How to avoid fake Chrome extensions or apps
The Google Chrome Web Store is the place where Chrome users get most of their extensions, and also the place where fake and copied extensions and apps are regularly offered in.
Google has neglected the official Chrome Web Store in past years. The last redesign -- which made the store worse -- dates back to 2011. Worse, because Google decided to put apps front and center in the Chrome Web Store, and remove options for users to list new extensions.
The store has two big issues when it comes to fake apps and extensions, and both can lead to users installing these fake offerings instead of the original extension.
Apps first
The layout of search results on the store displays apps before extensions in the results. Some developers took and take advantage of this by creating applications that target the name of popular extensions.
Since apps are listed first, there is a likelihood that these apps get prime visibility on the store, and since they are displayed in the results before the extension, it is likely that they get installed by many users who use the built-in search functionality to find extensions.
This was a problem last year when apps were listed before the official uBlock Origin listing on the Chrome Web Store, and it is still an issue as of today with one fake application being listed there for months.
A search for Adblock Plus on the Chrome Web Store returned the following results.
The second apps result uses the official Adblock Plus logo, and a name that, with the exception of one additional character, is identical to the official extension name.
Avoid Fake Chrome Extensions
So what can you do to avoid fake Chrome extensions when you are using the official web store?
Whenever you run a search for Chrome extensions, use the "extensions" filter to only display extensions results. This ensures that you will only get extensions in the results and not applications.
There is unfortunately no option to enable the filter permanently. Whenever you open the Chrome Web Store to run searches, you need to enable it again.
That takes care of fake apps that are listed on search results pages, but it won't take care of fake browser extensions that may be returned when you run searches.
While it may be tempting to install the first result right away, it may not always be the original extension.
You need to use the rating and number of users who rated the extension as an indicator. This works well for popular extensions, but won't get you anywhere if the difference is just a couple of ratings, or none at all.
The Chrome Web Store offers no information about the author of an extension besides a name. While you can search for the name to list other extensions by the author, it is often not helpful as well, especially if there are none.
Since there is no author verification process, author names are no legitimacy indicator, and since authors cannot link extensions to websites to validate them, there is little you can do in this regard to find out whether an extension is real or fake.
What you can do is copy the extensions's URL, and search for it on Google or another search engine. The results may reveal a lot about it, including a project or author website, or reviews of it.
Ultimately, there is no 100% way to determine the original extension if there is a fake copy as well, and if both have about the same number of ratings.
Check if you have installed fake apps
To check whether you have installed a fake application instead of an extension, load chrome://apps/ in the browser's address bar.
If you see the name of the extension listed on the page, it is not the right one as you have just confirmed that you have installed an application instead of the extension.
Right-click on the application icon and select "remove from Chrome" to uninstall it.
Now You: What's your take on the Chrome Web Store?
Google Chrome Store is the biggest shit in existence.
They don’t seem to have any rules against spyware, malware, ads or anything. It’s a disgrace.
I tried to find a decent mouse gesture addon for vivaldi and nearly gave up.
At least one thing where Mozilla does the right thing.
Microsoft Store vs Google Store. Who wins (or looses)?
When I want to publish my extension, Google said I need to pay to a fee to make sure my extension is authentic. I’ve already paid for android’s developer fee and published some apps, why Google still need my money to prove my validity?
I decided not to pay the fee and just sideload the extension. But after that Google disabled the ability to install the ‘unofficial’ extension that is not from the store.. And then just recently Google disabled the ability to hide extension icons with reason to protect users from unwanted extensions, so what’s the point of that fee to prove authenticity?
Lucky I’m not using Google Chrome, I’ve switched to Opera for my web development debugging.
The first time I searched for extension in Google Store, it’s like searching ball in mountain of bombs.
In the other hand, the free firefox and opera extension store are really good. Just search ‘adblock plus’, you’ll know which one is the right one and not get cluttered search like Google’s.
TLDR
I never published in Chrome’s extension store, is there no review at all like the android’s store? In Firefox’s you need a reviewer to approve your extension before it goes public.
I agree with the article, however uBlock Origin also seems like a bit of nightmare to recommend to anyone who isn’t techy anyway. Where’s the uBlock Origin official website with product details, official links, etc.? I think even Win32 programs were better than this, because at least you could give someone a HTTPS direct link and they could go straight to the software developers own website. I think App stores lull people into a false sense of security because people [wrongly] assume all the apps have been properly vetted and only legit software will appear there.
It’s not just uBlock Origin, I find App stores just plain sucky full stop. I was looking at (paid for) Oxford foreign language dictionaries the other day and there was no way of knowing whether the dictionary you were buying was legit or not. There were no direct links on their own official website and the publisher was an unknown company I’d never even heard of before. ¯\_(ツ)_/¯
“Where’s the uBlock Origin official website” : https://github.com/gorhill/uBlock
Not just Ublock, type in adblock and there is a ton of extensions too. One of the few time I think that Mozilla’s mandatory review policy is a good idea requiring an actual human to eventually look at the addon cursory or not. There are ways to get around the Mozilla’s review process to add malicious addons from adware to worst, but it seems rare.
In contrast Chrome’s webstore is a cesspool, I had more than one Chrome extension that I was using mysteriously pulled from the store and permanently disabled on my computer and when you click on the former link to the store it just says the addon was either pulled by the author or it violated Google’s policy which doesn’t help. I sent one one the extensions collectively to the AV companies for analysis and I find out it that the reason that addon was pulled was b/c it was phoning home and injecting ads.
It doesn’t help that it seems curating addons for browsers is a very low priority for AV companies, that should be the browser makers job anyways.
How to avoid fake Chrome browser app or extension:
Step 1. Don’t install Chrome.
That’s it. :)
It’s stupid. Where is protection for novice users?
When someone ask about what extension to install I recommend your website. It’s easier than Google search.
Scary.