Google Combats Malicious Software With New Chrome Badges
In an effort to reduce confusion and improve user safety, Google has introduced two new Web Store badges: the Featured badge and the Established Publisher badge. Both were implemented last week following a blog post from Chrome’s design manager.
Chrome’s Featured badge appears on extensions and themes that follow Chrome Web Store’s best practices. This is an extensive list of requirements regarding security, user privacy, Google account support, and compatibility with Manifest V3 (the latest version of the Chrome extension platform). Qualifying extensions and themes must store ex-users’ data for at least 30 days in case they accidentally unsubscribed from or uninstalled the software. Google also specifies that publishers hoping to earn a Featured badge must create a store listing page that is “clear and helpful for users, with quality images and a detailed description”—a requirement already listed in the Store’s best practices, but reiterated nonetheless.
The Established Publisher badge is reserved for software made by publishers Google has deemed dependable. In order for a publisher’s extension or theme to obtain this badge, two things must be true: the publisher must have verified their identity, and they must have “established a consistent positive track record with Google services” and with Google’s Developer Program Policy. Under this policy, publishers must not inflate their software’s rating, post inappropriate content, participate in keyword spamming, or engage in a number of other improper (and sometimes illegal) behaviors.
Some think the badges were introduced to help fight a longstanding issue in which bad actors were purchasing existing extensions, then turning them into adware. While this could technically still happen, the Featured and Established Publisher badges ideally will help point Chrome users toward more trustworthy software. Publishers can’t pay their way into having either badge; both are earned once the publisher has submitted a review request, prompting a Google employee to inspect the software.