CONFERENCE Cyber AI & Automation Summit - Watch Sessions
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Privacy

Google Tightens Security Rules for Chrome Extensions

Google has updated its User Data Policy for the Chrome Web Store, in an attempt to improve the safety and privacy for users of its Chrome web browser.

Google has updated its User Data Policy for the Chrome Web Store, in an attempt to improve the safety and privacy for users of its Chrome web browser.

Following the new changes, third-party developers are required to be transparent in how they handle user data, while also being required to inform users on what data they collect, how they use it, and who they share it with. Moreover, Google requires developers to limit their use of the data to the practices they disclosed.

The new User Data Policy for the Chrome Web Store requires developers to keep users informed on data collection and on the manner in which the data is handled. They should also ask for user consent when collecting sensitive data.

Developers of Chrome extensions that handle personal or sensitive user data such as personally identifiable information, financial and payment information, authentication information, and the like are required to post a privacy policy and to handle data securely, including transmitting it via modern cryptography.

“The privacy policy must, together with any in-Product disclosures, comprehensively disclose how your Product collects, uses and shares user data, including the types of parties with whom it’s shared,” Google notes in the User Data Policy.

Additionally, the Internet giant notes that, for extensions and apps that handle personal or sensitive user data “that is not closely related to functionality described prominently in the Product’s Chrome Web Store page and user interface,” developers need to prominently disclose how the user data will be used, and also obtain the user’s affirmative consent for such use.

Based on the new policy, developers are prohibited from collecting web browsing activity when it’s not required for an item’s main functionality: “collection and use of web browsing activity is prohibited except to the extent required for a user-facing feature described prominently in the Product’s Chrome Web Store page and in the Product’s user interface.”

According to Google, developers will be notified when products in the Chrome Web Store are found to violate the User Data Policy. Developers will have until July 14, 2016 to make any changes needed for compliance, or extensions and apps that violate the policy will be removed from the Web Store until they will need to become compliant to be reinstated.

Advertisement. Scroll to continue reading.

The Internet giant also notes that the changes were designed to improve user protection, and that they will allow users to stay better informed and choose how their user data is handled. However, Google is still required to properly enforce the new rules to make a difference, otherwise the change would not be effective.

Related: Google Disables Inline Installation of Chrome Extensions for Deceptive Developers

Related: Google Releases Chrome Extension to Protect Users Against Phishing Attacks

Written By

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Don’t miss this Live Attack demonstration to learn how hackers operate and gain the knowledge to strengthen your defenses.

Register

Join us as we share best practices for uncovering risks and determining next steps when vetting external resources, implementing solutions, and procuring post-installation support.

Register

People on the Move

Shanta Kohli has been named CMO at Sysdig.

Cloud security firm Sysdig has appointed Sergej Epp as CISO.

F5 has appointed John Maddison as Chief Product Marketing and Technology Alliances Officer.

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.