It seems likely to me that it's impossible to have an extension system that allows useful extensions that users want while also being completely secure against malicious actors. Security by obscurity is an important tool in the abuse fighting toolbox, because it allows you to have cheap heuristics while increasing the costs for malicious actors.
Not really, because malicious actors don't care about their reputations, accounts, etc.
A reputable developer has a reputation to maintain (by definition), which makes Google's threat to permaban them a threat indeed.
A disreputable developer doesn't care about their reputation (again, by definition). They can create a new throwaway account every day and apply using the same (or slightly, easily, altered) code with different permissions every hour until they get permabanned, and start again tomorrow.
So the "obscurity" can be discovered easily through experimentation by the bad guys, but is still obscure for the good guys. This is not a good outcome.
The point is making it more expensive for malicious actors. You can't make it impossible to get malicious extensions in, but you can make it harder. It's the same as captchas. You can also defeat captchas, but adding them reduces abuse a lot. As with captchas you're making it harder for good actors too. The difficult part is finding a good balance.
> The point is making it more expensive for malicious actors.
Malicious actors don't care about expenses nearly as much as benign ones do. So the point ought to be, if you want me to fix something, tell me what's broken.
Except that in this case, it's misplaced, and causing benign actors far more pain than malicious actors. If they want to hurt malicious developers, they need to flag extensions as untrustworthy for:
1. age < 180 days
2. dau < 1000
3. some rule around user reports of malice on uninstall?
and this gets a bright warning banner on the top of the page, and it can't be discovered through the chrome store until crossing these thresholds.
But this is not email, where literally everybody can send things. Raise up the barrier at submission level - where you must be authenticated - to get rid of automated trial/error attempts, I bet they can.
But when an extension/developer is there, when it has a long history in the store and used by 1M users, hey, give some human feedback. It won't break your automated anti-spam/scam rules.
