Are Chrome Web Store rules not applied equally to all extensions?
Toan Le Van
About a month ago, I introduced a small optional charity-related modal to my Chrome extension. It appears only on checkout pages of Amazon, Aliexpress, and Booking. The modal gives users three clear choices: donate to charity, support the extension, or simply close the window. If a user selects one of the donation options, a separate tab opens with an affiliate link and closes automatically after 15 seconds.
This feature successfully passed the initial review, and I did not receive any warnings or notifications about policy violations.
I believe that this behavior complies with the Chrome Web Store affiliate policy: https://developer.chrome.com/docs/webstore/program-policies/affiliate-ads, and the successful moderation further reinforced my confidence in this.
For additional context, the idea for this type of optional window came from another extension I personally use - WebHighlights, which implements a similar approach.
What happened
A week ago, I submitted a new version of the extension.
The update included only locale (translation) file changes - no functional modifications.
The update passed review normally, but about 24 hours after it went live, I received a notification that my extension had been taken down. Shortly after that, my entire developer account was banned.
There were no warnings, no previous compliance notices, and no information about which policy might have been violated.
I submitted a support request, explained the situation in detail, and included all the code that had been added. However, the response I received stated that my extension is considered malware, without any explanation or details about what specifically triggered this decision.
You can view the full code here - it contains no obfuscation, no hidden logic, and no behaviors that could be interpreted as malicious. Every affiliate-related action occurs only with the user’s explicit choice and consent. Before implementing this modal, I even contacted Chrome support to clarify how to correctly follow the affiliate ads policy. The response I received stated that it is not possible to get feedback or clarification from the review team, and that the only way to verify compliance is to submit the extension for review - which I did.
My question
Are Chrome Web Store rules not applied equally to all extensions?
Web Highlights is still available, even though it uses the same approach, and I also found that the TripAdvisor extension uses a similar charity-style modal as both Web Highlights and my extension.
Or are there any additional requirements or permissions that I may have overlooked?
I would really appreciate a comment from a Chrome Web Store representative!
Because at this point, the situation is very confusing. It seems that the same rules are enforced differently depending on the extension, and what is allowed for one developer becomes a violation for another.
But the even bigger issue is that the review team does not seem willing to look into individual cases. It looks like the easiest option for them is simply to label something as a security risk and avoid giving any explanation. As a result, developers have no way to understand what actually happened, and the review team holds all the decision-making power without providing any clarity.
This lack of transparency creates an environment where decisions can feel arbitrary, and in some cases, this can lead to the review team unintentionally or intentionally misusing their position.
James
Toan Le Van
Hi everyone, Couple of days ago I finally received a response from Chrome Web Store support:
Hello Developer,
Thank you for reaching out to us. We apologize for the inconvenience caused to you in this matter. Upon subsequent review, we found that your item with ID: gpdfpljioapjogbnlpmganakfjcemifk and name: Quick Translate is compliant with our Content Policies. Unfortunately, we cannot approve a submission that has been rejected.
Hence, kindly re-submit your extension on the developer dashboard.
We value your contributions to the Chrome Web Store and look forward to working with you.
Thanks,
Chrome Web Store Developer Support
I honestly did not expect to receive any reply at this point, especially one like this. And to be completely honest, I am fairly certain that without this public forum post, I might not have received any response at all.
After publishing this post, I also received private messages from other developers who shared that they had faced very similar situations: their extensions were removed and their developer accounts were suspended without any prior warning, without clear explanations, and without obvious policy violations. This strongly suggests that my case is not an isolated incident, but part of a broader systemic problem.
The additional review confirmed that the extension does not violate Chrome Web Store policies. In theory, justice prevailed. But in practice, the damage had already been done.
The reputation of the extension has been irreversibly destroyed. After the takedown notice labeling it as malware, it is extremely unlikely that users would ever trust and reinstall it again. According to Chrome Web Store statistics, 99% of users disabled the extension, and a large portion removed it entirely immediately after the warning popup appeared stating that the extension contained malware.
I also want to note that this extension was part of my personal portfolio as a web developer. Being publicly flagged as malware inevitably affected my professional reputation as well.
At this point, the conclusion is hard to ignore: a single reviewer’s mistake - without warnings, or a chance for dialogue - led to the complete destruction of a legitimate extension.
Even though Chrome later acknowledged that no policies were violated, there is no mechanism to restore trust, reputation, or visibility. The damage is permanent, while responsibility for the error appears to be nonexistent.
I would really like a Chrome Web Store representative to pay attention to this post.
I have seen that Oliver actively replies to other threads here, but so far has chosen not to comment on this one. I fully understand that Oliver is most likely not part of the review or enforcement team. Still, it would be greatly appreciated if someone could bring this issue to the attention of the appropriate and responsible team.
This is no longer just about my extension. Based on the messages I received, this issue affects multiple developers.
I would also like to ask other developers who have encountered similar situations not to contact me privately, but instead to share their experience publicly in this thread. Only open discussion can demonstrate that this is not an isolated case, and only public visibility can help highlight a systemic problem that clearly needs to be addressed.
Thank you to everyone who took the time to read this and to those willing to share their experience.
For additional context, I want to explain how this process actually looked from my side.
I submitted the appeal form on December 1st. From that point on, every response I received said the same thing: We examined your extensions in detail before concluding it as malicious. Any request to explain what exactly led to this conclusion was answered with “we cannot provide details for security reasons.”
The whole process from the takedown and account suspension to the eventual restoration took about one and a half months. Those six weeks were more than enough to completely destroy the extension’s reputation. It took less than one day to label it as malware and show a warning to all users.
This situation could have been avoided with a simple warning or a clarification request during review. Instead, the extension was publicly declared malicious first, and only weeks later I received an apology stating that it actually complies with the policies.