Google is hunting down Chrome extensions that request too much data, and has plans to begin deleting them from the Chrome Web Store very soon.
Google is demanding that any extension asking for user-provided content or access to communications publish their privacy policy by October 15. In the past, this has only been required from developers that request access to personal or sensitive user data, but the idea has always been considered best practice for web developers on the Chrome browser.
Related: Best web browser
Developers will be required to secure user data with modern cryptography and explain why they even need the information in the first place. They also need to describe how they plan to use the data and where it will be shared, if anywhere.
Extensions that use the Google Drive API have also been targeted, with Google limiting the number of apps that are allowed to access content and personal data within Drive.
This is the latest step in Project Strobe, Google’s chromium clampdown on third-party extensions that pose a risk to user privacy. The company unveiled the Strobe initiative last year, telling developers that they will no longer tolerate requests for personal data that is not required for the extension to do its job.
“We’re requiring extensions to only request access to the appropriate data needed to implement their features,” Google vice president of engineering Ben Smith wrote in a blog post back in May.
“If there is more than one permission that could be used to implement a feature, developers must use the permission with access to the least amount of data. While this has always been encouraged of developers, now we’re making this a requirement for all extensions.”
Related: Best VPN
Google claims that Project Strobe policies have already resulted in a 98% drop in the number of third-party apps with access to user SMS and Call Log permissions across Android, with only minor setbacks to the functionality of the apps themselves. The company hopes that the steps it is taking with the Chrome browser will have a similarly positive result.
Developers have until October 15 to make some serious changes to their privacy policies or risk their extensions being cut from the Chrome Web Store entirely.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
Editorial independence
Editorial independence means being able to give an unbiased verdict about a product or company, with the avoidance of conflicts of interest. To ensure this is possible, every member of the editorial staff follows a clear code of conduct.
Professional conduct
We also expect our journalists to follow clear ethical standards in their work. Our staff members must strive for honesty and accuracy in everything they do. We follow the IPSO Editors’ code of practice to underpin these standards.
