If the Chrome Web Store offered straightforward ways to sell paid extensions at least then there'd be less reason to embed malware in your extension instead. At the point where you can do that, you can snoop on the user on an important page, activeTab or no. Detecting a password field means you need to be able to scan the DOM and detect when the user is interacting with the field. Like for example, 1password naturally needs both a way to intercept entry of new passwords (to offer saving) and a way to detect password fields and type into them. In practice users want extensions to do stuff that implicitly violates security boundaries, so I think making that stuff secure would basically require Google to build it in.
Scoping to a list of domains could potentially work, but adding new domains shuts off your extension so it seems unlikely that anyone could do it when they could request wildcard permissions at install instead. We have been trying to directly contact Chrome Web Store team for more details, but ,unfortunately, there is no response from them and they are continuously sending the email above without additional clarifications.Part of the problem is that activeTab makes a ton of the things extensions usually do impossible, so lots of extensions will keep requesting full permissions.
We have also described the usage of permissions in Chrome Web Store Developer Dashboard, but Google still declines our submission. There is the working Privacy Policy link in Chrome Web Store Developer Dashboard that contains detailed information about which data we collect, how we do that and use this information how this data transmitted and secured. The privacy policy must also accurately and fully disclose all the details pertaining to how your product collects, uses and shares user data, including the types of parties with whom the data is shared.** The link must lead to a privacy policy that is owned by you. Provide a working link to your privacy policy in the appropriate field in the Chrome Web Store Developer Dashboard. Handle the user data securely, including transmitting it via modern cryptography. If your product handles personal or sensitive user data (including personally identifiable information, financial and payment information, health information, authentication information, website content and resources, form data, web browsing activity, user-provided content and personal communications), then your product must:
The Privacy Policy & Secure Transmission section requires that: **Your item did not comply with the following section of our Program Policies: We have been trying to publish the new version of the extension which is already in Chrome Web Store, but Google rejected it sending the following email:
0 kommentar(er)
