Add-ons/Reviewers/Guide/Review Decision: Difference between revisions

Jump to navigation Jump to search

Add-ons/Reviewers/Guide/Review Decision (view source)

Revision as of 13:09, 17 December 2021

2,323 bytes added ,  17 December 2021
Policy Updates 2021
(→‎Content Policy: Fix trademark rejection cells)
(Policy Updates 2021)
Line 1: Line 1:
= Review Decision Guidelines =
= Review Decision Guidelines =


This page provides guidance to support reviewers in making consistent review decisions based on our [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews Review Policies]. In addition, it explains how to best communicate with the developer when conducting add-on reviews. It is a supplement to our [[Add-ons/Reviewers/Guide/Reviewing|Reviewer Guide]].
This page provides guidance to support reviewers in making consistent review decisions based on our [https://extensionworkshop.com/documentation/publish/add-on-policies/ Review Policies]. In addition, it explains how to best communicate with the developer when conducting add-on reviews. It is a supplement to our [[Add-ons/Reviewers/Guide/Reviewing|Reviewer Guide]].


== Completing the Review ==
== Completing the Review ==
Line 34: Line 34:


=== Reviewer Replies ===
=== Reviewer Replies ===
With a reviewer reply, you can convey information to the developer. You can use this action to answer questions the developer may have about your review. All communication between developers and reviewers is captured on the review history page.  
With a reviewer reply, you can convey information to the developer. You can use this action to answer questions the developer may have about your review. All communication between developers and reviewers is captured on the review history page.


If you need the developer to take action, please make use of a delayed rejection instead. Doing so makes sure the correct email template is used and AMO knows to remind us when the developer has not responded to the request.
If you need the developer to take action, please make use of a delayed rejection instead. Doing so makes sure the correct email template is used and AMO knows to remind us when the developer has not responded to the request.
Line 59: Line 59:


In case of a rejection, developers may have questions on how to best resolve the policy issues, or if they have trouble understanding the message. Similar to the delayed rejection, please answer in a timely manner using the reviewer reply feature.
In case of a rejection, developers may have questions on how to best resolve the policy issues, or if they have trouble understanding the message. Similar to the delayed rejection, please answer in a timely manner using the reviewer reply feature.
=== Multiple Categories of Issues ===
If you find multiple issues within the add-on where there are both delayed and immediate rejections, you may reject the add-on immediately. Please make sure to clearly separate information needed to complete the review from rejection reasons. An example on how this can be done is shown above.


=== Super-Review ===
=== Super-Review ===
Line 67: Line 70:


In such cases, you should contact the admin team via email at amo-admins [at] mozilla [dot] com. You can find more examples on when to escalate later on this page.
In such cases, you should contact the admin team via email at amo-admins [at] mozilla [dot] com. You can find more examples on when to escalate later on this page.
=== Multiple Categories of Issues ===
If you find multiple issues within the add-on where there are both delayed and immediate rejections, you may reject the add-on immediately. Please make sure to clearly separate information needed to complete the review from rejection reasons. An example on how this can be done is shown above.
If you find either a case warranting a super-review or an escalation combined with other issues, you can leave the issues you have found as a comment, noting the review is incomplete (e.g. lead with “Before requesting super-review, I have found the following issues that may be useful to complete the review”)


== Examples ==
== Examples ==
Line 78: Line 76:
=== No Surprises ===
=== No Surprises ===


{| class="wikitable"
{| class="wikitable" style="width: 100%"
! Example !! Verdict
|-
! scope="col" | Example
! scope="col" style="width: 10.5em" | Verdict
|-
|-
| The add-on sends all visited URLs to a third party service without adhering to the [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#No_Surprises no surprises requirements]. || Reject Immediately
| The add-on sends all visited URLs to a third party service without adhering to the [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#No_Surprises no surprises requirements]. || Reject Immediately
Line 101: Line 101:
The content review policies are detailed in separate guidelines. Here are a few select examples for the content policy:
The content review policies are detailed in separate guidelines. Here are a few select examples for the content policy:


{| class="wikitable"
{| class="wikitable" style="width: 100%"
|-
|-
! Example !! Verdict
! scope="col" | Example
! scope="col" style="width: 10.5em" | Verdict
|-
|-
| Sexual Content: An add-on contains obscene or pornographic images in the icon, screenshots, or anywhere within the add-on UI. || Reject Immediately
| Sexual Content: An add-on contains obscene or pornographic images in the icon, screenshots, or anywhere within the add-on UI. || Reject Immediately
Line 111: Line 112:
| Hate Speech: The add-on listing or UI  attacks a person or group based on the attributes described in the [https://www.mozilla.org/en-US/about/legal/acceptable-use/ acceptable use policy].<br /><br />If you are unsure certain phrasing is acceptable or not, please contact an admin. || Reject Immediately
| Hate Speech: The add-on listing or UI  attacks a person or group based on the attributes described in the [https://www.mozilla.org/en-US/about/legal/acceptable-use/ acceptable use policy].<br /><br />If you are unsure certain phrasing is acceptable or not, please contact an admin. || Reject Immediately
|-
|-
| Spam: The add-on clearly has the sole purpose of linking to a product or website and at the same time does not offer any functionality (e.g. “WATCH THISMOVIE ONLINE”). || Reject Immediately
| Spam: The add-on clearly has the sole purpose of linking to a product or website and at the same time does not offer any functionality (e.g. “WATCH THIS MOVIE ONLINE”). || Reject Immediately
|-
|-
| Spam: The listing contains a large amount of words and links unrelated to the add-on’s functionality clearly intending to increase SEO rating. || Reject Immediately
| Spam: The listing contains a large amount of words and links unrelated to the add-on’s functionality clearly intending to increase SEO rating. || Reject Immediately
Line 123: Line 124:
| The add-on only functions within a closed environment, such as only for employees of a specific company (“internal or private use”). <br/><br/> If the add-on has just been submitted to AMO, rejecting immediately is acceptable. Otherwise, delaying the rejection gives developers time to migrate their services to point to the new self-hosted location. || Delayed Reject
| The add-on only functions within a closed environment, such as only for employees of a specific company (“internal or private use”). <br/><br/> If the add-on has just been submitted to AMO, rejecting immediately is acceptable. Otherwise, delaying the rejection gives developers time to migrate their services to point to the new self-hosted location. || Delayed Reject
|-
|-
| Users can only sign up to the service using a “contact us” link on the website. There is no apparent web sign-up process.<br /><br />(Note that especially on sites with foreign languages, maybe you just missed it. Best to ask the developer to provide information on how a user would sign up. If they can’t provide the information or confirm there is no web sign-up process, the add-on can be rejected). || Delayed Reject
| Users can only sign up to the service using a “contact us” link on the website. There is no apparent web sign-up process (“only accessible to a closed user group”).<br /><br />(Note that especially on sites with foreign languages, maybe you just missed it. Best to ask the developer to provide information on how a user would sign up. If they can’t provide the information or confirm there is no web sign-up process, the add-on can be rejected). || Delayed Reject
|-
|-
| The add-on is clearly a fork of another add-on, while not providing a significant difference in functionality or code. (This should be a joint decision, we want to make sure not to block creativity by being too strict on “significant difference”) || Request Super Review
| The add-on is clearly a fork of another add-on, while not providing a significant difference in functionality or code. (This should be a joint decision, we want to make sure not to block creativity by being too strict on “significant difference”) || Request Super Review
|-
|-
| The add-on listing is well described, but requires knowledge of the specific system being used in combination with the add-on. || Approve
| The add-on listing is well described, but requires knowledge of the specific system being used in combination with the add-on. || Approve
|-
| The add-on advertises functionality as part of the extension, that is provided completely by a website or third party application. The add-on merely opens the website. || Reject Immediately
|-
| The add-on advertises itself as a companion for a website or third party application, and offers functionality to provide data to the website. The main functionality is provided by the add-on. || Approve
|}
|}


=== Submission Guidelines ===
=== Submission Guidelines ===


{| class="wikitable"
{| class="wikitable" style="width: 100%"
|-
|-
! Example !! Verdict
! scope="col" | Example
! scope="col" style="width: 10.5em" | Verdict
|-
|-
| The add-on requires use of an external service that is only available with login credentials, and the developer has not provided them. || Delayed Reject
| The add-on requires use of an external service that is only available with login credentials, and the developer has not provided them. || Delayed Reject
|-
|-
| The add-on contains obfuscated code (as opposed to minified code). <br /><br/>(Please see the [https://developer.mozilla.org/docs/Mozilla/Add-ons/Source_Code_Submission#Use_of_obfuscated_code Source Code Submission] page on how to differentiate obfuscated and minified code. Not everything that is unreadable is obfuscated.)  
| The add-on contains obfuscated code (as opposed to minified code). <br /><br/>(Please see the [https://developer.mozilla.org/docs/Mozilla/Add-ons/Source_Code_Submission#Use_of_obfuscated_code Source Code Submission] page on how to differentiate obfuscated and minified code. Not everything that is unreadable is obfuscated.)
| Reject Immediately
| Reject Immediately
|-
|-
Line 150: Line 156:
=== Development Practices ===
=== Development Practices ===


{| class="wikitable"
{| class="wikitable" style="width: 100%"
|-
|-
! Example !! Verdict
! scope="col" | Example
! scope="col" style="width: 10.5em" | Verdict
|-
|-
| The add-on requests additional permissions that are not required for the add-on to function. The developer argues they will need them in a future update. || Delayed Reject
| The add-on requests additional permissions that are not required for the add-on to function. The developer argues they will need them in a future update. || Delayed Reject
|-
|-
| The add-on loads and executes remote code. || Reject Immediately
| The add-on loads and executes remote code.<br/><br/>If there is reason to believe the add-on is intentionally loading remote code, please escalate to a block. || Reject Immediately or Escalate
|-
|-
| The add-on uses a http channel to exchange sensitive information such as user credentials. || Reject Immediately
| The add-on uses a http channel to exchange information, while it is possible for the developer to use https.<br/><br/>If the developer has control over the remote infrastructure and can enable servers to use https, you can reject as they need to take this step. If the choice of http is outside of the developers hands, you may approve. || Reject Immediately
|-
| The add-on makes use of http as a result of the user entering an url that uses http.<br/><br/>Note: If such URLs can be upgraded to https, the developer should make reasonable effort to inform the user about an insecure connection and attempt to upgrade to https. || Delayed Reject
|-
|-
| The add-on contains a large amount of duplicate files, or files not loaded by the add-on. || Delayed Reject
| The add-on contains a large amount of duplicate files, or files not loaded by the add-on. || Delayed Reject
Line 164: Line 173:
| There is a ''noticeable'' impact on performance, for example opening a new tab takes very long because the new tab page is very resource-intensive. || Reject Immediately
| There is a ''noticeable'' impact on performance, for example opening a new tab takes very long because the new tab page is very resource-intensive. || Reject Immediately
|-
|-
| The developer has not provided links to third party libraries, the links do not point to the original maintainer’s website, the library does not match the original checksum from the developer.<br /><br /> The developer should be asked to provide the link where they received the library as per the [https://developer.mozilla.org/en-US/Add-ons/Third_Party_Library_Usage Third Party Libraries Usage guidelines]. If there is any indication that the modifications are intentionally violating policy, please [https://extensionworkshop.com/documentation/publish/add-ons-blocking-process/ reject immediately and escalate].
| The developer has not provided links to third party libraries, the links do not point to the original maintainer’s website, the library does not match the original checksum from the developer.<br /><br /> The developer should be asked to provide the link where they received the library as per the [https://extensionworkshop.com/documentation/publish/third-party-library-usage/ Third Party Libraries Usage guidelines]. If there is any indication that the modifications are intentionally violating policy, please [https://extensionworkshop.com/documentation/publish/add-ons-blocking-process/ reject immediately and escalate]. || Delayed Reject
|| Delayed Reject
|-
| The add-on makes use of nativeMessaging. || Request Super Review
|-
|-
| The add-on sets a newtab page that redirects to a remote page. || Reject Immediately
| The add-on sets a new tab page that redirects to a remote page. || Reject Immediately
|}
|}


Line 176: Line 182:
This section has a few items related to the privacy policy. We do not check the privacy policy for correctness. We do however make sure the privacy policy is more than just a link and generally about the add-on.
This section has a few items related to the privacy policy. We do not check the privacy policy for correctness. We do however make sure the privacy policy is more than just a link and generally about the add-on.


{| class="wikitable"
{| class="wikitable" style="width: 100%"
|-
|-
! Example !! Verdict
! scope="col" | Example
! scope="col" style="width: 10.5em" | Verdict
|-
|-
| The add-on uses a privacy policy which is merely a link to an external website. || Delayed Reject
| The add-on uses a privacy policy which is merely a link to an external website. || Delayed Reject
|-
|-
| On a quick skim, the privacy policy seems to be about a website more than it is about the add-on. || Delayed Reject
| On a quick skim, the privacy policy seems to be about a website more than it is about the add-on. || Delayed Reject
|-
| The add-on makes use of native messaging, but does not explain the data exchanged with this application in the privacy policy. || Delayed Reject
|-
|-
| After code review it is clear that the add-on exchanges data with a third party service, but the add-on description and summary do not include a summary of the information collected. || Delayed Reject
| After code review it is clear that the add-on exchanges data with a third party service, but the add-on description and summary do not include a summary of the information collected. || Delayed Reject
|-
| The add-on exchanges data with a native application via native messaging, but the data being exchanged is not summarized in the description nor mentioned in the privacy policy. || Delayed Reject
|-
| The add-on provides a search box for Google, Bing, Amazon etc. and search requests go through another website. || Reject Immediately
|-
| The add-on collects tab urls and is sending them as part of a request that doesn’t relate to actions based on the URL. This is considered ancillary data collection. || Reject Immediately
|-
| The add-on collects personal data, technical data, or user interaction data, and does not have a consent prompt when the add-on is first run (e.g. installed). || Reject Immediately
|-
| The add-on has a consent prompt, but it does not describe the data being collected || Delayed Reject
|-
| The add-on has a consent prompt that makes use of dark patterns to entice the user to accept. || Delayed Reject
|-
|-
| The main purpose of the add-on is to collect and analyze form data. Therefore, the add-on collects personal data such as the name and email of the user and sends the data to the service, but without an opt-in for personal data. || Reject Immediately
| The main purpose of the add-on is to collect and analyze form data. Therefore, the add-on collects personal data such as the name and email of the user and sends the data to the service, but without an opt-in for personal data. || Reject Immediately
|-
|-
| An add-on collects all visited browser URLs without notice, as part of a feature that does not relate to the primary functionality of the add-on.<br /><br />This is considered collecting ancillary information not explicitly required for the add-on’s basic functionality. || Reject Immediately
| An add-on collects all visited browser URLs without notice, as part of a feature that does not relate to the primary functionality of the add-on. || Reject Immediately
|-
|-
| The add-on collects personal data or passwords and sends it via http to a service. || Reject Immediately
| The add-on exchanges data via native messaging that does not belong to the primary functionality of the add-on and fails to adhere to the [https://extensionworkshop.com/documentation/publish/add-on-policies/#no-surprises no surprises requirements].<br/><br/>In severe cases, such as when sensitive data is being exchanged, please reject immediately. || Delayed Reject
|-
|-
| The add-on exchanges data with a native application via native messaging, but the data being exchanged is not summarized in the description nor mentioned in the privacy policy. || Delayed Reject
| The consent experience only offers the option to accept the data collection. || Delayed Reject
|-
|-
| The add-on exchanges data via native messaging that does not belong to the primary functionality of the add-on and fails to adhere to the [https://developer.mozilla.org/en-US/Add-ons/AMO/Policy/Reviews#No_Surprises no surprises requirements].<br/><br/>In severe cases, such as when sensitive data is being exchanged, please reject immediately. || Delayed Reject
| The consent experience offers the option to accept or uninstall, but the main functionality of the add-on will technically work without this type of data collection.<br/><br/>If the developer argues that collecting the data is required for business purposes, e.g. to maintain the add-on, this does not warrant an accept or uninstall behavior. || Delayed Reject
|-
|-
| The add-on stores information about tabs, but fails to exclude storing information from private browsing mode tabs. || Delayed Reject
| The add-on collects technical data and does not provide a way for the user to disable this type of data collection. || Delayed Reject
|-
|-
| The add-on provides a search box for Google, Bing, Amazon etc. and search requests go through another website. || Reject Immediately
| The add-on combines both personal and technical data into one option and does not provide a way to control them separately. || Delayed Reject
|}
|}


=== Security Vulnerabilities ===
=== Additional Privacy Protocols ===
 
{| class="wikitable" style="width: 100%"
{| class="wikitable"
|-
|-
! Example !! Verdict
| The add-on passes on cookies or other user-sensitive information to a native messaging application. || Reject immediately
|-
|-
| The add-on injects remote data into an extension page or web page using innerHTML or other methods without prior sanitation. || Reject Immediately
| The add-on stores information about tabs, but fails to exclude storing information from private browsing mode tabs. || Delayed Reject
|-
| The add-on makes use of React’s ''dangerouslySetInnerHTML'' with remote unsanitized data. || Reject Immediately
|-
| The add-on makes use of remote CSS scripts, which can cause security vulnerabilities in combination with libraries such as React and Angular. || Reject Immediately
|}
|}


=== Monetization ===
=== Monetization ===
Monetization follows the same data disclosure policies as for other data and includes a few extra provisions to set user expectations. We define monetization as a feature of the add-on that results in a potential monetary benefit for the developer.
Monetization follows the same data disclosure policies as for other data and includes a few extra provisions to set user expectations. We define monetization as a feature of the add-on that results in a potential monetary benefit for the developer.
{| class="wikitable"
{| class="wikitable" style="width: 100%"
|-
! Example !! Verdict
|-
| The add-on has a monetization feature but does not present a user control mechanism at startup. || Delayed Reject
|-
| The add-on has a monetization feature without a user control mechanism, which involves transmitting personal data. || Reject Immediately
|-
| The monetization feature sends personal data, but the user control mechanism at startup is not an opt-in (e.g. default choice is to accept). || Reject Immediately
|-
|-
| The add-on sends data unrelated to the add-on’s function (ancillary data) specifically for monetization purposes. || Reject Immediately
! scope="col" | Example
! scope="col" style="width: 10.5em" | Verdict
|-
|-
| The add-on monetizes by injecting ads into web pages, but fails to identify the content as belonging to the add-on. || Delayed Reject
| The add-on monetizes by injecting ads into web pages, but fails to identify the content as belonging to the add-on. || Delayed Reject
Line 236: Line 246:
| The add-on shows information about crypto coins by querying a web service for information (this is not mining). || Approve
| The add-on shows information about crypto coins by querying a web service for information (this is not mining). || Approve
|-
|-
| The add-on changes all Amazon links on web pages to add affiliate tags to profit the developer. || Reject Immediately
| The add-on changes all Amazon/Yahoo/etc. links on web pages to add affiliate tags to profit the developer. || Reject Immediately
|-
|-
| The add-on has links that include affiliate tags within the browser popup of the add-on. || Approve
| The add-on has links that include affiliate tags within the browser popup of the add-on. || Approve
|}
|}
=== Security, Compliance &amp; Blocking ===
{| class="wikitable" style="width: 100%"
|-
! scope="col" | Example
! scope="col" style="width: 10.5em" | Verdict
|-
| The add-on injects remote data into an extension page or web page using innerHTML or other methods without prior sanitation. || Reject Immediately
|-
| The add-on makes use of React’s ''dangerouslySetInnerHTML'' with remote unsanitized data. || Reject Immediately
|-
| The add-on makes use of remote CSS scripts, which can cause security vulnerabilities in combination with libraries such as React and Angular. || Reject Immediately
|-
| The add-on seems to be intentionally violating our policies, such as collecting a cryptocurrency private key and sending it to a remote server. || Escalate
|}


[[Add-ons/Reviewers/Guide/Reviewing|Previous: Reviewing]] [[Add-ons/Reviewers/Guide/Moderation|Next: Moderation]]
[[Add-ons/Reviewers/Guide/Reviewing|Previous: Reviewing]] [[Add-ons/Reviewers/Guide/Moderation|Next: Moderation]]
Kewisch
258

edits

Retrieved from "https://wiki.mozilla.org/Special:MobileDiff/1239634"

Navigation menu