Item rejected as Malware what is the actual signal?
5 views
Skip to first unread message
Klyra
2:41 AM (2 hours ago) 2:41 AM
to Chromium Extensions
Item ID: neknfaddjhokmoajmhadjikdlieknmbk
Routing ID: FZSL
Hi all,
Posting here because I'm stuck. The item was rejected as
malicious, both appeals declined with the standard "we can't
disclose details" + "will not be reinstated" response. I'm
not asking for a reversal I get that the decision is final.
I'm trying to understand what the actual signal was, because
I genuinely can't tell.
Some context: roughly 8,300 weekly users, 2 years in the
store. Cross-posting tool for small businesses — real-estate
agents posting their own listings into groups they're already
members of.
Between the appeals I went through the codebase and stripped
out everything I thought might have been the trigger:
- removed `debugger` permission entirely. no chrome.debugger
calls anywhere
- removed `identity` permission
- removed everything that touched browser state no
visibilityState overrides, no SW-keep-alive tricks.
scheduling moved to `chrome.alarms` only
- narrowed `host_permissions` from <all_urls> down to
`*.facebook.com` plus our own auth domain
- tightened DNR rules to only the specific FB endpoints we
actually need. no Origin manipulation, no broad header
rewriting
- privacy policy updated, local-only data handling fully
disclosed
Both versions before and after the changes got the same
malware classification. That's the part I can't make sense of.
My actual question, and the reason I'm posting publicly:
Is the malicious-products classification signal-based
(specific permissions / code patterns / network behavior),
or is it category-based (the type of automation, regardless
of how cleanly the implementation is)?
If it's signal-based, I'd love a hint about which signal I'm
still hitting. I'll remove more.
If it's category-based, I'd rather know and walk away cleanly
than keep trying versions that all land the same way.
"We can't comment publicly" is also a useful answer. The only
outcome I can't act on is the silence.
Thanks.
Routing ID: FZSL
Hi all,
Posting here because I'm stuck. The item was rejected as
malicious, both appeals declined with the standard "we can't
disclose details" + "will not be reinstated" response. I'm
not asking for a reversal I get that the decision is final.
I'm trying to understand what the actual signal was, because
I genuinely can't tell.
Some context: roughly 8,300 weekly users, 2 years in the
store. Cross-posting tool for small businesses — real-estate
agents posting their own listings into groups they're already
members of.
Between the appeals I went through the codebase and stripped
out everything I thought might have been the trigger:
- removed `debugger` permission entirely. no chrome.debugger
calls anywhere
- removed `identity` permission
- removed everything that touched browser state no
visibilityState overrides, no SW-keep-alive tricks.
scheduling moved to `chrome.alarms` only
- narrowed `host_permissions` from <all_urls> down to
`*.facebook.com` plus our own auth domain
- tightened DNR rules to only the specific FB endpoints we
actually need. no Origin manipulation, no broad header
rewriting
- privacy policy updated, local-only data handling fully
disclosed
Both versions before and after the changes got the same
malware classification. That's the part I can't make sense of.
My actual question, and the reason I'm posting publicly:
Is the malicious-products classification signal-based
(specific permissions / code patterns / network behavior),
or is it category-based (the type of automation, regardless
of how cleanly the implementation is)?
If it's signal-based, I'd love a hint about which signal I'm
still hitting. I'll remove more.
If it's category-based, I'd rather know and walk away cleanly
than keep trying versions that all land the same way.
"We can't comment publicly" is also a useful answer. The only
outcome I can't act on is the silence.
Thanks.
Reply all
Reply to author
Forward
0 new messages