How I Can Distribute Software Without it Being Blocked by Google?
I'm an open source software developer, and for the past fifteen years, I've been distributing my software on my website.
Unfortunately, recently Google's Safe Browsing technology has begun flagging my site as containing "harmful content" which it recommends I "remove as soon as possible", simply because my software is new, and thus by definition, an uncommon download.
Not being a very large developer, it is difficult for me to overcome being an uncommon download. I don't even know what the criteria is before a download is considered common. 100 downloads? 100,000?
What I do know is that my software comes back as 100% clean from Virus Total, doesn't even connect to the internet, and doesn't do anything out of the ordinary. In my case, it's run-of-the-mill game emulator software.
So far, this just appears to result in a warning every time my software is downloaded. I've not been able to get any answer from Google or its online help about this error, but I have had friends and heard from others who have had this escalate to their entire sites being blocked by Chrome and Firefox.
This has happened even when publishing to highly reputable sites such as GitHub, and even when the software was perfectly safe:
I have tried the "request review" option, which came back clean, only to immediately be flagged again. Not to mention it just isn't feasible for me to request reviews upon every new software release version I make.
I want to find a proper solution that won't risk manual actions (such as password-protecting the archives, or blocking crawlers.) Linking offsite risks both the offsite page and my own site for linking to it, so that also won't work.
Google's own documentation strongly recommends software to be signed (which will cost $70 a year if you don't mind the certificate containing your real name, or $400 a year if you prefer it to use your company name instead), but it doesn't specify if signing will help prevent these warnings, only that not being signed isn't a guarantee of receiving the warning.
So I've been asking around, and I'd like to ask Hacker Noon as well: have any software developers here run into this issue before? Did you find anything that worked? Barring that, do you have any ideas I haven't thought of? I would very much appreciate any help with this, thanks!
Subscribe to get your daily round-up of top tech stories!