Item rejected as Malware what is the actual signal?
124 views
Skip to first unread message
Klyra
Apr 27, 2026, 2:41:46 AMApr 27
to Chromium Extensions
Item ID: neknfaddjhokmoajmhadjikdlieknmbk
Routing ID: FZSL
Hi all,
Posting here because I'm stuck. The item was rejected as
malicious, both appeals declined with the standard "we can't
disclose details" + "will not be reinstated" response. I'm
not asking for a reversal I get that the decision is final.
I'm trying to understand what the actual signal was, because
I genuinely can't tell.
Some context: roughly 8,300 weekly users, 2 years in the
store. Cross-posting tool for small businesses — real-estate
agents posting their own listings into groups they're already
members of.
Between the appeals I went through the codebase and stripped
out everything I thought might have been the trigger:
- removed `debugger` permission entirely. no chrome.debugger
calls anywhere
- removed `identity` permission
- removed everything that touched browser state no
visibilityState overrides, no SW-keep-alive tricks.
scheduling moved to `chrome.alarms` only
- narrowed `host_permissions` from <all_urls> down to
`*.facebook.com` plus our own auth domain
- tightened DNR rules to only the specific FB endpoints we
actually need. no Origin manipulation, no broad header
rewriting
- privacy policy updated, local-only data handling fully
disclosed
Both versions before and after the changes got the same
malware classification. That's the part I can't make sense of.
My actual question, and the reason I'm posting publicly:
Is the malicious-products classification signal-based
(specific permissions / code patterns / network behavior),
or is it category-based (the type of automation, regardless
of how cleanly the implementation is)?
If it's signal-based, I'd love a hint about which signal I'm
still hitting. I'll remove more.
If it's category-based, I'd rather know and walk away cleanly
than keep trying versions that all land the same way.
"We can't comment publicly" is also a useful answer. The only
outcome I can't act on is the silence.
Thanks.
Routing ID: FZSL
Hi all,
Posting here because I'm stuck. The item was rejected as
malicious, both appeals declined with the standard "we can't
disclose details" + "will not be reinstated" response. I'm
not asking for a reversal I get that the decision is final.
I'm trying to understand what the actual signal was, because
I genuinely can't tell.
Some context: roughly 8,300 weekly users, 2 years in the
store. Cross-posting tool for small businesses — real-estate
agents posting their own listings into groups they're already
members of.
Between the appeals I went through the codebase and stripped
out everything I thought might have been the trigger:
- removed `debugger` permission entirely. no chrome.debugger
calls anywhere
- removed `identity` permission
- removed everything that touched browser state no
visibilityState overrides, no SW-keep-alive tricks.
scheduling moved to `chrome.alarms` only
- narrowed `host_permissions` from <all_urls> down to
`*.facebook.com` plus our own auth domain
- tightened DNR rules to only the specific FB endpoints we
actually need. no Origin manipulation, no broad header
rewriting
- privacy policy updated, local-only data handling fully
disclosed
Both versions before and after the changes got the same
malware classification. That's the part I can't make sense of.
My actual question, and the reason I'm posting publicly:
Is the malicious-products classification signal-based
(specific permissions / code patterns / network behavior),
or is it category-based (the type of automation, regardless
of how cleanly the implementation is)?
If it's signal-based, I'd love a hint about which signal I'm
still hitting. I'll remove more.
If it's category-based, I'd rather know and walk away cleanly
than keep trying versions that all land the same way.
"We can't comment publicly" is also a useful answer. The only
outcome I can't act on is the silence.
Thanks.
John H. Mitander
Apr 28, 2026, 8:29:22 AMApr 28
to Chromium Extensions, Klyra
When removing half the codebase doesn’t change the outcome, it’s probably not the code that’s the problem.
Klyra
Apr 29, 2026, 2:30:43 PMApr 29
to Chromium Extensions, Klyra
Hi everyone,
I really appreciate the responses so far. I am reaching out because this situation is deeply affecting my business and my ability to serve my users.
I want to emphasize that any issues in the code were entirely unintentional and made in good faith. I have always strived to build a helpful tool for small business owners, and I am more than willing to fix any remaining 'signal' or technical concern immediately if I could only get a hint of what it is.
If anyone from the team could provide even a minor guidance, it would mean the world to me and my 8,000+ users.
Thank you for your time and help
Reply all
Reply to author
Forward
0 new messages