I've developed a few browser extensions, and every week I receive numerous emails with "revenue offer". Some experienced developers know that offers like these will inject malware into the browsers of your users, but scammers who make these offers will not tell you about it. They offer "integrations" that don't look so suspicious. Imagine how many developers have accepted these offers. Then look at the number of extensions in your browser and think about how much risk there is that you have an extension with malware.
Don’t extensions get reviewed by the various stores? I’d imagine an automated check can catch malicious integrations like that.
Maybe not right away, but once they catch wind of one shady extension they could just search the store for any other ones.
deleted by creator
I guess so, it would still be a problem. Once one extension is caught, it should be simpler to catch the rest.
It’s harder to quickly switch stuff up when you need to send the devs new code to put in