Taking Action on Deceptive Installation Tactics

May 30th, 2019

Privacy, security and transparency are at the forefront of all the work we do on Chrome. In October, we announced changes aimed at ensuring Chrome extensions are trustworthy by default, but the work doesn’t end there.

As part of our commitment to transparency, we are announcing a new policy targeting deceptive installation tactics for extensions on the Chrome Web Store. We’ve seen that the path to downloading a Chrome extension influences user trust in all extensions. One bad experience can affect a user’s interest in the many great extensions our developers create. Setting the right expectations for what an extension does, from the start, helps create a healthy and thriving ecosystem of extensions, developers, and passionate users.

Last year, to improve user transparency we deprecated inline installation and began requiring all extension installs to go through the Chrome Web Store. This change has helped reduce user complaints about unwanted extensions by 18 percent. However, we still receive user feedback about deceptive extension install flows. As user transparency is an important part of our ecosystem, we are continuing to push these initiatives forward by prohibiting extensions that benefit from deceptive install tactics with the following policy:

Extensions must be marketed responsibly. Extensions that use or benefit from deceptive installation tactics will be removed from the Chrome Web Store.

Deceptive installation tactics include:

  • Unclear or inconspicuous disclosures on marketing collateral preceding the Chrome Web Store item listing.
  • Misleading interactive elements as part of your distribution flow. This includes misleading call-to-action buttons or forms that imply an outcome other than the installation of an extension.
  • Adjusting the Chrome Web Store item listing window with the effect of withholding or hiding extension metadata from the user.

Please audit all of your install traffic to ensure it is compliant before July 1st, 2019. You can also find an FAQ on the new policy in the Chrome Developer Center.

Today, we also announced additional policies to further protect users as part of Google’s Project Strobe.

We will be requiring that extensions request the narrowest permissions needed to implement their features, and requiring more extensions to post privacy policies and handle user data securely. Read more about those changes in the Keyword post and the Chrome Developer Center FAQ.

Posted by Swagateeka Panigrahy and Benjamin Ackerman, Chrome Policy and Anti-Abuse Team