Security Experts:

Google Tightens Security Rules for Chrome Extensions

Google has updated its User Data Policy for the Chrome Web Store, in an attempt to improve the safety and privacy for users of its Chrome web browser.

Following the new changes, third-party developers are required to be transparent in how they handle user data, while also being required to inform users on what data they collect, how they use it, and who they share it with. Moreover, Google requires developers to limit their use of the data to the practices they disclosed.

The new User Data Policy for the Chrome Web Store requires developers to keep users informed on data collection and on the manner in which the data is handled. They should also ask for user consent when collecting sensitive data.

Developers of Chrome extensions that handle personal or sensitive user data such as personally identifiable information, financial and payment information, authentication information, and the like are required to post a privacy policy and to handle data securely, including transmitting it via modern cryptography.

“The privacy policy must, together with any in-Product disclosures, comprehensively disclose how your Product collects, uses and shares user data, including the types of parties with whom it’s shared,” Google notes in the User Data Policy.

Additionally, the Internet giant notes that, for extensions and apps that handle personal or sensitive user data “that is not closely related to functionality described prominently in the Product’s Chrome Web Store page and user interface,” developers need to prominently disclose how the user data will be used, and also obtain the user’s affirmative consent for such use.

Based on the new policy, developers are prohibited from collecting web browsing activity when it’s not required for an item’s main functionality: “collection and use of web browsing activity is prohibited except to the extent required for a user-facing feature described prominently in the Product’s Chrome Web Store page and in the Product’s user interface.”

According to Google, developers will be notified when products in the Chrome Web Store are found to violate the User Data Policy. Developers will have until July 14, 2016 to make any changes needed for compliance, or extensions and apps that violate the policy will be removed from the Web Store until they will need to become compliant to be reinstated.

The Internet giant also notes that the changes were designed to improve user protection, and that they will allow users to stay better informed and choose how their user data is handled. However, Google is still required to properly enforce the new rules to make a difference, otherwise the change would not be effective.

Related: Google Disables Inline Installation of Chrome Extensions for Deceptive Developers

Related: Google Releases Chrome Extension to Protect Users Against Phishing Attacks

view counter