Privacy Policy and Transparency
- Prior to installation, an extension must disclose its Privacy Policy, name, source, key features and functionality, specifically including disclosure of any system or browser settings impacted by the extension.
- Prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use. And, if possible, must include a link of its EULA or Terms (Terms of Service).
- If your extension contains security functionality, such as anti-virus, anti-malware, or other security-related features, then it must post a privacy policy that, explain what user data your extension collects and transmits, how it’s used, and the types of parties with whom it’s shared.
-
If your extension handles financial or payment information or government identification numbers, then it must never publicly disclose any personal or sensitive user data related to financial or payment activities or any government identification numbers.
Misleading and Malicious Extension
- An Extension features and functionalities must match the description and link presented on the overview.
- An extension is considered as malicious if it asks more data collection from the user, especially asking for credit cards, camera, contact information, location, which is not relevant to its functionality.
- An extension is not allowed to steal data, secretly monitor or harm users, or are otherwise malicious.
- Extensions that link to or facilitate the distribution or installation of malicious software and exploit security vulnerabilities.
- Viruses, trojan horses, malware, spyware, load unsafe scripts or any other malicious software.
Deceptive Browser Settings Changes
- Extension must not change browser or system settings without explicit user consent.
- Default search provider.
- Browser homepage, start page or new tab page.
- Extension should not limit the user’s ability to view or modify browser settings or extensions either directly or by another extension to which the user gave consent to change browser setting.