Google yanks Chrome extensions serving ads
By Shona Ghosh
Posted on 20 Jan 2014 at 10:57
Google has pulled two Chrome browser extensions after they began spamming users with ads, breaching the company's policy.
The company has removed "Add to Feedly" and "Tweet This Page" from the Chrome web store after users complained that both extensions silently served them ads while using the browser.
Add to Feedly allowed users to add any RSS feed on the web page they were browsing to the Feedly reader. The second extension allowed users to share pages to Twitter.
Both were originally built by independent developers and sold off to third parties after amassing thousands of users.
The new owners then quietly introduced updates which meant the extensions began serving ads without asking the user's permission - resulting in lower user ratings and complaints.
Using a Chrome extension to inject more ads into web pages is against Google's policies, but appears to be difficult to police.
Extensions can update in the background and, in some cases, introduce new features without asking the user's permission. It can also be difficult to connect the dots between an influx of ads and a malicious extension.
The developer behind Add to Feedly, Amit Agarwal, sold his extension off after being offered "four figures".
But he found the extension had been subsequently updated to alter normal links to affiliate links. "In simple English, if the extension is activated in Chrome, it will inject adware into all web pages," he said.
Agarwal said it had been a "mistake" to sell Add to Feedly, and apologised to the extension's existing users.
Meanwhile, Tweet this Page began hijacking Google web searches after being sold, according to an Ars Technica report.
Buying up users
Several other developers have come forward claiming to have been courted by data-focused buyers.
The developer of discount service Honey, George Ruan, said malware vendors, adware developers and data collection companies had all been interested in his company's user base. The Chrome extension has almost 270,000 users.
"[One] data collection company did throw a dollar figure our way. It's over six figures a month," he said. He added that doing anything "shady" would kill user trust.
Google has yet to issue any advice on avoiding malicious extensions, though it's possible to end the problem simply by removing the add-on.
Is your business a social business? For helpful info and tips visit our hub.
No checking on updates by Google?
Worrying that Google does not check the extension updates before they are released. These extensions were caught because they spammed the users with ads. What if this wasn’t ads? What if the extensions were changed to do something more malicious? Google would not know and the users may not know. They are creating a new ecosystem but failing to monitor it.
Android already has a reputation of being more unsafe than iOS with dodgy apps. Now Chrome extensions are heading that way as well. It shouldn’t just be “Do no evil”. It also be “Prevent others from doing evil”.
By wlm42 on 21 Jan 2014
- What's on this week's PC Pro podcast?
- iPhone 6 release date, specs/features and rumours: when is the new iPhone 6 coming out in the UK
- Still on Windows XP? There's now an unofficial service pack
- It's on: Apple announces 9 September event for the iPad, iWatch and iPhone 6... maybe
- 1,500 fake apps kicked off Windows Store
- 20 years of PC Pro: our best covers
- Why we've closed the PC Pro forums
- How to turn off Google Location Tracking
- 20 years of PC Pro: our greatest review mistakes
- 20 years of PC Pro: our first A-List
- Wikipedia's "right to be forgotten" protest hits the wrong note
- 3D printing hits the high street for plastic selfies
- 20 years of PC Pro: What amazed us in our first issue
- How Google Glass ruined my lunch hour
- Smartphone battery packs: can a USB power pack beat the festival battery blues?
- How to sell more ebooks on Amazon
- 10 ways to make your business more secure
- Top five VoIP mistakes
- How to add in-app purchasing to an iPhone, Android or Windows app
- Remote-control ransomware: TeamViewer and software hardball
- Why laptops with serial ports matter to the Internet of Things
- Make your mobile battery last longer
- Small steps into handling Big Data
- Nexus 5: does it really run stock Android?
- How to get broadband to a garden office