Google attacks Chrome extensions that require access to more data than they actually do. In May, Google announced that it would encourage developers to think twice before asking for unnecessary information. It now enforces the rules, requiring apps to "only request access to as little data as possible." Google is also asking more developers to post privacy policies. Until now, this was only required for extensions that access personal or sensitive user data, but has now been extended to any plugin that requests user-provided content or Communications Access. Developers will need to post an explanation of why they need each requested piece of data, how they use it, if it is shared, and with whom. If it is transmitted in any way, it must first be secured with modern cryptography.
The clock turns
The new updates are part of Project Strobe, a security project that gives users more control over their Google accounts, allowing them to choose exactly what data each app can access, and ultimately putting Google to sleep. Both amendments will enter into force on October 15. So developers up until now have needed to format their policies and extensions. If they drag their feet, they can expect their work to be pulled from the Chrome Web Store. Google recently came under fire when various Chrome Web Store extensions were found to be collecting and selling unauthorized data. This update may have been released earlier than originally planned to limit the damage. However, more transparency is always welcome and it will be interesting to see if any further changes will be made to the Strobe Project in mid-October. Via 9to5Google