Google removes two sneaky Chrome extensions for serving up ad spam

Google has stayed true to its word and begun removing Chrome browser extensions that violate its terms of service, in particular by serving users with additional unwanted ads. According to the Wall Street Journal, the search giant yesterday removed two Chrome extensions from its Web Store, namely “Add to Feedly” and “Tweet this Page”, after they were found to contain code that caused unwanted ads to appear.

The two extensions were said to have been ‘silently’ updated recently, causing those who had installed them to see more pop-up ads than before. This intrusion led to dozens of users taking to message boards to complain about the advertising bombardment.

Neither of the extensions were that ‘popular’, with less than 100,000 users each. Even so, both were considered to have been abusing Google’s Terms of Service. As a rule, the web giant likes to distance itself from governing its web app stores, instead favoring user reviews as a way of sorting out the bad from the good. But even with this relatively open approach, Google still doesn’t want people to take advantage, which is why it introduced a policy change last month which said that toolbars and extensions needed to have a “single purpose that is clear to users”.

“Do not create an extension that requires users to accept bundles of unrelated functionality, such as an email notifier and a news headline aggregator. If two pieces of functionality are clearly separate, they should be put into two different extensions, and users should have the ability to install and uninstall them separately,” Google wrote in its updated Chrome Web Store developer policies.

“For example, functionality that displays product ratings and reviews, but also injects ads into web pages, should not be bundled into a single extension.”

In the case of “Add to Feedly” and “Tweet this Page”, it seems that the developers of both extensions sold them to third-parties who immediately updated them, causing them to start spewing out pop-up ads at an alarming rate.

Amit Agrawal, who developed the “Add to Feedly” extension, told of his regret about selling the extension in a blog post on Thursday. Within hours of the extension being sold, it was filled to the brim with “invisible ads that work the background and replace links on every website that you visit into affiliate links.”

The tactic is a simple one – while the extension’s ratings plummeted amid negative reviews from new users, existing users would never know that it was the extension causing all of those new ads to appear, as all updates take place automatically, in the background.

Google isn’t alone in facing this problem. Firefox ad-ons are also vulnerable to this kind of tactic, although we’ve yet to see any highly publicized cases. As for Google, kudos to it for removing these two extensions as soon as it was alerted to their privacy violations. Even so, this little episode serves as a sharp reminded that its possible for just about any kind of software to be subverted for the right amount of money, hence we should all remain vigilant.

About Mike Wheatley

Mike loves to talk about Big Data, the Internet of Things, Hacktivists and hacking, but he also hates Google and can never resist having a quick dig at them should the opportunity arise :) Got a REAL news story or tip? Email Mike@SiliconANGLE.com.