Just before last year’s October 9th event, Google announced Project Strobe to review third-party access in all services, including Android. This initiative is now cracking down on Chrome extensions and requiring them to use less data, as well as to stop deceptive install practices.

For the past several years, Google has worked to secure Chrome extensions given the level of access to your browser that they possess. The company is now asking developers to “only request access to the appropriate data needed to implement their features.”

If multiple are available, “developers must use the permission with access to the least amount of data.” This was previously only an encouraged practice, but now a hard requirement.

Additionally, more types of Chrome extensions will have to post privacy polices. This includes tool that handle personal communications and user-provided content:

Our policies have previously required any extension that handles personal and sensitive user data to post a privacy policy and handle that data securely. Now, we’re expanding this category to include extensions that handle user-provided content and personal communications.

These two polices come into effect this summer, with Google also cracking down on deceptive installation tactics today. A previous effort to remove inline installations from the browser resulted in user complaints about unwanted extensions dropping 18%. However, users are still being targeted.

Google is now explicitly warning that extensions with “deceptive installation tactics will be removed from the Chrome Web Store,” the only sanctioned way to find and download extensions on Mac, Windows, and Chrome OS. This includes unclear disclosures, misleading interactive elements that, and adjusting the Chrome Web Store item listing window. These changes must be applied by July 1st.

More about Chrome extensions:


Check out 9to5Google on YouTube for more news:

About the Author