How Chrome Extension Gallery domain verification will help protect users

Filed under: ,

Yesterday, Google announced on the Chromium blog that they were introducing two changes affecting the Chrome Extensions Gallery: a $5 registration fee for new developers, and domain verification. The measures are designed to provide a level of quality assurance and security which was previously lacking.

Domain verification is the big security addition. If you read our posts on how to install Chrome Web Apps right now, you might have seen part of Google’s plan in action already. For example, if you tried to install the Google Reader app from our server by simply clicking it with your left mouse button, you would see the dialog above: “Apps must be served from the host that they affect.”

That provides a very simple but effective defense against malicious apps. Worried that a Gmail app might steal your credentials or log your conversations? No problem — unless the app is served up from Gmail itself Chrome won’t let you install it.

It’s not perfect, obviously. The apps on our post could be installed anyway by simply right-clicking, choosing save as, and dragging the app from your download bar back into the main Chrome window. To the average user, however, that’s probably complex enough to be a deterrent. Pair this with Google’s new domain verification stamp, and you’ve got a decent way to assure users they’re installing safe apps from a trusted source.

Every little bit helps when it comes to security, and I can certainly see domain verification being something even my least technical friends and family can understand — and appreciate.

How Chrome Extension Gallery domain verification will help protect users originally appeared on Download Squad on Fri, 20 Aug 2010 11:00:00 EST. Please see our terms for use of feeds.

Read | Permalink | Email this | Comments


This entry was posted in Uncategorized. Bookmark the permalink.

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s