A couple weeks ago, we woke up to an email no developer wants to read—that our app was removed from the Chrome Web Store.
If you don't know us, we are a popular webpage screenshotting app. Among extensions, we're one of the most-downloaded indie apps (not venture-funded or owned by a corporate). A lot of our users come to us because of the high download count and rating on our Chrome Web Store storefront:
This storefront was published nearly 10 years ago on @mrcoles' personal email address. And as I came on to run the day-to-day business, we hadn't yet taken the steps to make the account accessible to multiple people.
As a band-aid solution, we set up auto-forwarding of certain notifications from @mrcoles' personal email to my work email. We didn't consider that Chrome might send us notification emails from a completely new, foreign email, which would then slip through the cracks...
Which leads us to that fateful morning. I started the day and immediately noticed a flood of tickets and tweets about our storefront. (Always tweet/report issues, thank you awesome users 😛)
We soon discovered that we had missed a 2-week warning email from Chrome. There had been a permissions misunderstanding. As a result, the storefront had been taken down.
No existing users were affected, but any new users looking for our storefront were directed to a 404 page:
Over the next 60 hours, this issue became the most reported issue in our customer support channel. Finally, near the end of the third day, our storefront was restored. And the dust has largely settled since.
We went through a small personal hell here. So we'd like to offer ourselves up for lessons learned!
Some indie projects are built just for fun, and are never meant to be monetized or grow. (Take @mrcoles' Dragon Drop! project for example 🐉😉). But if you find yourself returning to a project and improving/iterating, that would be a good time to consider how others might get involved one day.
Even for a one-person project with no specific aspirations, it is so much easier to take steps during set-up, or early on, than to repair later. We discounted how difficult it would be to turn a 10-year solo project into one run by a collaborative team. And the procrastination in our case ultimately led to this 60-hour fire drill.
When the storefront was taken down, we went to anyone who might have some amount of influence or insight. Though the review process is a protected, faceless black box, we were able to get through to some folks inside Google. The contacts we had were absolutely crucial to getting this resolved. So how do you do this? By helping others online, asking questions, enriching the spaces you're a part of—and not treating the internet like a spectator sport.
All we could do throughout this incident was remain communicative and transparent. Because of our record, we were able to tell the truth of what happened and were able to assuage user concerns.
Nothing serves an indie business like honesty, transparency, and consistency; our users' trust in us is our entire brand value.
We see threads on the Chromium Extensions Google Group all the time with people seeking answers for a removed storefront. We knew we had to do everything possible to avoid this, and we thought we were fending off the possibility well. In the end one of our biggest nightmares ended up happening anyway. But we survived! So, you can't plan for everything. Your nightmare will happen, and it's all about how you respond. As well as what you learn from the experience for future.
It was cool to see a very organic measure of referral activity. Nearly every report of this incident was a happy user trying to refer us to a friend or colleague!
We deeply appreciate those at Chrome who heard us out, worked through the confusion, and advocated for us. We also understand why this happened! The Chrome Web Store was unregulated for a long time, and malicious actors thrived. The platform appears to be in an adolescent phase when it comes to user protections. We see this incident as a symptom of growing pains, as Chrome works to balance user privacy with developer-friendliness.
We are optimistic this bumpiness will smooth out. And we'll continue supporting and creating a high-value product with user privacy as a core tenet. We'll continue to work to bring value to—rather than extract value from—our users.
Would love to hear any thoughts/questions from Indiehackers, any tips we might have missed here, etc!