extension.
If you use Google Apps, it appears there's now a way to publish apps and extensions to the Chrome Web Store, but only make it visible to users of that domain.
https://support.google.com/chrome/a/answer/2663860?hl=en
Since its internal, could you change registry settings on their computers?
Because if so, you can use them to allow easy install of extensions from outside the web store or force install extensions on their machine.
Look here....
http://www.chromium.org/administrators/policy-templates
http://www.chromium.org/administrators/policy-list-3#ExtensionInstallSources
http://www.chromium.org/administrators/policy-list-3#ExtensionInstallForcelist