Google introduces new restrictions on extensions in the Chrome Web Store

Google has announced the implementation of new rules for extensions in the Chrome Web Store’s online catalog, aimed enhancing protection of users’ privacy.

New measures will be implemented within the Project Strobe, the main goal of which is to minimize user data available to third-party applications through the company’s services, APIs and tools.

The first measure concerns the permissions requested by the Chrome extensions during the installation process. In particular, extensions should request access only to the data that is necessary for its operation.

“If multiple permissions can be requested to implement a function, developers should use the permission that accesses the least amount of data”, – the company’s blog says.

Previously, Google only recommended this approach, but now this requirement will become mandatory for all extensions in the Chrome Web Store.

The company will give developers 90 days to fix all the permissions problems, if program creators ignore the requirements, their applications will be removed from the Chrome Web Store and deactivated in users’ browsers.

Google has also expanded the requirement for processing personal data. In particular, developers of extensions for Chrome that handle “personal communications and user content” should post a privacy policy describing how the collected data is processed and stored.

Read also: Google Chrome will block download of certain files with HTTP-protocol

The company promised to publish detailed information about the new requirements over the next three months. Company plans that the new rules will come into force this fall.

In addition, the technology giant intends to limit the “types of applications” that are allowed wide access to users’ data through the Google Drive API.

“When you connect third-party apps, Drive gives you one central place to keep all your files and helps you easily collaborate with others. With this updated policy, we’ll limit apps that use Google Drive APIs from broadly accessing content or data in Drive. This means we’ll restrict third-party access to specific files and be verifying public apps that require broader access, such as backup services”, — reported in Google.

The company did not report what types of applications are most vulnerable, but noted that the developers of the affected programs will receive appropriate notifications.

Source: https://blog.google