Chrome Webstore Account Suspended?

539 views
Skip to first unread message

Mehul Mohan

unread,
May 25, 2016, 10:38:32 AM5/25/16
to Chromium-Extensions-Announce
Hello,

I'm very much disappointed with what Google has done with my Chrome Webstore developer account. They took it down couple of days ago. I filed an appeal and what they say is that they cannot restore it because of "malware" issues. I MEAN WHAT? I had a few extensions, coded ALL BY ME, NO ADVERTISEMENTS, NOTHING. And it was taken down because of malware? Pathetic.
I had an extension called "deadlockers" which allowed people to bypass those 5 second links like those of adf.ly or adfoc.us, etc. I receievd my first request on it that it has been taken down. The reason was I had some obfuscated javascript code (WHICH WAS NOT MALWARE). In the next update, I deobfuscated all code and Google banned the account. What the heck is going on? I'm really disappointed. Please help me. 

Thank you

Mehul Mohan

unread,
May 25, 2016, 10:44:54 AM5/25/16
to Chromium-Extensions-Announce
This is what Google emailed me:

Dear Developer,

Thank you for contacting the Chrome Web Store team to appeal your account suspension.

After carefully reviewing your case, we're unable to reinstate your developer account due to a violation of our malware policy -https://developer.chrome.com/webstore/program_policies#content_policies

Thank you for your understanding.

Regards,
The Chrome Web Store Team
Upon reviewing the link: https://developer.chrome.com/webstore/program_policies#content_policies, I see:

I HAD NO SEXUAL EXPLICIT MATERIAL ON ANY OF MY EXTENSIONS.
I HAD NO VIOLENT MATERIAL.
I HAD NO HATE SPEECH MATERIAL.
I HAD NO DECEPTIVE BEHAVIOR.
I WAS NOT ABUSING INTELLECTUAL PROPERTIES.
THERE WAS NO ILLEGAL ACTIVITY
THERE WAS NO GAMBLING

ABOUT MALICIOUS PRODUCT: "...Where possible, make as much of your code visible in the package as you can. If some of your app's logic is hidden and it appears to be suspicious, we may remove it."
I had ALREADY uploaded the non-obfuscated version of code. HERE is the exact repository of the code I had: https://github.com/mehulmpt/deadlockers
Now if Google developers think that performing XMLHttp request to a backend file (PHP) is SUSPICIOUS, then I'm very sorry for what I did.

Antony Sargent

unread,
May 26, 2016, 3:21:39 PM5/26/16
to Mehul Mohan, Chromium-Extensions-Announce
Hi Mehul-

Sorry you had a bad experience, it sounds like this was really frustrating for you. I should first point out that I just work on the chrome client code side of things, and the folks who run webstore developer support are a separate part of the organization and I can't speak for them in any official capacity and indeed for privacy reasons I generally don't have access to the details of any of the particular cases they work on. 

Anyhow, I had a quick look at your code on github and have some guesses about what might have happened. It looks like your extension in some circumstances sends the urls that a user browses to your 3rd party server, and in addition does so over plain http. I wonder if those two things may have fallen afoul of some parts of the "Personal or Sensitive User Data" section at https://developer.chrome.com/webstore/program_policies#userdata. Also, it looks like your code then redirects the user to an url supplied by the response from your server, so perhaps it's possible that in some cases one of those redirect urls resolved to a page containing malware and your extension got blamed for that.  (In general even just redirecting users browsing to an url returned by your server might be considered to run afoul of the "If some of your app's logic is hidden and it appears to be suspicious, we may remove it." clause). 



--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
 To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/8a6ee427-f2b9-4b34-b5be-f1822038f691%40chromium.org.

Raj Mouli

unread,
May 26, 2016, 3:36:59 PM5/26/16
to Mehul Mohan, Chromium-Extensions-Announce

First thing!
Do u have a backup of all your 5 extensions.
If yes,
Please try to go with a new developer account, start a fresh deployments with same names.

If not,
Try to get someone who installed your extensions.
It may be either u or one if your team mate or a user of ur extention.
In that machine, go to windows explorer and search for chrome extensions, your extensions will be saved by default in C:/programfiles/ or windows chrome extensions folder which has a unique GUID associated with it. Find that perticular folder with guid and copy your entire extension folder which works as a backup for u. And go through the first step to deploy a fresh  copy.

My bad! Excuse me- If you already taken care any of these.

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/eb16bd12-5e41-422f-8fbe-570e7d31cd1c%40chromium.org.

Mehul Mohan

unread,
May 26, 2016, 3:44:26 PM5/26/16
to Chromium-Extensions-Announce, mehu...@gmail.com
Hi Antony,
Thanks for getting back. I'm still very confused about the reasons you proposed. I admit that redirecting user to a particular URL could be marked as a flag, but only in case where user is not expecting that particular behavior from an extension. This extension is obviously made for the opposite reason, and I don't think anybody who installed it would not know about it.

For example, try to visit this URL: http://adf.ly/5XR (masked as google.com). If you've had my extension installed, it'll just allow you to immediately visit (or wait for you to navigate to) the unmasked link. That is the only task it did. And for that, it made use of server calls from PHP which you can see here: https://github.com/mehulmpt/deadlockers/tree/master/server (functions_api.php)

About the redirect, if you check this version, or the very first release of the extension, you'll see that I created an options page where I clearly gave users the option to choose whether to redirect them immediately to target link or show a popup and then let them decide to visit that page or not. 

I'm pretty much sure that this extension was not transmitting any PERSONAL information/details and was 100% under user control only. The redirects WERE CONTROLLABLE by user.

Please let me know if I can explain anything else.

Thank you

To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

Mehul Mohan

unread,
May 26, 2016, 3:47:59 PM5/26/16
to Chromium-Extensions-Announce, mehu...@gmail.com
Hello Raj,
Yes I do have a backup of extensions, but that is not really my concern. I am annoyed and angry on the not so smart policies followed by Google. And without going through an extension properly, if Google bans the full account access to chrome developer dashboard instead of just extension, then I'm really worried and sorry for the people in the responsible team.

Its not about extensions, its really not about that. Its about the wrong done, with the right one.

On Friday, May 27, 2016 at 1:06:59 AM UTC+5:30, Raj Mouli wrote:

First thing!
Do u have a backup of all your 5 extensions.
If yes,
Please try to go with a new developer account, start a fresh deployments with same names.

If not,
Try to get someone who installed your extensions.
It may be either u or one if your team mate or a user of ur extention.
In that machine, go to windows explorer and search for chrome extensions, your extensions will be saved by default in C:/programfiles/ or windows chrome extensions folder which has a unique GUID associated with it. Find that perticular folder with guid and copy your entire extension folder which works as a backup for u. And go through the first step to deploy a fresh  copy.

My bad! Excuse me- If you already taken care any of these.

On 25 May 2016 20:08, "Mehul Mohan" <mehu...@gmail.com> wrote:
Hello,

I'm very much disappointed with what Google has done with my Chrome Webstore developer account. They took it down couple of days ago. I filed an appeal and what they say is that they cannot restore it because of "malware" issues. I MEAN WHAT? I had a few extensions, coded ALL BY ME, NO ADVERTISEMENTS, NOTHING. And it was taken down because of malware? Pathetic.
I had an extension called "deadlockers" which allowed people to bypass those 5 second links like those of adf.ly or adfoc.us, etc. I receievd my first request on it that it has been taken down. The reason was I had some obfuscated javascript code (WHICH WAS NOT MALWARE). In the next update, I deobfuscated all code and Google banned the account. What the heck is going on? I'm really disappointed. Please help me. 

Thank you

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

Raj Mouli

unread,
May 26, 2016, 3:57:24 PM5/26/16
to Mehul Mohan, Chromium-Extensions-Announce

Yeah Mohan,
I could able to understand :).

Ther might be a possibility that (i m just thinking), someone might have injected some malicious thing to any of your extensions. Just a bit curious to know, when was the last installation happened and do you have any changes after that.

On 27 May 2016 01:18, "Mehul Mohan" <mehu...@gmail.com> wrote:
Hello Raj,
Yes I do have a backup of extensions, but that is not really my concern. I am annoyed and angry on the not so smart policies followed by Google. And without going through an extension properly, if Google bans the full account access to chrome developer dashboard instead of just extension, then I'm really worried and sorry for the people in the responsible team.

Its not about extensions, its really not about that. Its about the wrong done, with the right one.

On Friday, May 27, 2016 at 1:06:59 AM UTC+5:30, Raj Mouli wrote:

First thing!
Do u have a backup of all your 5 extensions.
If yes,
Please try to go with a new developer account, start a fresh deployments with same names.

If not,
Try to get someone who installed your extensions.
It may be either u or one if your team mate or a user of ur extention.
In that machine, go to windows explorer and search for chrome extensions, your extensions will be saved by default in C:/programfiles/ or windows chrome extensions folder which has a unique GUID associated with it. Find that perticular folder with guid and copy your entire extension folder which works as a backup for u. And go through the first step to deploy a fresh  copy.

My bad! Excuse me- If you already taken care any of these.

On 25 May 2016 20:08, "Mehul Mohan" <mehu...@gmail.com> wrote:
Hello,

I'm very much disappointed with what Google has done with my Chrome Webstore developer account. They took it down couple of days ago. I filed an appeal and what they say is that they cannot restore it because of "malware" issues. I MEAN WHAT? I had a few extensions, coded ALL BY ME, NO ADVERTISEMENTS, NOTHING. And it was taken down because of malware? Pathetic.
I had an extension called "deadlockers" which allowed people to bypass those 5 second links like those of adf.ly or adfoc.us, etc. I receievd my first request on it that it has been taken down. The reason was I had some obfuscated javascript code (WHICH WAS NOT MALWARE). In the next update, I deobfuscated all code and Google banned the account. What the heck is going on? I'm really disappointed. Please help me. 

Thank you

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.

To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/cdab9ae9-a356-4908-a7d6-0a1cac888480%40chromium.org.

Antony Sargent

unread,
May 27, 2016, 12:07:13 PM5/27/16
to Mehul Mohan, Chromium-Extensions-Announce
-Sending any private user data (urls browsed to, etc.) to an outside server at all is going to draw a lot of reviewer scrutiny, because there have been cases in the past where extensions were doing that not to enable features for the user but simply to sell that data (and just sending urls browsed to can be a big security problem because sometimes things like OAuth access tokens are present in query params, etc.) 
-Sending any private user data over non-https is definitely a violation of policy
-Redirecting browsing to an url coming from a server is impossible to verify as being safe, since the server could be updated at any time to return malicious urls

I'd suggest you see if you can craft your extension to work only locally. 




To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.

To post to this group, send email to chromium-...@chromium.org.
Visit this group at https://groups.google.com/a/chromium.org/group/chromium-extensions/.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/a8eb584a-0958-46c1-ade7-9638359d16ee%40chromium.org.

Mehul Mohan

unread,
May 28, 2016, 12:46:34 PM5/28/16
to Chromium-Extensions-Announce, mehu...@gmail.com
Okay Antony, I understand what you said there. I coded this extension for my own use, thought that it'd help others, my bad.

Any way I could get access to my account back? Any way you could forward this thread discussion to any employee working in this particular section? I'd take care of whatever you've mentioned there.

It'd be a great help if you could get my account back. And you could probably show them the github repo if that could help in any way.

Thank you once again 
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

Mehul Mohan

unread,
Jun 6, 2016, 12:51:02 PM6/6/16
to Chromium-Extensions-Announce, mehu...@gmail.com
Got my account back

Thank you Antony for your support. Received an email today from Google, my account has been restored. I'll take care of the ToS now. Thanks again.

Cheers!
Mehul

alex quacker

unread,
Feb 28, 2017, 7:35:29 AM2/28/17
to Chromium-Extensions-Announce, mehu...@gmail.com
hi anthony can you help me too i got my account suspended ?
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

Uzay Uzz

unread,
Nov 7, 2019, 10:40:48 AM11/7/19
to Chromium Extensions, mehu...@gmail.com, asar...@chromium.org
Can you please help me? Please

27 Mayıs 2016 Cuma 19:07:13 UTC+3 tarihinde Antony Sargent yazdı:
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

--
You received this message because you are subscribed to the Google Groups "Chromium-Extensions-Announce" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extensions+unsub...@chromium.org.

Anton Bershanskiy

unread,
Nov 7, 2019, 11:34:48 AM11/7/19
to Chromium Extensions, mehu...@gmail.com, asar...@chromium.org
I believe the simplest way to pass Extension review is to package the map of the most frequent redirects into the extension itself and send upload it to the store. That's because URL redirect substitution is just too powerful and there is no easy way to verify the redirect is genuine.

Uzay Uzz

unread,
Nov 7, 2019, 11:37:34 AM11/7/19
to Chromium Extensions, mehu...@gmail.com, asar...@chromium.org
my plugin was released 3 days ago, today it says malware. but no malware. no policy violations. I don't understand what's wrong
my account has been suspended how i can find this problem


Anton Bershanskiy

unread,
Nov 7, 2019, 11:43:05 AM11/7/19
to Chromium Extensions, mehu...@gmail.com, asar...@chromium.org
but no malware. no policy violations.
The problem is, there is no way for Google to verify this.
how i can find this problem
There are two problems:
(1) you send user URLs to a remote server
(2) you navigate user to an arbitrary URL received from a server.

Uzay Uzz

unread,
Nov 7, 2019, 11:43:46 AM11/7/19
to Chromium Extensions, mehu...@gmail.com, asar...@chromium.org

30.jpg


1 day ago everything was fine, I got help. 1 day later, they suspended my account. and say that there is a violation of the policy comes automatic message.

Anton Bershanskiy

unread,
Nov 7, 2019, 11:56:53 AM11/7/19
to Chromium Extensions, mehu...@gmail.com, asar...@chromium.org
You should talk to Google directly by emailing the email on the screenshot. I'd recommend replying to the last email so the support sees they unblocked this extension in the past.
This is a public mailing list for announcements, general feedback and for external developers to talk to each other.

I'm not affiliated with Google, but I understand why they blocked the extension in the first place and I think they violated their own policies by unblocking it. As is, the extension is collecting too much data (URLs) and has unbounded capabilities (redirect to arbitrary URLs received from server.) You can make it comply with the policies by including the map of redirects in the extension itself. FYI, HTTPS Everywhere also has ability to substitute URLs, but it complies with the policies because (1) the scope is limited and (2) the redirect rules are transparent and verifiable.
Reply all
Reply to author
Forward
0 new messages