Purple PotassiumPermissionsHard rejection

Excessive permissions

The extension requests permissions it doesn't use or doesn't need.

Common reasons Google rejected this

01A permission is declared in manifest.json but never called in code.
02A broader permission is used when a narrower one would suffice (tabs instead of activeTab).
03Host permissions cover <all_urls> when only a few domains are needed.

Remove any permission you don't actually use.
Replace 'tabs' with 'activeTab' when you only need the current tab.
Narrow host_permissions to specific origins like https://api.example.com/*.
Move sometimes-used permissions to optional_permissions and request them at runtime.

Our scanner runs 5 checks that catch this violation before submission.

Read Google's full policy

developer.chrome.com

Don't risk another rejection

Run all 25 ExtGuard checks against your zip in 3 seconds.