Developers must not obfuscate code or conceal functionality of their extension

[Lead Leaper]

We recently attempted to publish an extension in an unlisted chrome store intended for limited access and encountered a rejection notification that stated:

"Developers must not obfuscate code or conceal functionality of their extension. This also applies to any external code or resource fetched by the extension package."

However, we do not employ code obfuscation which we believe is of no value and we're not attempting to conceal functionality.  

We minimize our code employing jscompress (https://jscompress.com) which employs UglifyJS which appears to be what Google recommends.

Regarding external files, we limit ourselves to a standard minimized copy of jQuery.   Regarding external resources, they are limited to html and JSON text.  No javascript is loaded remotely.

We responded to the notification with a request for clarification regarding what file or code was considered obfuscated, but as yet, no reply.

At present, we're stumped as to how to proceed since we obviously cannot un-obfuscate code that isn't obfuscated.

Constructive suggestions would be much appreciated.   Thanks!

[Pedro Abreu]

I'm experiencing the exact same issue. Also with no response from the support team for several days, even after several follow ups.

https://groups.google.com/a/chromium.org/forum/#!topic/chromium-extensions/u0tzR5QNbqs

As I've said in my post, I've tried a bunch of different ways to try and figure out what could be the issue, with no luck. This is blocking all releases on our end since I'm not sure if it will affect future public app extension releases

[Lead Leaper]

Follow-up:

We re-named nearly all our function and variable names to be more descriptive, ensured that the jQuery code that we reference is un-obfuscated and un-minimized source code, employed Google's online compiler to remove ONLY white space from our source code and then submitted all code in pretty-print format; only to once again be rejected for obfuscated code.

We then re-submitted after removing all references to font awesome files and our eCommerce vendor; but were still rejected for the same reason.

In hopes of identifying what code or functionality Google finds objectionable, we removed nearly all of our content-script-related code to determine if the problem was related to content-script and re-submitted; but our submittal was immediately flagged for "compliance review"; presumably because we have been repeatedly rejected?

Our only objective is to comply with all Google policies, but we are at a loss as to how to do so if we cannot identify the issue.   ANY help would be MUCH appreciated.   Thanks.

Greg.

[Lead Leaper]

An update reflecting our recent experience:

Following a number of rejections, we successfully published our extension.   The following is a short summary of our experience.

If the reason for a rejection is not obvious, responding to the rejection notice with a request for clarification is definitely worthwhile.   In our experience, Google both quickly responds and the response often provides valuable insight into what triggered the rejection; including, in one instance, not only the file that contained the issue, but even the line of code within the file.   Note that, as reflected in our original posting, our initial request for clarification was unsuccessful.  However this was because Google was initially employing a no-reply email address when sending rejections, but Google has since corrected that issue.

Each of our rejections was associated with "code obfuscation"; which initially proved puzzling since our code was not only not obfuscated, but it employed descriptive function and variable names and was submitted in pretty-print format.  However, following a request for clarification, the reason was much more obvious.   We were remotely loading external javascript; both that associated with our eCommerce vendor and with Google's "Sign in with Google" functionality.

We have since repeatedly published our extension successfully; in each occurrence within a day and oftentimes in under one hour.

On Monday, August 12, 2019 at 3:52:40 PM UTC-7, Lead Leaper wrote: