Google is cracking down on Chrome extensions that request access to more data than they actually need, and will soon start purging offenders from the Chrome Web Store.
In May, Google announced that it would be encouraging developers to think twice about asking for unnecessary information, it’s now tightening the rules and making it an explicit requirement that apps “only request access to the least amount of data”.
- The best browsers of 2019: a faster, safer way to get online
- Your ultimate guide to the best free password managers
- How to secure your accounts with Dashlane
Google is also telling more developers to publish privacy policies. Until now, that was only necessary for extensions that access personal or sensitive user data, but now that’s been extended to any plugin that asks for user-provided content or access to communications.
Developers will need to publish an explanation of why their need each piece of data they’re requesting, how they use it, whether it’s shared, and with whom. If it’s transmitted in any way, it’ll need to be secured with modern cryptography first.
The clock is ticking
The new updates are part of Project Strobe – a security project that involves giving users more control over their Google accounts, letting them choose exactly what data each app can access, and finally laying Google+ to rest.
Both changes go into force on October 15, so developers have until then to get their extensions and policies in shape. If they drag their feet, they can expect their work to be pulled from the Chrome Web Store.
Google came under fire recently, when it was discovered that several extensions in the Chrome Web Store were harvesting and selling data without permission, so it might have pushed out this update sooner than originally planned as a form of damage limitation. More transparency is always welcome though, and it’ll be interesting to see if any more changes come out of Project Strobe before mid-October.