Why Chrome Extensions Get Rejected (15 Reasons + How to Fix Each One)

You built your Chrome extension. You uploaded it to the Chrome Web Store. You waited 3 days.

Then you got the email: "Your item did not comply with our policies."

No specific explanation. No clear path forward. Just rejection.

I've been there. And after helping dozens of developers get their extensions approved, I've seen every rejection reason Google throws at people.

This guide covers the 15 most common reasons Chrome extensions get rejected, with exact fixes for each one. Plus, I'll show you how to appeal if you think Google made a mistake.

---

How Chrome Web Store Review Works

Before we dive into rejection reasons, let's understand the review process:

1. Automated Scan: Google's bots check for malware, policy violations, and manifest issues.
2. Human Review: A reviewer manually checks your extension (for most submissions).
3. Decision: Approve, reject, or request changes.

Review typically takes 1-3 business days, but can take longer for:

• Extensions requesting sensitive permissions
• First-time developers
• Complex functionality

Now let's look at why extensions get rejected.

---

Reason #1: Requesting Unnecessary Permissions

The Problem: You requested permissions you don't actually need. This is the #1 rejection reason.

Example: Your extension only works on YouTube, but you requested <all_urls> access.

The Fix:

1. Audit your manifest.json permissions.
2. Remove anything you don't actively use.
3. Use host_permissions to limit site access.

// ❌ BAD - Too broad
"host_permissions": ["<all_urls>"]

// ✅ GOOD - Specific
"host_permissions": ["https://*.youtube.com/*"]

Pro Tip: Use activeTab instead of broad host permissions when possible. It only activates when users click your extension.

---

Reason #2: Vague or Misleading Description

The Problem: Your store listing doesn't clearly explain what your extension does.

Rejection Examples:

• "Makes your browsing better"
• "Productivity tool for everyone"
• "The best extension you'll ever use"

The Fix: Be specific about functionality:

❌ BAD: "Helps you save time online"

✅ GOOD: "Automatically applies coupon codes at checkout 
on 50,000+ online stores. Saves an average of $20 per order."

Include:

• What the extension does (specific actions)
• Where it works (which websites)
• What the user gets (concrete benefits)

---

Reason #3: Missing Privacy Policy

The Problem: Your extension collects data but has no privacy policy, or the privacy policy URL is broken.

What Counts as "Collecting Data":

• User preferences/settings
• Browsing history
• Usage analytics
• Error logs
• Anything stored on your servers

The Fix:

1. Create a privacy policy page (can be a simple Google Doc or GitHub page).
2. Explain what data you collect and why.
3. Add the URL to your Developer Dashboard.

Free Templates:

• Termly Privacy Policy Generator
• PrivacyPolicies.com

---

Reason #4: Single Purpose Violation

The Problem: Your extension does too many unrelated things. Google requires extensions to have a "single purpose."

Rejection Example: An extension that blocks ads AND provides weather updates AND shows cryptocurrency prices.

The Fix: Pick ONE core function. If you have multiple features, they must all relate to that core function.

❌ BAD: Ad blocker + Weather widget + Crypto tracker

✅ GOOD: Ad blocker + Tracker blocker + Cookie consent auto-decline
         (All related to privacy/blocking)

If you want multiple unrelated features, create separate extensions.

---

Reason #5: Keyword Stuffing

The Problem: You crammed your title or description with keywords to game search rankings.

Rejection Example:

"Best Ad Blocker - Free Ad Blocker - #1 Ad Blocker - 
Top Ad Blocker Extension - Ad Block - Block Ads Free"

The Fix: Write naturally. Use keywords, but don't repeat them excessively.

✅ GOOD: "AdShield - Block Ads & Trackers Automatically"

Rule of Thumb: If it sounds spammy when you read it aloud, rewrite it.

---

Reason #6: Deceptive Functionality

The Problem: Your extension doesn't do what your store listing says it does.

Examples:

• Promising features that don't exist
• Claiming to work on sites where it doesn't
• Exaggerating capabilities

The Fix: Only advertise features that actually work. Test everything before submission.

If a feature is "coming soon," don't mention it in your listing yet.

---

Reason #7: Broken or Non-Functional Extension

The Problem: Your extension crashes, throws errors, or simply doesn't work.

Common Causes:

• Manifest V2 code that doesn't work in V3
• Missing files referenced in manifest.json
• JavaScript errors in service worker
• Permissions not matching code requirements

The Fix:

1. Test thoroughly in Developer Mode before submitting.
2. Check the console for errors (right-click extension icon → Inspect).
3. Test on multiple websites.
4. Verify all files in manifest.json exist.

---

Reason #8: Impersonation or Trademark Violation

The Problem: Your extension name, icon, or description implies affiliation with a company you're not affiliated with.

Rejection Examples:

• Using "Google" in your extension name
• Copying another extension's icon
• Claiming "Official" when you're not

The Fix:

• Use your own branding
• Avoid trademarked terms in your name
• Use phrases like "for YouTube" instead of "YouTube Extension"
• Create original icons

❌ BAD: "Official Netflix Downloader"
✅ GOOD: "Video Saver for Streaming Sites"

---

Reason #9: User Data Handling Violations

The Problem: You're collecting, transmitting, or storing user data improperly.

Violations Include:

• Sending data to remote servers without disclosure
• Not encrypting sensitive data
• Collecting more data than necessary
• Sharing data with third parties without consent

The Fix:

1. Only collect data you actually need.
2. Disclose all data collection in your privacy policy.
3. Use HTTPS for all data transmission.
4. Never sell or share user data without explicit consent.

---

Reason #10: Affiliate Link Abuse

The Problem: Your extension injects affiliate links or redirects users to earn commissions without disclosure.

Rejection Example: An extension that secretly replaces Amazon links with your affiliate links.

The Fix: If you use affiliate links:

1. Clearly disclose this in your description.
2. Don't inject links without user action.
3. Don't replace existing links on pages.

---

Reason #11: Ads Policy Violation

The Problem: Your extension displays ads in ways that violate Google's policies.

Violations Include:

• Injecting ads into web pages
• Pop-up ads
• Ads that obscure content
• Ads without clear "Ad" labeling

The Fix: If you want to monetize with ads:

• Only show ads within your extension's popup/options page
• Never inject ads into web pages
• Consider freemium model instead

---

Reason #12: Remote Code Execution

The Problem: Your extension loads JavaScript from external servers and executes it.

Why It's Banned: This is a major security risk. Code could change without review.

Rejection Example:

// ❌ BAD - Loading remote code
fetch('https://myserver.com/script.js')
  .then(res => res.text())
  .then(code => eval(code));

The Fix: All code must be included in your extension package. No remote JavaScript execution.

You CAN fetch data (JSON, text) from remote servers—just not executable code.

---

Reason #13: Obfuscated Code

The Problem: Your JavaScript is minified or obfuscated to the point where reviewers can't understand it.

Why It's Rejected: Google needs to review your code for security. If they can't read it, they'll reject it.

The Fix:

• Submit readable, well-commented code
• If you use a build process, also include source maps
• Light minification is okay; heavy obfuscation is not

---

Reason #14: Cryptocurrency Mining

The Problem: Your extension mines cryptocurrency using the user's computer resources.

The Rule: This is completely banned, even with user consent.

The Fix: Remove all mining code. There's no workaround—it's a permanent policy.

---

Reason #15: Inadequate Permission Justification

The Problem: You're requesting sensitive permissions without explaining why.

Sensitive Permissions Include:

• webRequest / webRequestBlocking
• cookies
• history
• tabs
• Broad host permissions

The Fix: Add a "Permissions Justification" section to your store description:

**Why We Need These Permissions:**

• "Read and change all your data on websites you visit" 
  - Required to modify page content and block ads.
  
• "Manage your downloads" 
  - Required to save blocked element lists.

In your Developer Dashboard, you may also need to fill out a permissions justification form.

---

How to Appeal a Rejection

Think Google made a mistake? Here's how to appeal:

Step 1: Read the Rejection Email Carefully

Google usually provides a general category (e.g., "Policy violation: Permissions"). This hints at the issue.

Step 2: Fix the Issue First

Don't appeal without making changes. Fix what you think is wrong, then appeal.

Step 3: Submit an Appeal

1. Go to the Chrome Web Store Developer Dashboard.
2. Find your rejected extension.
3. Click "Appeal" or contact support.
4. Explain what changes you made.

Step 4: Be Patient and Professional

Appeals can take 1-2 weeks. Be polite in your communication—a human is reading it.

---

Pre-Submission Checklist

Before you submit, verify:

• [ ] All permissions are justified and minimal
• [ ] Description clearly explains functionality
• [ ] Privacy policy URL works and covers your data practices
• [ ] Extension has a single, clear purpose
• [ ] No keyword stuffing in title or description
• [ ] All advertised features actually work
• [ ] No trademarked terms in name/icon
• [ ] No remote code execution
• [ ] Code is readable, not heavily obfuscated
• [ ] No cryptocurrency mining
• [ ] Ads (if any) follow policy guidelines

---

Frequently Asked Questions

How long does Chrome Web Store review take?

Typically 1-3 business days for simple extensions. Complex extensions or those requesting sensitive permissions may take 1-2 weeks.

Can I resubmit after rejection?

Yes! Fix the issues, update your package, and resubmit. There's no limit on resubmissions.

Why did Google reject my extension without specifics?

Google often gives vague rejection reasons to prevent people from gaming the system. Use this guide to audit your extension against all common issues.

Does my extension need a privacy policy if it stores data locally only?

If you use chrome.storage to save user preferences locally, you technically don't need a privacy policy. But having one anyway builds trust and future-proofs you.

Can I use the same name as another extension?

Avoid it. Even if not trademarked, similar names can trigger impersonation flags. Choose a unique name.

---

Conclusion

Getting rejected from the Chrome Web Store is frustrating, but it's rarely permanent.

Most rejections come from:

1. Excessive permissions — request only what you need
2. Vague descriptions — be specific about what your extension does
3. Missing privacy policy — create one even if you think you don't need it

Fix these three issues, and you'll avoid 80% of rejections.

Need to validate your extension idea before building? Use Extension Radar to analyze competitor reviews and find exactly what users want, before you write code.

Ready to build? Check out our guide on how to make a Chrome extension for a complete walkthrough.