This post is based on a comment I shared on the chromium-extensions group.

It’s a frustratingly frequent experience for extension developers: you’re going through your customer feedback sent to your contact email address (a CWS requirement) and you come across something like this:

I’m reaching out to you concerning the potential revenue generation from your Chrome Extension, . We are keen on offering our premium product, Bing Hosted Feed, which is a high-quality search solution.

This represents an excellent chance to incorporate a search feature into your Chrome extension, thereby monetizing your users' search activities. With this integration, you stand to earn up to $500 per month for every 1,000 users, paving the way for an extra passive income stream from your extension.

Even if your extension currently lacks a search function, there’s no cause for concern. We are fully prepared to guide you through a straightforward update process to incorporate the search function. This update is fully compliant with Google Chrome store’s guidelines, and should you find it unsatisfactory, you’re always free to revert the changes at any point.

I don’t fault anyone for being tempted by this kind of offer; it’s hard not to be intrigued by solid money in exchange for a seemingly minor integration. But if something seems too good to be true, it probably is. Despite their claims, I’d bet dollars to doughnuts that what they’re doing doesn’t comply with CWS policy. Worse, these services may well end up getting your extension flagged as malware.

Let’s talk about what these kinds of monetization schemes typically ask of developers, look at some relevant Chrome Web Store policies, and see why integrating with them will likely land you in hot water.

What they want

The people behind these emails want to replace the user’s search engine with something that pays them for that traffic.

Why? Because search is very valuable. While it’s hard to find solid numbers on exactly how valuable, Philippe Ockenden, Microsoft’s Corporate Vice President of Finance, said on an investor call that “For every 1 point of share gain in the search advertising market, it’s a $2 billion revenue opportunity for our advertising business.” That’s big money.

More concretely, the people behind these emails typically want the integrating extension to change the user’s default search provider using Settings Overrides. In some cases, though, they may ask developers to expose a search box in the extension’s UI or on websites. A search box would usually be integrated by adding some pre-defined HTML and their JavaScript library into the target page.

They don’t mention this part, but they’re also looking to minimize their own risk at your expense. They know that CWS can only take action against an extension and its developer. So, if the worst happens and the code they asked you to integrate is flagged for malware, your extension will be taken down and your account will be suspended.

Chrome Web Store policies

Roughly 7 months ago Google revamped the CWS Developer Policies around three principals: be safe, be honest, be useful. These simple statements get to the core of what the policies aim to accomplish: enhance the user’s web browsing experience without deception, fraud, mishandling of data, or disregard for the user’s wishes.

I mention that here because search monetization, by its very nature, can be considered a form of browser hijacking. From Wikipedia:

Browser hijacking is a form of unwanted software that modifies a web browser’s settings without a user’s permission, to inject unwanted advertising into the user’s browser. A browser hijacker may replace the existing home page, error page, or search engine with its own.^[1] These are generally used to force hits to a particular website, increasing its advertising revenue.

Let’s walk through some specific policies in order to see how search monetization may put your extension at risk.

Single purpose policy

CWS has long had a “single purpose policy” (SPP) that essentially requires each extension have one well-defined raison d’être. Generally speaking, this means that all of the features an extension exposes must be part of a unifying theme. This policy is currently captured in the Quality Guidelines policies.

One area where SPP enforcement is stricter than average, though, is search. For the purposes of CWS review, changing a user’s default search provider is considered a distinct purpose. In other words, if the search monetization service instructs you to declare a search provider in your extension’s manifest with "is_default": true, that integration is basically guaranteed to violate this policy.

API use

The API Use policies require that developers “use existing Chrome APIs for their designated use case. Use of any other method, for which an API exists, would be considered a violation.” If the extension is exposing a general purpose search box, the extension must use chrome.search.query() (or browser.search.search() in Firefox) to perform the search.

Policies aimed at protecting user privacy

Integrating a search monetization service will likely violate a couple of the policies grouped under Protecting User Privacy.

The Limited Use policies requires that user data only be accessed/collected for purposes directly tied to the extension’s purpose. Any data collected must be limited “to the extent required for a user-facing feature described prominently in the Product’s Chrome Web Store page and in the Product’s user interface.”

Similarly, the Disclosure Requirements policies state that extensions must disclose the data they handle (collect, use, or share) and, if necessary, get informed user consent for that handling.

While one might argue that the extension isn’t collecting search data, it directly facilitates sending user data to a 3rd party service which may collect the user’s data for advertising purposes. That data would not have been collected but for the fact that the user had the extension installed. At best, that’s aiding and abetting – not a great defense to use when trying to get back into good standing.

Finally, the Misleading or Unexpected Behavior policies clearly state that extensions must not “misrepresent the functionality of your product or include non-obvious functionality that doesn’t serve the primary purpose of the product.”

Let’s make this a bit more concrete with an example. Say you had an extension that exposed a search field that looked and mostly behaved like a standard search box in your browser. Now say that when you executed a search using that box, the results page was on a website you weren’t used to seeing. I think it would be fair to say that the search box didn’t behave as expected.

A compliant example

At the moment, I can only imagine one situation where it would be appropriate for an extension to execute a search without using the default search provider: if the extension is exposing specialized search capabilities related to its single purpose.

For example, let’s say there is an extension designed to help users find, collect, reference, and site academic papers. This extension could expose a search box that lets users search through the academic databases and industry journals they are signed into. This type of search is directly related to the extension’s primary purpose, makes sense in context, respects the user’s preferences, and does not introduce new privacy concerns.

Wrap up

Trying to monetize an extension by sending search traffic to a non-standard search provider is, at best, risky business. Browser hijacking is a serious threat to users and anything that looks like it has a very real risk of being classified as malware.

My advice: steer clear of offers to monetize your extension via search revenue sharing.

Chrome Web Store policy allows ads in extensions, but can Google’s ad products be used in browser extensions? Let’s dig through some policy docs to find out.

Someone posted a question in the chromium-extensions Google Group a couple weeks ago asking whether they were allowed to use Google Ads in browser extensions. When I last looked into this I worked on the Chrome Extensions team and the short answer was “you can’t use Google’s ad services, but you can use other services if the policies of those services allow it.”

Since then my relationship with this question has changed. Google and I have parted ways, I began building my extension dev consultancy, and I’m looking for other revenue streams to diversify my income. In other words, this question is more relevant to me than ever before. So, let’s see if we can’t get a hard answer.

In this post we’ll be taking a look at a few different Google policy sites and seeing what (if anything) they have to say about browser extensions.

Chrome Web Store policies

Let’s start by reviewing the Chrome Web Store’s Program Policies. The Ads policies basically says that extensions can display ads as long as they conform to some specific requirements. One of those requirements immediately raises a red flag when it comes to inegrating Google ads.

3. Currently, AdSense may not be used to serve ads in Products, per AdSense policies.

If you do a web search for a set of terms like chrome extension google ads you’ll probably see posts on StackOverflow where people quote this and throw up their hands. But this in itself isn’t a prohibition; it’s an attempt to summarize someone else’s prohibition. Let’s see if we can’t track down a primary source for this.

AdSense Program policies

Following AdSense Policies link takes us to the AdSense Program policies page page. The first thing I do when trying to quickly grok something like this is search the page for relevant terms. The word “extension” doesn’t appear anywhere on the this page and the word “browser” only appears twice. Looks like i’ll actually have to dig into the text and try to divine the spirit of their meaning.

I’ll spare you the blow-by-blow analysis and I’ll summarize most of this page is just absolutely hammering home that Google really don’t want publishers (the site showing ads) to do an ad fraud. Beyond that, there are only a couple of passages related to the question we’re trying to answer.

Ad placement

Publishers are encouraged to experiment with a variety of placements and ad formats. However, AdSense code may not be placed in inappropriate places such as pop-ups, emails or software. Publishers must also adhere to the policies for each product used. Please see our ad placement policies article for more information.

The second sentence in this passage describes “software” as an inappropriate place to display AdSense ads. That’s a pretty broad category, but writ large they appear to be saying that AdSense may only be used to monetize websites. To drive that point home they continue:

Google ads, search boxes or search results may not be:

• Integrated into a software application (does not apply to AdMob) of any kind, including toolbars.

The use of “including toolbars” here is interesting. As previously mentioned, this document doesn’t use the word “extension,” so this (dated) reference to Internet Explorer toolbars is about as close as we’ll get and their stance seems clear.

But to drive the point home, let’s follow that “ad placement policies” link from the first quotation and see what they have to say.

Ads in a software application

Publishers are not permitted to distribute Google ads or AdSense for search boxes through software applications including, but not limited to toolbars, browser extensions, and desktop applications. AdSense code may only be implemented on web-based pages and approved WebView technologies.

That’s about as explicit a prohibition as I could imagine. But, I should note that the first paragraph of page explicitly identifies the page as covering “Adsense ad placement policies.” That’s critical because didn’t shut the door on Google Ads in extensions: there’s an AdMob-shaped escape hatch we can look into.

AdMob’s Behavioral policies

AdMob is governed by the AdSense program policies, but with some additional exceptions and guidance for this specific product. On a side note, I don’t know why they decided to name the page that provides that guidance “Behavioral policies” rather than something like “AdMob product policies” but, well, there it is.

Exceptions to AdSense policie

In principle, all AdMob publishers must follow our online program policies, however there are certain policies that differ between AdSense and AdMob. Please see the exceptions below.

“Ad placement” presented a problem in the AdSense policies, so what does AdMob policy say?

Ad placement

Publishers are encouraged to experiment with a variety of placements and ad formats, but must comply with the Google Publisher Policies. Please also review our implementation guidance.

AdSense Implementation guidance

The Implementation guidance page doesn’t contain any explicit mention of extensions/toolbars or other language similar to what we saw before about not allowing ads in certain types of software. It does, however, contain the following guidance:

Integrate the latest SDK

It’s important to always stay updated with the latest SDK (for Android, iOS), which will give you access to the latest ad formats, features, and bug fixes.

This passage is interesting because it implies that SDK integration is important without explicitly saying it’s required.

So, is it required? Let’s see what the AdSesne and AdMob policy pages have to say. The AdMob policy page references the this SDK and the fact that it’s used to serve personalized ads:

Personalized advertising

Google may use the advertising ID from the device on which the ad is serving to generate interests and demographics (for example, ‘sports enthusiasts’). Interests, demographics, and other data may be used to serve better targeted ads to the user. Additionally, your app’s privacy policy may need to be updated to reflect the use of personalized advertising (formerly known as interest-based advertising) served via the Google Mobile Ads SDK.

Again, this does not explicitly say that the SDK must be used, but that fact is heavily implied.

The smoking gun appears on the AdSense Program policies page in the “Technical requirements for web content viewing frames for apps” section.

1. WebView API for Ads
   App developers are encouraged to integrate the WebView API for Ads to register WebView instances (Android: WebView, iOS: WKWebView) with Google Mobile Ads SDK.

   […]

   AdMob and Ad Manager in-app ads may be shown in an app next to a WebView as long as the Google Mobile Ads SDK is in use and the publisher is compliant with all other relevant program policies and guidelines.

I read this section as saying that developers MUST use the Google Mobile Ads SDK to manage AdMob and Ad Manager ads. There’s only one problem: Google doesn’t provide a JavaScript SDK. They have Android, iOS, and Flutter SDKs.

Well … shucks.

Wrap up

We ran through a bunch of different Google Ads policy documents to try to figure out whether or not browser extension developers can integrate Google Ads in their products. Here’s what we found:

• AdSense
  • Forbidden from appearing in browser extensions (source).
• AdMob
  • Policy does not forbid these ads from appearing in extensions.
  • Ads must be handled by the Google Mobile Ads SDK.
  • There is no JavaScript version of this SDK.

Given all that, it looks like there’s currently no policy-compliant way to display Google Ads in a browser extension. This could change if either (a) Google allowed extensions to use AsSense or (b) Google provided either a WebExtension SDK or a JavaScript SDK.