Google Chrome extensions will be required to minimize access to user data

CyberTech

Level 44
Thread author
Verified
Top Poster
Well-known
Nov 10, 2017
3,247
Google is putting a new pair of restrictions on Chrome extensions meant to make the browser add-ons more considerate of users’ privacy. The major change is that all extensions will now be required to use the “minimum set of permissions necessary” when asking for access to data. So if a task can be accomplished through multiple routes, the extension will be required to take the one that requires access to the least-sensitive amount of data.

On top of that, Google will also begin requiring more extensions to post privacy policies in the Chrome Web Store. This requirement is already in place for extensions that require “personal and sensitive user data,” but now it’s being expanded to extensions that need access to any kind of personal communication or content generated by the user.

Google has been limiting access over the past year to protect user data
Both policies will be implemented sometime this fall, with Google promising developers at least 90 days’ notice before they go into effect. Extensions that don’t come into compliance will be removed from the store and disabled within Chrome browsers.

In addition to the new Chrome extension policies, Google is announcing a similar data limitation policy for apps that tap into Google Drive. They’ll now be limited from “broadly accessing” content and instead be required to access only the specific files they need. Full-on backup services and other apps that require total access will still be allowed, but Google will vet them first.

The changes all stem from the somewhat widespread realization last summer that developers of Gmail apps have near-complete access to users’ emails. In the months since, Google has begun limiting developers’ access to user data across many of its platforms, including Gmail. While there haven’t been any major security breaches yet, Google is clearly aware of what can happen if an unscrupulous developer were to take advantage of generous data permissions — it’s pretty much the formula for Facebook’s Cambridge Analytica scandal — and it’s trying to clamp down on that access before anything goes wrong.

Source
 

DJ Panda

Level 30
Verified
Top Poster
Well-known
Aug 30, 2015
1,928
Kinda ironic that Google is trying to "protect" our privacy. I am glad I've toned down on their services even though I know it's not enough with them..
 
  • Like
Reactions: Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top