Extension removal due "obfuscation".

[Chris Zalcman]

Hello,
We have received a notice from CWS about the extension removal.

Violation reference ID: Red Titanium = Obfuscation
Having obfuscated code in the package.
Code snippet: dsw250.js:
"kb = 17723232E5 > V ? !0 : !1, lb = /Win/.test(Y.platform), z = k(9) + "www." + k(1) + k(0) + "/", mb = k(9) + "chromewebstore." + k(2) + k(0) + "/detail/" + k(5),"
How to rectify: Replace the obfuscated code with human-readable code and resubmit the item.

The packaging was more than a year ago (july 2024) and everything was fine, when suddenly we receive a notification about obfuscation and extension removal.
We've been using Google's Closure compiler for over five years and haven't had any issues on CWS yet.

The code in dsw250.js is not obfuscated, and this is clearly stated in the file header.  
// Minified by Google Closure Compiler 20221102

We simply placed frequently used strings (for example, "https") into an array and then get sentences by combining strings from the array. This is not obfuscation.
jb=".com chromeactions google microsoft clients2 abjcfabbhafbcdfjoecdgepllmpfceif update2 service https:// api64 .html".split(" "),k=function(a){return jb[a]}

Please help us to resolve this false violation.

[Chris Zalcman]

Extension ID:  abjcfabbhafbcdfjoecdgepllmpfceif
Please help resolve the false violation.

[Tom D]

You are not alone, there must be countless other devs out there facing the same situation. Ever since I rolled back my extension for the first time, I've been stuck in CWS review hell for the past 6 months or so. It's highly frustrating because the code is obviously mangled, but they come back saying it's "obfuscated" and hard for humans to read. There's not much you can do when the sky is blue and the other person tells you the sky is gray x_x.

[Chris Zalcman]

Yes, we are on the CWS from the beginning 2009, but starting from 2020 constant unfounded accusations against us. 

On the other side we are members of the European Commission on IT issues, if Google continue to nitpick, we'll be filing a group complaint 

against Google for putting pressure on developers.

[Tom D]

After my countless back & forth with CWS review team, I've observed the following:

1. They use a code scanner that appears to stop after the first couple violations, so you won't get a full list of all the violations, which is what contributes to the time-consuming submit-reject-appeal-reject-refactor vicious cycle (CWS review hell).

2. Even though they allow minification with mangling option, there are undocumented asterisks attached. So far I've gathered the following:

* You cannot assign strings to variables if it produces code that's "hard for humans to read". A concrete example they gave is `ua('readableString')` = allowed code and `ua(xA)` = not allowed. This suggests they generally frown on mangled variables used as function arguments when calling the function.

* You cannot mangle native properties such as "innerHTML" in `menu.innerHTML` --> `bz[Lt]`.

3. You'll also likely get rejected if the messages.json file contains strings that are not user-facing, which means you can't stuff it with URLs and other things that belong in code.

Google is under tremendous pressure to get their malware problem under control, so I get the intent of these draconian measures. However, what seems to be lost is this irony: by forcing all extensions to have human-readable code, it only makes it easier for bad actors to steal the codes and introduce more malware to the internet. WASM might help in the future, but I'm not holding my breath.

Looking at the big picture, I think Google has a lot of other issues they need to resolve with the CWS (e.g., see https://palant.info/2025/01/13/chrome-web-store-is-a-mess/). In order to get out of CWS review hell, we're planning to undo all of our optimizations and move as much code to the cloud as possible so we get some control back.