- Prior to the collection and transmission, it must prominently highlight how the user data will be used and have the user provide affirmative consent for such use. And, if possible, must include a link of its EULA or Terms (Terms of Service).
If your extension handles financial or payment information or government identification numbers, then it must never publicly disclose any personal or sensitive user data related to financial or payment activities or any government identification numbers.
Misleading and Malicious Extension
- An Extension features and functionalities must match the description and link presented on the overview.
- An extension is considered as malicious if it asks more data collection from the user, especially asking for credit cards, camera, contact information, location, which is not relevant to its functionality.
- An extension is not allowed to steal data, secretly monitor or harm users, or are otherwise malicious.
- Extensions that link to or facilitate the distribution or installation of malicious software and exploit security vulnerabilities.
- Viruses, trojan horses, malware, spyware, load unsafe scripts or any other malicious software.
Deceptive Browser Settings Changes
- Extension must not change browser or system settings without explicit user consent.
Extension should not limit the user’s ability to view or modify browser settings or extensions either directly or by another extension to which the user gave consent to change browser setting.
- Default search provider.
- Browser homepage, start page or new tab page.