New Google Chrome extension rules limit access to personal data

Google has announced a clampdown on third-party Chrome extensions in an effort to protect users’ privacy. As part of its Project Strobe initiative, Google is placing new permissions restrictions on developers to ensure they only request the user data their extension actually needs to serve its purpose.
Also, if a task can be accomplished via more than one one stated ‘permission’ the developer must select the route that requires the least amount of personal data from the Chrome user.
In a blog post on Thursday, Google’s Ben Smith explained the new policy, which is rolling out to the Chrome Web Store this summer. Previously, this had been considered best practice, but now Google is making it mandatory. Apps that fail to comply facing removal from the store and being disabled within Chrome.
“We’re requiring extensions to only request access to the appropriate data needed to implement their features,” the Google Fellow and VP of engineering writes. “If there is more than one permission that could be used to implement a feature, developers must use the permission with access to the least amount of data. While this has always been encouraged of developers, now we’re making this a requirement for all extensions.”
Related: Best free antivirus software 2019
Smith also says more developers of Chrome extensions will be required to post their privacy polices explaining how they handle user-provided content. The firm is also tightening up the Google Drive API by limiting “apps that use Google Drive APIs from broadly accessing content or data in Drive.”
Google says new Project Strobe policies implemented across Android have resulted in a 98% reduction in the number of third-party apps that have access to SMS and Call Log permissions, and it’s hoping the Chrome extensions changes will have a similar effect.
Smith adds: “Third-party apps and websites create services that millions of people use to get things done and customize their online experience. To make this ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road.”