Skip to main content

Google announces new privacy requirements for Chrome extensions

Google today announced two major changes to how it expects Chrome extension developers to protect their users’ privacy. Starting this summer, extension developers are required to only request access to the data they need to implement their features — and nothing more. In addition, the company is expanding the number of extension developers who will have to post privacy policies.

The company is also announcing changes to how third-party developers can use the Google Drive API to provide their users access to files there.

All of this is part of Google’s Project Strobe, an effort the company launched last year to reconsider how third-party developers can access data in your Google account and on your Android devices. It was Project Strobe, for example, that detected the issues with Google+’s APIs that hastened the shutdown of the company’s failed social network. It also extends some of the work on Chrome extensions the company announced last October.

“Third-party apps and websites create services that millions of people use to get things done and customize their online experience,” Google Fellow and VP of Engineering Ben Smith writes in today’s announcement. “To make this ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road.”

With today’s announcements, Google aims to provide these rules. For extension developers, that means that if they need multiple permissions to implement a feature, they must access the least amount of data possible, for example. Previously, that’s something the company recommended. Now, it’s required.

Previously, only developers who write extensions that handle personal or sensitive data had to post privacy policies. Going forward, this requirement will also include extensions that handle any user-provided content and personal communications. “Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data,” Smith adds.

As for the Drive API, Google is essentially locking down the service a bit more and limiting third-party access to specific files. Apps that need broader access, including backup services, will have to be verified by Google. The Drive API changes won’t go into effect until next year, though.



from TechCrunch https://tcrn.ch/2wv5auI
Labels:

Comments

Post a Comment

Popular posts from this blog

Bill Gates steps down from Microsoft’s board to focus on philanthropy

In an announcement on Friday, Microsoft revealed that company co-founder Bill Gates has decided to step down from his role on its Board of Directors in order to focus on his philanthropic efforts at the Bill & Melinda Gates Foundation. This is Gate’s biggest change to his role at Microsoft since stepping down as company chairman in February 2014. According … Continue reading from SlashGear https://ift.tt/2We90Gu
Post a Comment
Read more

World Economic Forum launches Global AI Council to address governance gaps

The World Economic Forum is creating a series of councils that create policy recommendations for use of things like AI, blockchain, and precision medicine. Read More from VentureBeat http://bit.ly/2EKBjD4
Post a Comment
Read more

A Mini USB Keyboard That Isn’t A Keyboard

A useful add-on for any computer is a plug-in macro keyboard, a little peripheral that adds those extra useful buttons to automate tasks. [ Sayantan Pal] has made one, a handy board with nine programmable keys and a USB connector, but the surprise is that at its heart lies only the ubiquitous ATmega328 that you might find in an Arduino Uno. This isn’t a USB HID keyboard, instead it uses a USB-to-serial chip and appears to the host computer as a serial device. The keys themselves are simple momentary action switches, perhaps a deluxe version could use key switches from the likes of Cherry or similar. The clever part of this build comes on the host computer, which runs some Python code using the PyAutoGui library. This allows control of the keyboard and mouse, and provides an “in” for the script to link serial and input devices. Full configurability is assured through the Python code, and while that might preclude a non-technical user from gaining its full benefit it’s fair to say that ...
Post a Comment
Read more