Mozilla now introduces a new ecosystem for safer add-on experience. This ecosystem is called as the extension signing. The extension signing for add-ons will help in having a better supervision on the add-ons ecosystem while not making AMO to be the only add-on distribution channel.
Mozilla mentions about this new addition,
“The Mozilla add-ons platform has traditionally been very open to developers. Not only are extensions capable of changing Firefox in radical and innovative ways, but developers are entirely free to distribute them on their own sites, not necessarily through AMO, Mozilla’s add-ons site. This gives developers great power and flexibility, but it also gives bad actors too much freedom to take advantage of our users.”
The add-ons have always been there. The extensions that make changes in the search settings and home page are very common. However, with this freedom, malicious scripts can also be injected freely. In order to tackle this situation, Mozilla has introduced the guidelines about extension signing. These guidelines are created for all add-on makers. This way, it will be ensured that all distributed add-ons will be safe for the users and won’t be able to create any inconvenience for them.
Why Extension signing has been introduced for Mozilla add-ons
Even though Mozilla has introduced a set of mandatory rules for the add-on makers; there are still some add-ons that breach these rules. These add-ons are mostly those which are distributed through sites other than AMO. Hence, it is a difficult task for Mozilla to track all of them. In addition to this, creators of malicious programs have invented a number of ways in which they can make the extensions harder to discover. This further makes blocking such extensions difficult.
In such scenario, introduction of extension signings will help Mozilla to a great extent. First of all, developers must host their add-ons on AMO. By doing so, developers agree to the policy of extension signing that they will test their add-ons on Nightly, Developer Edition, or any other unbranded builds. Once, the add-ons pass the review, they will be automatically signed. The remaining process of submission and review will remain same.
The introduction of extension signing will certainly make sure that the users are safe from any malicious activity that is harmful to their PC and data. You can read more about this extension signing process on the Mozilla add-ons blog.
