Prevent user from tampering with a Chrome Extension's free trial

Question

Paid Chrome Extensions that offer free trials must implement a manual check for when the license was issued in order to "expire" the free trial.

The recommended way of doing this is by calling the License API and verifying the response. This happens in the extension's JavaScript code, which can easily be tampered with.

For example, in the code piece linked above, a user could easily inspect the background page and insert a breakpoint right after the if block and run licenseStatus = "FULL", giving them full access to the extension's features.

Is there any way to mitigate this sort of tampering?

Answer 1

A determined user will always be able to copy your extension, add modifications to it and load it as unpacked.

Code obfuscation, i.e. minification, serves as deterrent but will not prevent it.

This is always the case for client-side code (supplied with a convenient debugger, no less). The only real solution to this is a server-side component that performs some non-trivial chunk of work and checks the license itself.

As such, it's a bit of an honor system: you can expect most users that are willing to pay in the first place to actually pay, and in theory you have legal tools to go after users that not only break your protection but distribute the modified extension. If that's not enough, and you can't implement the "real" solution above, you should reconsider developing paid extensions.