Google announced today new privacy protections for Chrome extensions[1], along with new rules for the Google Drive API and Drive third-party apps.
The new rules are part of what Google calls Project Strobe[2], an initiative to improve the privacy and security of users' data, which the company set in motion after discovering a serious bug in Google+ that exposed the personal details of over 500,000 users[3].
Project Strobe's main mission is to limit the amount of data third-parties can access about Google users via the company's many services, APIs, and tools.
No more permission-grabbing extensions
As part of this ongoing project, Google announced today two new rules it plans to enforce for Chrome extensions starting this fall.
The first rule is in regards to the permissions Chrome extensions ask from users during installation.
"We're requiring extensions to only request access to the appropriate data needed to implement their features," Google said. "If there is more than one permission that could be used to implement a feature, developers must use the permission with access to the least amount of data."
While Google has recommended this approach[4] for developers when coding their extensions, the company is now making it a requirement for the entire Chrome Web Store.
The browser maker plans to scan all extensions and notify extension developers of any problems. They'll have 90 days[5] to correct the permissions they ask from users or face having their extension removed from the Web Store and