Readable code for Review, but obfuscated for users

[Ilia P]

Hello,

As far as I understand, the code should not be obfuscated when sending an extension to Chrome Store so that the review team could check it. But why do you make it open for users also? I don't want my competitors to just take my code. Why don't you obfuscate it after review?

So maybe I can let the Google team to view my code, but I certainly don't want it to be stolen by my competitors.

[Stefan Van Damme]

Hi there,

A Chrome extension is built with HTML, JavaScript, and CSS. And obfuscate is not allowed in the Chrome Web Store.

Quote:

|| Today over 70% of malicious and policy violating extensions that we block from Chrome Web Store contain obfuscated code. At the same time, because obfuscation is mainly used to conceal code functionality, it adds a great deal of complexity to our review process. This is no longer acceptable given the aforementioned review process changes. 

Source: https://blog.chromium.org/2018/10/trustworthy-chrome-extensions-by-default.html

However, you can copyright your Chrome extension code. That is by putting a piece of copyright information on top of your JavaScript and inserting the license file into your ZIP file (Chrome extension). And if you see a similar Chrome extension in the Chrome Web Store with the use of your copyright code, you can request a DMCA. And Google's legal team will remove that Chrome extension.

Thanks,

Stefan vd

[Ilia Is Here]

It seems that you didn't get what I meant. I mean that if Google allows sending NOT obfuscated code, but have a checkbox "Obfuscate after review before publishing", then Google will make sure, that the extension doesn't have any dangerous code, because they see the readable source code, but competitors won't be able to still it, because Google (Chrome Store) will obfuscate it after the review.

среда, 1 февраля 2023 г. в 18:01:43 UTC+5, stefa...@gmail.com:

[Stefan Van Damme]

Hi there,

I do understand your feature request on the Chrome Web Store. It is good feedback from you. But if you read the blog post, there are some disadvantages in obscuring the code (= what Google Chrome team said):

"Obfuscation techniques also come with hefty performance costs such as slower execution and increased file and memory footprints."

Source: https://blog.chromium.org/2018/10/trustworthy-chrome-extensions-by-default.html

And all users/developers can also reverse engineer the obscuring code and see the source again.

Thanks,

Stefan vd

[wOxxOm]

Obfuscation is often confused with minification. Obfuscation may include minification as well, but it's an entirely different thing, indeed used mostly by malicious code the web store is entirely correct in not allowing it.

That said, the idea of supplying the non-minified source code for reviewers is a good one, it's what Mozilla's addon store does, and actually requires for any minified extensions.