January 5th, 2018
Since 2012, Chrome has enabled extension developers to provide a smooth installation experience on their own pages using inline installation. We have also worked hard to prevent abuse of this feature by disabling inline installation in cases where we detect misleading or deceptive installation flows. User complaints have been reduced by 65% since the start of this disabling initiative. Fewer than 3% of extensions still engage in these deceptive or confusing install flows, but this subset of extensions generates 90% more user complaints on average than the rest of the extensions in the Chrome Web Store.
As part of our ongoing efforts to protect users, we are expanding our abuse protections to further reduce user harm. Starting in a few weeks, we will upgrade our automated inline installation abuse detection to improve our detection speed and better detect extensions using deceptive or confusing installation flows.
In addition to the existing extension-level protection, our expanded enforcement will also use machine learning to evaluate each inline installation request for signals of deceptive, confusing, or malicious ads or web pages. When we find those signals, we’ll selectively disable that one inline installation request and redirect the user to the extension’s page on the Chrome Web Store. This selective enforcement will not impact inline installation of that extension from other, non-deceptive sources.
We’ve taken these measures to preserve a good experience for Chrome users and developers in the Chrome Web Store. More information is available in the Inline Installation Enforcement FAQ.
Posted by Nav Jagpal and Benjamin Ackerman, Safe Browsing Team