Duh, why doesn't Google check the extensions before letting them into the store?
Ditto the Android Play store.
I'm not a huge Apple fan, but this is one thing Apple have done well.
Google has ousted 49 Chrome extensions from its Chrome Web Store because they contained malicious code, a ritual that should be familiar after a decade of purges. The latest set of bad browser add-ons, identified by researchers from security shop MyCrypto and PhishFort, targeted cryptocurrency services and users in an effort …
Apple's review procedures remind me of the security gates at Disney World or Universal. At first glance the bag search appears to be there to stop people bringing weapons into the park which it legitimately might do on occasion. But their main purpose is to stop people bringing their own food or drink in and depriving the park of revenue. Same for Apple.
Apple don't review the app's source code, it reviews the binary and subjects it to a test. If it passes the test it is accepted. Given that an app could be hundreds of thousands of lines of code it would be relatively trivial to hide something that passes this test and still does something malicious in the future.
Likewise with extensions. Anything malicious could be obfuscated. It would be better to monitor the behaviour of the extension in the wild, or a simulated wilderness and see what it does.
"Apple don't review the app's source code, it reviews the binary and subjects it to a test."
I agree with what you're saying - yet Apple seems to have way less malignant software in their app store. Google should have equal muscles to vet the binaries, dontcha think?
Play Store seems to have way more cruft and crappy game clones than App Store, but does Apple actually have equal percentage of malware in total, and they just silently take out the garbage? IDK.
I hope they triple double check the super tracking apps they are making for virus monitoring. That is going to have a huge amount of data thieves would love to access. Almost like they are enabling,,,, well "what good is a hero if you don't have villains'". ohhh that could be googs new motto, at least for the play store.