How to share a packed Chrome Extension without publishing? - google-chrome

I have seen other answers here, such as this.
But nowadays, you cannot simply drag an extension to the browser and expect it to work. Google does not allow you to activate it, showing a message "not downloaded from chrome store"
Now, I really don't want to publish anything. It's a personal extension for me and friends! How can I workaround this limitation?

You could publish to testers.
I know you said you didn't want to publish anything but it only shows up to google accounts you have listed at testers.

You really only have two options:
Distribute the crx and have them run in developer mode.
List the extension on the Chrome store.
It sounds like #1 is a problem for you (as it is for most). If you go with option #2, you can list the extension privately, so it isn't listed in the Chrome store.
For context, Google is not doing this to hold people back. Most of the browsers have tightened up these methods to prevent abuse. From Google's perspective, they cannnot differentiate between your friendly use case, and a hacker using an extension to place malware. If it's published through the store, they can scan for malware.

Related

How To Privately Test A Chrome Extension Disabled Because It Is Not Listed In The Chrome Web Store

I have written a simple Chrome extension and tested it using developer mode to load the unpacked extension. It works as expected this way.
Because the extension uses storage.sync API, I would like to undertake further testing with installations of the extension as published in the Chrome Web Store.
The Developer Dashboard for Chrome Web Store provides an option to publish to trusted users only:
Only trusted testers from your developer dashboard can see it.
You can also include members of a Google Group that you own or manage.
When I publish this way the trusted testers listed for my dashboard can reach the extension and install it from the Chrome Web Store. However, the extension is always disabled upon starting Chrome:
This extension is not listed in the Chrome Web Store and may have been added without your knowledge. Learn more
We, my testers and I, have not been able to find any way to enable an extension disabled by Chrome. Is there one? If not, the entire exercise of an "unlisted" publication mode for testing seems pointless.
The only work around I've found to this situation so far is to set the extension to "unlisted" rather than "published to testers" from the Chrome developer dashboard.
This is not at all satisfying, but did allow some real world testing in an unobtrusive way.

How can i share my google chrome extensions with people without upload on chrome web store

I have developed a google extension and i want to share it with people without uploading it on chrome web store and without letting people to know about the content code of the extension.
What shall i do ???
You can't. The only way you can let people have your Chrome Extension without uploading it to Web Store, is by sending them a .zip file, that they unpack and load in chrome://extensions.
I don't see why you won't want people to know about the content of the extension, and why you won't just upload it to the Web Store.
There is no possible way, except the way Toke Raabjerg mentioned. (Involving developer mode)
Besides this, there is an option to upload the Extension and not list it on the store. With this option only people with the direct link can download your Extension.

How to trust an extension in Google Chrome without the Web Store?

For internal use in my department I wrote a Chrome extension. It works fine in developer mode and I delivered it to my colleagues by e-mail attaching the .crx-file. They opened chrome://extensions and drag-and-drop it there. The message
drop to install extension
appeared, Chrome installed the extension and it works like a charm.
Nevertheless, on the very first restart of Chrome, a message appears that Chrome deactivates an unsupported extension.
A link to the help page Extensions disabled by Chrome is added to the message, and states:
To protect you while you browse, Chrome only lets you use extensions that have been published on the Chrome Web Store.
While I understand the reason, is there any other way a user can explicitly tell Chrome an extension is safe? Some effort is acceptable as publishing the extension to the webstore is not.
I have no administrative access, so no changes to registry nor active directory are possible.
As noted, you need Active Directory level policies to whitelist / auto-install extensions. See Policy List.
Chrome will use many defense mechanisms to detect and fight other trickery. The stance is simple: anything an unprivileged user can do any other software can do to implant malware.
However, you should consider publishing in CWS.
This can be done unlisted; unless someone has the listing link, the extension won't be discoverable.
This approach will present a risk of a leak of the link, but with your current delivery mechanism crx can leak as well; in general, copy-protecting extensions is basically infeasible.
This can be done with enforced control over accounts; you can publish to a Google Group of "trusted testers", who will be the only ones to see the listing.
Won't work if you're not allowed to sign into your Google accounts in Chrome.
This can be published with enforcing access only to your domain's users - if you use GApps for your work.
All of the above might not work if your extension is somehow questionable by CWS policies; if you can't publish for this exact reason, and can't use AD policies, I'm afraid you're SOL.
There isn't a way without domain level management to make this work. You can't just have the user "say" it is safe, since the user "saying" something could very well be the attacker. Any mechanism put in place to get around this would simply be used by attackers and unthoughtful companies to add more junk into your browser.

Chrome extensions: where did gradual release feature go to?

On Google Developer dashboard for chrome extensions, there used to be a checkbox to enable "gradual release" when editing an extension. You could then pick a number (for example: 5%) and this enabled you as an extension developer to first push a new version only to a select amount of users in order to "feel the pulse" before publishing the extension to everyone.
I have just notices that this feature no longer exists in developer dashboard. Did Google decide to cancel it or something like that, or am I missing it somehow? Anyone knows why they took it out?
I'm on the Chrome team and have been informed that your extension needs to have more than 10K users for this feature to be made available.

Chrome extension or chrome app?

I would like to create an extension or app for the Chrome browser which would require access to a user's Google Calender (for creating new appointments).
I am unsure of which technology to better research and use, Chrome extensions or apps. My "app" wouldn't need much of a GUI, so I'm leaning towards extension — but I don't know if this would pose any difficulties for accessing a user's Google Calender to add an event.
Anyone one have any idea which technology is best for this situation, and why? Thanks!
Either, or... Go with an extension if you'd like.
I assume you've looked at the API reference?
https://developers.google.com/google-apps/calendar/
From there, I'd imagine you'd just need OAuth to authenticate the user. Here's the JS library:
https://code.google.com/p/google-api-javascript-client/
There are pros/cons of each types, apps or extensions.
Apps
If you would like to create a client application of Google Calendar which has many rich GUI components, this type will become a better solution.
In addition, Chrome apps can communicate with many hardware devices and other servers. Of course, your Chrome app can become as a server (that is, your app can open a server socket and accept a request from other client apps).
Chrome apps can be executed not depending on your Chrome Web browser. That is, Chrome apps cannot access to a context of your Chrome Web browser.
Probably, you don't want to get the pros above, I guess...
Extensions
If you would like to create a small UI for posting your schedule to Google Calendar, this type will become a better solution.
In addition, Chrome extensions can access to a context of your Chrome Web browser. That is, your extension can get page contents of each tab and inject your CSS and/or JS code. For example, your extension will get a URL of some opened tab and include it in a body of the posted schedule.
Chrome extensions completely depend on your Chrome Web browser. That is, your extension cannot execute independently.
Also, generally, high cost will be needed to develop Chrome apps than Chrome extensions. As the result, you should choose Chrome extensions, I believe.