If you are a Chrome Store developer, this is important and serious. "This is bad for everyone"

349 views
Skip to first unread message

Julio Marin Torres

unread,
May 22, 2020, 11:55:48 AM5/22/20
to Chromium Extensions
Hi Everyone

I see that no one really takes fraudulent installs seriously, but if you are an honest developer who abides by all Chrome Store policies then you clearly will not like this and I warn you not to read it.

Some developers do not meet the standards, we all know that, because the Chrome Store system today allows it, it is that simple and sad.

Some bad guys have been playing around with fraudulent users and fake installs for years because they know that the Chrome Store algorithm is child's play for bad kids. But until when? Until the Chrome Store wants and takes action.

I am going to give you a simple and ridiculous example of an extension that has gone through an approval review:



This extension was updated yesterday (May 21, 2020) and already had +1,000,000 fake active users, zero ratings and it really shows that it uses bad practices, but the automatic approval method or the manual review did absolutely nothing.

case.jpg





That only means one thing, Chrome Store doesn't care.

I will give more information:

Fraudulent installations have become the cancer of the Chrome Store in these years, if something is not done, it is not worth it to invest your time in creating a NEW and beautiful extension for another developer to copy it in 3 days, add 500 false ratings and add 1,000,000 false installations, because the next day it would have surpassed you in the rankings. Why? the Chrome Store algorithm is simple.

If the clone extension suffers a drastic rise in users, it is like a drug for the rankings.

It does not affect the use, authority, ratings and originality of the extension.

The other simple example, look for "Custom cursor" in the Chorme Store and look carefully, you will see that there are 3 copies of that extension and they are positioning in the rankings above the original extension.

It is true that the Chrome Store has announced new measures and says that on August 27, 2020 it wants to toughen the measures against SPAM, well I think that we all think it is excellent! finally some light.

If you want to know more information about the measures, read the changes:


But now the extension approval system is slow, I understand that the Chrome Store team may not have resources and are overwhelmed by COVID-19, sadly we all suffer very hard, but nevertheless, to this day there is no control of this type of practices.

Sadly, this problem still continues and all the developers of extensions that comply with good practices are suffering from these diabolical practices.

Can they really end this problem? I really don't know. I have some hope and maybe we'll see it.

Please, All developers!

If you see an extension that seems clearly suspicious of doing this type of practice, has fraudulent installations or false ratings that do not clearly comply with the Chrome Web Store Content Policies, please report them to remove this type of extensions from the Chrome Store, for that there is the red button " Report abuse. "

Wait?

It would be more appropriate to indicate that you have to search, rather than write and detail the case in a comment.

Idea:


demo.jpg






If we do not complain about this type of extensions with spam practices, they will never do anything, believe me. It affects us all.

If you have any suggestion or comment on this topic, do not hesitate to contribute your ideas so that you can see that we care. Only then will things change.

I just really hope that one day this will change. 

Kos

unread,
May 22, 2020, 12:12:33 PM5/22/20
to Chromium Extensions

Julio Marin Torres

unread,
May 22, 2020, 12:21:49 PM5/22/20
to Chromium Extensions
That's wassup!

See the privacy policy, same developer.

https://chrome.google.com/webstore/detail/omega-adblocker/epeihaofmimamjmejjmagknlboibcnle?hl=es
 
Version1.0UpdatedMarch 11, 2020

26 ratings 

Booooooooooooomm! 

Julio Marin Torres

unread,
May 22, 2020, 12:25:36 PM5/22/20
to Chromium Extensions
 7,000,000+ fake users and 0 ratings

https://chrome.google.com/webstore/detail/mublocker/mpojemphfjhlkjhmnaokdmhepoampmik?hl=en


Version1.0

UpdatedMay 10, 2020

This sucks! 


Julio Marin Torres

unread,
May 23, 2020, 6:29:19 AM5/23/20
to Chromium Extensions
Happy Saturday of bad practices.

Yesterday, same extension "Rainbow Color Picker" an example of bad practices, a day later this extension already has 1,000,000 more fake users.

NOW! 2,000,000 + fake users.

5 days later, maybe this same extension will have more than 7,000,000 fake users.

I think many developers and companies are playing to have more fake users in less time, a million a day.

It's crazy!  


case.jpg



Juan Lugo

unread,
May 23, 2020, 3:18:05 PM5/23/20
to Chromium Extensions
Hey

An interesting topic, I think this has been happening for a long time, I have seen many extensions doing what you say and I think that nobody will do anything.

The chrome extensions are like an orphan child.

Michael Cann

unread,
May 23, 2020, 9:11:39 PM5/23/20
to Chromium Extensions
Ye this has been happening for a long time. TBH someone could write a script that compares users to rating and just report any that have a bad ratio, that would be a good first pass. 

Julio Marin Torres

unread,
May 24, 2020, 6:00:10 AM5/24/20
to Chromium Extensions
Hi Michael
 
I agree with what you say. It is easy to detect all these extensions.
 
Have you noticed that this last time this bad practice has grown a lot? I think this doesn't matter to anyone anymore.
 
SOON! I will launch a daily list with the extensions that have gone up the most in fake installations in the last 24 hours.
 
So everyone will know this problem, if they do not already know it.
 
Cheers!

Sarsaparilla Sunset

unread,
May 24, 2020, 12:26:37 PM5/24/20
to Chromium Extensions
CWS's active-user counter, which really counts the active number of installations, is wonky.  I read somewhere that it is based on how many unique Chrome installations check-in every week that say they have the extension installed.  This is tricky to foolproof, as bad actors with enough knowledge of the mechanism, could fake these reports.

Chrome team probably doesn't care about authentic installations, since the more the better, so there's no way to authenticate an installation.  So the defense has to occur on the server side.  One possibility is restrict by IP address, but that has a problem with NAT, where multiple legit installations maybe sharing an IP address.  Plus it doesn't stop a botnet.

It sucks that there may be no perfect solution here.  Best I can think of is to run a periodic analysis of the user-count curve and flag anomalies for manual review.  This job can be run once a week or even once a month, no big deal.  Even if these fake extensions start accumulating real users, they'll lose all of them when they get taken down.

Julio Marin Torres

unread,
May 24, 2020, 2:51:16 PM5/24/20
to Chromium Extensions
Hi Sarsaparilla 

I know it will be a lot of work for them, they manually investigate and delete, it's that simple.

They have already removed many extensions that do these practices and that go against their Developer Program Policies.

All of those extensions were removed. Look at the topics. 



But there are many more extensions that do the same.

Cheers!
Message has been deleted

Larry Thompson

unread,
May 26, 2020, 7:47:04 AM5/26/20
to Chromium Extensions

Hi!
How do such extensions go through a review? Inarticulate answers. REPAIR REVIEW

суббота, 23 мая 2020 г., 22:18:05 UTC+3 пользователь Juan Lugo написал:
Reply all
Reply to author
Forward
0 new messages