Google is hunting down Chrome extensions that request too much data, and has plans to begin deleting them from the Chrome Web Store very soon.
Related: Best web browser
Developers will be required to secure user data with modern cryptography and explain why they even need the information in the first place. They also need to describe how they plan to use the data and where it will be shared, if anywhere.
Extensions that use the Google Drive API have also been targeted, with Google limiting the number of apps that are allowed to access content and personal data within Drive.
This is the latest step in Project Strobe, Google’s chromium clampdown on third-party extensions that pose a risk to user privacy. The company unveiled the Strobe initiative last year, telling developers that they will no longer tolerate requests for personal data that is not required for the extension to do its job.
“We’re requiring extensions to only request access to the appropriate data needed to implement their features,” Google vice president of engineering Ben Smith wrote in a blog post back in May.
“If there is more than one permission that could be used to implement a feature, developers must use the permission with access to the least amount of data. While this has always been encouraged of developers, now we’re making this a requirement for all extensions.”
Related: Best VPN
Google claims that Project Strobe policies have already resulted in a 98% drop in the number of third-party apps with access to user SMS and Call Log permissions across Android, with only minor setbacks to the functionality of the apps themselves. The company hopes that the steps it is taking with the Chrome browser will have a similarly positive result.
Developers have until October 15 to make some serious changes to their privacy policies or risk their extensions being cut from the Chrome Web Store entirely.