Important update: Addressing the long manual review times

Hi, wonderful developers, I would like to address an issue that some of you have faced lately: long manual review times.

A lot of people are reporting long manual review times, and that’s true, but not because we are reviewing fewer add-ons. Our average time to review hasn’t changed much, nor has our capacity to review new versions.

What we have noticed so far:

  • We’re experiencing up to 4x increase in the number of new add-ons and versions submitted!
  • The size of the new versions has significantly increased = more files, more lines of code, and way more difficult for our reviewers to do a speedy review.
  • People with little coding skills are writing more and more add-ons.
  • It’s easier than ever for people to build bots and fake users.
  • As a result, malicious attacks have become more regular than ever, with a recent example publicized a few weeks ago.

Our top priority is the safety of our users and developers; that’s why we are continuously working to address these emergent issues. Our manual review times currently vary, but it is worth noting that only a small percentage of the add-ons submitted daily are added to the manual review queue.

To address these emergent issues, we are continuously working on:

  • Extending the capabilities and improving the effectiveness of our automated malware-detection tools.
  • Decreasing the time to identify and take action against malicious actors and spam.
  • Further streamlining our internal processes and evaluating new approaches to address the volume and review times for new add-on versions.

All of the above have already been contributing towards our manual review capabilities. We could also use your help in this ongoing situation.

What can you do:

  • Double and triple-check your code and your add-on’s behavior against our policies. The most common violations we see are:
  • Attach source code during every submission if your add-on contains machine-generated code.
    • Provide a single set of instructions, or better yet, a single-command build script that reviewers can execute.
    • Manually verify that the build fully reproduces without differences using only the provided source code and build script (or instructions), ideally on a separate machine.
  • Please refrain from contacting us directly to request a faster review.

We really appreciate your patience and support while we navigate this new era. Rest assured, we are doing our best to increase capacity, reduce the manual review times, and strengthen security.

On behalf of the Mozilla Add-ons Team,

-Christos

Hi understand that you can only do what you can do. How about try to add a rough estimate of review tho? People really don’t like having no idea where they are in a queue. And it will create a lot of unnecessary frustration. We literally don’t know if we could have to wait 1 month or 2 days because you are not giving us any info

Hi Ano_ano, and thank you for your feedback and recommendations.

To be completely honest, a rough estimate is between 3 days and 3 weeks. For some cases, it might also be 3-5 weeks.

Our goal, and what we are actively working towards, is to bring that rough estimate as low as possible, but it’s really difficult to do that as quickly as we would like.

We have been receiving numerous malicious attacks, on top of the influx of new daily submissions, which have been affecting our operations for quite some time now.

We keep our focus and promise to continue building an open, safe, and inclusive web for everyone. That’s why we can’t adopt practices of other ecosystems, like Chrome’s, that require an active credit card before submitting a new extension.

We really appreciate everyone’s patience and understanding!

Understand! Must be really tough with the high influx. Just knowing it could be 3 weeks just makes it easier to handle thank you.