Hot on HuffPost Tech:

See More Stories
Engadget for the iPhone: download the app now
AOL Tech

How Chrome Extension Gallery domain verification will help protect users

Yesterday, Google announced on the Chromium blog that they were introducing two changes affecting the Chrome Extensions Gallery: a $5 registration fee for new developers, and domain verification. The measures are designed to provide a level of quality assurance and security which was previously lacking.

Domain verification is the big security addition. If you read our posts on how to install Chrome Web Apps right now, you might have seen part of Google's plan in action already. For example, if you tried to install the Google Reader app from our server by simply clicking it with your left mouse button, you would see the dialog above: "Apps must be served from the host that they affect."

That provides a very simple but effective defense against malicious apps. Worried that a Gmail app might steal your credentials or log your conversations? No problem -- unless the app is served up from Gmail itself Chrome won't let you install it.

It's not perfect, obviously. The apps on our post could be installed anyway by simply right-clicking, choosing save as, and dragging the app from your download bar back into the main Chrome window. To the average user, however, that's probably complex enough to be a deterrent. Pair this with Google's new domain verification stamp, and you've got a decent way to assure users they're installing safe apps from a trusted source.

Every little bit helps when it comes to security, and I can certainly see domain verification being something even my least technical friends and family can understand -- and appreciate.

Tags: chrome, chromium, extension, gallery, google, security

Comments

4