WHY?? Chrome Web Store: Removal notification for Chat For Trello

[Michael Cann]

Hi, 

One of our popular extensions was taken down recently with no warning and no changes having been made in months to warrant it.

The email said:

Your item did not comply with the following section of our Programme policies:
'User Data Privacy'
Your product violates the 'Use of Permissions' section of the policy, which requires that you:

• Request access to the narrowest permissions necessary to implement your product’s features or services.

• If more than one permission could be used to implement a feature, you must request those with the least access to data or functionality.

• Don't attempt to 'future proof' your product by requesting a permission that might benefit services or features that have not yet been implemented.

I spent some time looking into this and couldnt see exactly where I was violating this, so I wrote back with:

Hi, 

I have just found time to investigate this issue and I cant see where I could ask for narrow permissions.

 

This is what my extension asks for: 

"permissions": [
"storage",
"webRequest",
"*://trello.com/*",
"notifications",
"identity",
"https://www.googleapis.com/"
]

 

storage - needed for storing state
webRequest - needed to intercept trello's web requests so I can update the state in my extension
*://trello.com/* - so my extension's content script runs on trello
notifications - allows popping up notifications that theres a new messages for the user
identity - the extension offers payments, this is necessary for that
https://www.googleapis.com/  -  needed for the the payments mentioned above

 

So please explain to me what permissions I am requesting that arent necessary?

So as the above email mentions, I need each one of those permissions, I cannot reduce them in any way without making the extension non-functional.

The reply I received was:

Upon review of your Product,'Chat For Trello' with ID: lmhjnehakebobgfdlfcoejppgbjhnfcl
we find that it does not comply with the Chrome Web Store’s User Data Policy, and it has been removed from the store.
  Your Product violates the “Use of Permissions” section of the policy, which requires that you:

..etc basically the exact same email :( :(

So can a non-robot perhaps Simeon Vincent please explain what we need to do to get past this clearly automated system and get our popular extension back in the store?!

Cheers,

Mike

[Michael Cann]

This is the full manifest incase you wanted to see it:

{

    "key":

        "<REDACTED FOR SECURITY>",

    "manifest_version": 2,

    "name": "Chat For Trello",

    "description": "Adds chat functionality to Trello",

    "version": "2.5.1",

    "icons": {

        "16": "images/logo-16x16.png",

        "48": "images/logo-48x48.png",

        "128": "images/logo-128x128.png"

    },

    "browser_action": {

        "default_icon": "images/logo-128x128.png",

        "default_popup": "browseraction.html"

    },

    "background": {

        "page": "background.html"

    },

    "options_page": "settings.html",

    "content_scripts": [

        {

            "run_at": "document_start",

            "matches": ["https://trello.com/*", "http://trello.com/*"],

            "js": ["libs/websocket-wrapper/injector.js"]

        },

        {

            "matches": ["https://trello.com/*", "http://trello.com/*"],

            "js": ["contentScript-bundle.js"],

            "css": ["css/ChatForTrello.css"]

        }

    ],

    "web_accessible_resources": [

        "libs/semantic-ui/semantic.content-script.css",

        "libs/semantic-ui/icons.svg",

        "libs/semantic-ui/icons.eot",

        "libs/semantic-ui/icons.ttf",

        "libs/semantic-ui/icons.woff",

        "libs/semantic-ui/icons.woff2",

        "images/logo-16x16-outline.png",

        "images/logo-16x16-outline-active.png",

        "images/logo-16x16.png",

        "images/logo-16x16-inverted.png"

    ],

    "permissions": [

        "storage",

        "webRequest",

        "*://trello.com/*",

        "notifications",

        "identity",

        "https://www.googleapis.com/"

    ],

    "oauth2": {

        "client_id": "<REDACTED FOR SECURITY>",

        "scopes": [

            "https://www.googleapis.com/auth/userinfo.email",

            "https://www.googleapis.com/auth/chromewebstore.readonly"

        ]

    },

    "content_security_policy": "script-src 'self' http://localhost:35729; object-src 'self'"

}

[Kartik Watwani]

Do you have a working privacy policy link added in your developer dashboard?
A week or two back I changed the link to the privacy policy but forgot to update it in the developer dashboard so my extension was taken down. I updated the link and replied back to the email I received and also uploaded newer version of the extension and the problem was solved in one day.

Get BlueMail for Android

[Michael Cann]

Yep just checked, privacy policy all looks good

[Michael Cann]

@simeon, can you offer and advice here?

[Simeon Vincent]

Apologies for the delay, things have been rather busy around these parts.

Looks like the extension requires the "webRequest" permission but doesn't appear to use it. There are references to "WebRequestInterceptorHandler" and such but the actual chrome.webRequest API isn't referenced by any of the bundled extension code.

Cheers,

Simeon - @dotproto

Extensions Developer Advocate

[Michael Cann]

Hi Simeon,

No worries on the busy front I understand. 

You are quite right that I wasnt using that permission. It turns I was using it in a bit of code that I must have taken out at some point as it is no longer gets compiled in. So when I went through and reviewed my source I did a find for the permission usage and saw it being used, its just that used code doesnt get compiled in during the build step, whoops!

I appreciate you taking the time to go through that for me, I have submitted a new build to the store now so fingers crossed. 

I would suggest however that the automated email you send out be a little more descriptive over what exactly the issue is rather than a blanked "User Data Privacy" violation, that would help us get to the bottom of the issue and not have to waste time bothering you here on these forums.

Cheers,

Mike

[Expert Chrome Extensions Developer]

Hello All

Yes suddenly for last 2-3 months , our 4-5 well known  extentions have a tough time getting approved from google. They do get approved but we have to do multiple followups. This is current case where our clients are extemely angry now and we dont know whom to contact and all we get from google is always templated reply rather than specifying exact issue.

Please help. i have posted a question here as well - https://support.google.com/chrome/a/thread/29107304?hl=en