Use Chrome extensions, apps? Google's privacy crackdown is about to make your personal data a lot safer
The new Chrome Web Store rules include publishing a privacy policy and using encryption for personal or sensitive information.
Google has laid out a new set of rules for its Chrome Web Store in a bid to improve privacy and cut risks to security from installing Chrome apps and extensions.
Google hopes its new User Data Policy will whip developers into line with the spirit of its own privacy practices and is threatening to pull apps from Chrome Web Store if they don't comply.
The new requirements include publishing a privacy policy and using encryption when handling personal or sensitive information.
Apps that collect sensitive data that isn't obviously related to a feature will need to have a "prominent disclosure" that is separate to the privacy policy and which asks for users' consent before collecting personal information.
Google's policy update comes as Europe moves ahead with tougher privacy rules under the newly-passed General Data Protection Regulation, which will require organizations to gain "clear and affirmative consent" when processing private data.
Firms that breach the regulations when processing private data face fines of up to four percent of their worldwide revenue.
Google is giving developers until July 14 to adjust their apps to comply with the new rules, after which it says it will remove non-compliant apps.
The new prominent disclosure requirement will affect extensions that make money by sharing user data with third parties. Such extensions could be one that adds themes to a social-media site but also scrapes the number of friends a user has and sells that for research, or an app that uses a person's email address for login but also provides that to other firms for marketing.
Google is also outlawing the practice of collecting browsing activity for targeted advertising. The only reason for developers collecting browsing activity is to support a user-facing feature that must be prominently described.
Developers will be required to implement Transport Layer Security (TLS) encryption for apps or extensions if they are used to transmit personally identifiable information, financial and payment information, health information, website content and resources, form data, and web-browsing activity.
Google's push for greater transparency on the Chrome Web Store follows its efforts last year to tackle malicious extensions, in particular ad injectors. Google doesn't ban ad injectors but required that apps or extensions are upfront about the functionality.
Last year it also required all Chrome extensions to be hosted in the store and even shut down off-store extensions in the developer channel of Chrome after finding it was being abused to install malware.