Just before last year’s October 9th event, Google announced Project Strobe to review third-party access in all services, including Android. This initiative is now cracking down on Chrome extensions and requiring them to use less data, as well as to stop deceptive install practices.
For the past several years, Google has worked to secure Chrome extensions given the level of access to your browser that they possess. The company is now asking developers to “only request access to the appropriate data needed to implement their features.”
If multiple are available, “developers must use the permission with access to the least amount of data.” This was previously only an encouraged practice, but now a hard requirement.
Additionally, more types of Chrome extensions will have to post privacy polices. This includes tool that handle personal communications and user-provided content:
These two polices come into effect this summer, with Google also cracking down on deceptive installation tactics today. A previous effort to remove inline installations from the browser resulted in user complaints about unwanted extensions dropping 18%. However, users are still being targeted.
Google is now explicitly warning that extensions with “deceptive installation tactics will be removed from the Chrome Web Store,” the only sanctioned way to find and download extensions on Mac, Windows, and Chrome OS. This includes unclear disclosures, misleading interactive elements that, and adjusting the Chrome Web Store item listing window. These changes must be applied by July 1st.
More about Chrome extensions:
- Google to restrict modern ad blocking Chrome extensions to enterprise users
- Google bans Chrome extensions that mine cryptocurrency due to ‘cryptojacking’
- Chrome extensions will soon require Chrome Web Store distribution for all Mac & Windows users