Scam for Search Feature Integration?

[Mike-O]

Got this email where a third party wants to integrate their search feature with our Chrome extension. Is this a scam? And does it violate any Google policy? Email came from hai...@techadsologys.net.

QUOTE

I'm reaching out to you concerning the potential revenue generation from your Chrome Extension, Web Ad Blocker. We are keen on offering our premium product, Bing Hosted Feed, which is a high-quality search solution.

This represents an excellent chance to incorporate a search feature into your Chrome extension, thereby monetising your users' search activities. With this integration, you stand to earn up to $500 per month for every 1,000 users, paving the way for an extra passive income stream from your extension.

Even if your extension currently lacks a search function, there's no cause for concern. We are fully prepared to guide you through a straightforward update process to incorporate the search function. This update is fully compliant with Google Chrome store's guidelines, and should you find it unsatisfactory, you're always free to revert the changes at any point.
END QUOTE

[Simeon Velichkov]

The moment CWS made the developer contact email mandatory I got so many of these that I created a separated label in my email account just for my own amusement. Currently I have 51 such emails there but I think over time some of them got into the spam folder because of other people flagging them most likely. Also after migrating to manifest v3 they basically gave up or whatever else happened in that regard. If you take a look at any of the domain names that they use you will notice that all of them got created in the past month or so even if they claim that they are in the business for the past 10 years ..

[Simeon Vincent]

TL;DR: might not be a "scam," but it's almost certainly a policy violation.

IMO it’s extremely unlikely that integrating a service like this would be compliant with CWS policy & enforcement. There are a couple of angles here to consider.

1. Single purpose policy

CWS has long had a “single purpose policy” that prohibits extensions from fulfilling multiple purposes. This is currently captured in the Quality Guidelines policy. Changing a user’s default search provider is considered a distinct purpose, so if they ask developers to change chrome_settings_overrides.search_provider that integration basically guaranteed to be in violation.

2. API Use

The API Use policy requires that developers "use existing Chrome APIs for their designated use case. Use of any other method, for which an API exists, would be considered a violation."  If the extension is exposing a general purpose search box, the extension is required to use chrome.search.query() to perform the search using the user’s selected search engine. 

The only situation I can see where it would be appropriate to perform a search using a different search provider is if the extension is exposing specialized search capabilities. For example, say I was developing an extension that helped users find, collect, reference, and cite academic papers. In that case, my extension could expose a search interface that enables users to search through academic journals and databases. In situations like this, I'd still encourage developers to clearly communicate to the user that a non-default provider will be used when performing the search. 

3. User data handling

Integrating a search service like this likely violates a couple of the policies grouped under Protecting User Privacy. 

Limited Use requires that user data only be accessed/collected for purposes directly tied to your extension’s purpose. Any data collected must be limited “to the extent required for a user-facing feature described prominently in the Product's Chrome Web Store page and in the Product's user interface.” See also Disclosure Requirements. 

If an extension exposed a search field that looked and seemed to behave like a standard search box, but took me to a different provider, I'd probably consider that to be Misleading or Unexpected Behavior. 

Ultimately extension developers are responsible for any code their extensions execute. I'd recommend being extremely cautious of any 3rd party offering money in exchange for access to user data.

Simeon - @dotproto

incremental.software

--
You received this message because you are subscribed to the Google Groups "Chromium Extensions" group.
To unsubscribe from this group and stop receiving emails from it, send an email to chromium-extens...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/chromium-extensions/bba0f708-b23b-45b4-b75c-143a9c30771an%40chromium.org.

[Juraj M.]

These shady offers are pretty common, I receive at least one like this every week.

And I've just moved this specific one to spam only moments ago :D

[Simeon Vincent]

Their FAQ has some pretty big red flags. For example:

How easy is it to put search into my extensions?
The process is very straight forward and we will send you full instructions on how to get up and running.

Pro tip: be cautious of any tech service that doesn't publicly document how to integrate with them. They have something to hide. 

Simeon - @dotproto

incremental.software

[hrg...@gmail.com]

More info about those emails here:

https://groups.google.com/a/chromium.org/g/chromium-extensions/c/Gi2wfbHR0_o/m/XpUKyrtjBgAJ

They are the same people over and over again. They keep changing their email addresses, but the content of their emails give them away.