New policies for Google Chrome extensions and Google Drive API

Third-party apps and websites create services that millions of people use to get things done and customize their online experience. To make this ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road. That’s why last year we announced Project Strobe, a root-and-branch review of third-party developer access to your Google account and Android device data.

As a result of our review, we implemented new policies across Gmail and Android to better protect your data. For example, with changes to SMS and Call Log permissions for Android apps, the number of apps with access to this sensitive information has decreased by more than 98 percent. These apps are still able to deliver core services to people just by switching to permissions that access less sensitive data, or by eliminating minor functionality in their apps.

Today, we’re announcing additional changes as a result of Project Strobe, including new policies for Chrome extensions and the Drive API. Here’s what’s new:

Trustworthy Chrome Extensions

There are more than 180,000 extensions in the Chrome Web Store, and nearly half of all Chrome desktop users actively use extensions to customize Chrome and their experience on the web—helping them keep track of to-dos or find shopping deals online. This ability to improve and personalize online experiences depends on a vibrant community of Chrome browser developers.

Last October, we shared our intention to ensure that all Chrome extensions are trustworthy by default. Today, as part of Project Strobe, we’re continuing that effort with additional Chrome Web Store policies. Specifically:
  1. We’re requiring extensions to only request access to the appropriate data needed to implement their features. If there is more than one permission that could be used to implement a feature, developers must use the permission with access to the least amount of data. While this has always been encouraged of developers, now we’re making this a requirement for all extensions.
  2. We’re requiring more extensions to post privacy policies, including extensions that handle personal communications and user-provided content. Our policies have previously required any extension that handles personal and sensitive user data to post a privacy policy and handle that data securely. Now, we’re expanding this category to include extensions that handle user-provided content and personal communications. Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data.
We’re announcing these changes in advance of the official policy rollout this summer to give developers the time needed to ensure their extensions will be in compliance. Developers can learn more about these changes in our FAQ.

Tightening the Drive API

Last fall we updated our user data policy to provide additional guidelines and restrictions for apps seeking to access your Gmail data. Today we’re announcing plans to extend the same policy to Google Drive, which will give you more control over what data third-party apps can access in Drive.

When you connect third-party apps, Drive gives you one central place to keep all your files and helps you easily collaborate with others. With this updated policy, we’ll limit apps that use Google Drive APIs from broadly accessing content or data in Drive. This means we’ll restrict third-party access to specific files and be verifying public apps that require broader access, such as backup services.

These changes will go into effect early next year. Visit the Cloud blog for more details.
Our top priority is to protect user data and keep it safe, while continuing to enable developers to build features that people want and need. As we continue the work of Project Strobe, we’ll also work with our developer partners to give them appropriate time to adjust and update their apps and services.


Source: Update on Project Strobe: New policies for Chrome and Drive
 
....1. We’re requiring extensions to only request access to the appropriate data needed to implement their features. If there is more than one permission that could be used to implement a feature, developers must use the permission with access to the least amount of data....

On a related note, Kate O'Flaherty's 30-May-2019 Forbes.com article Google Just Gave 2 Billion Chrome Users A Reason To Switch To Firefox reports that Google has decided to go ahead with their plans to prevent home users from installing uBlock Origin and other ad blockers that use Chrome’s webRequest API:
"...Google is planning to restrict modern ad blocking Chrome extensions to enterprise users only, according to 9to5Google. This is despite a backlash to an announcement by Google in January proposing changes that will stop certain ad blockers from working efficiently....

...“We are starting to see Google's conflict of interest arising,” Sean Wright, an independent security consultant told me. “Google relies on the revenue of advertising, so one can see why they would make such a move.”...

According to Martin Brinkmann's 30-May-2019 ghacks.net article Google Still On Track to Limit Ad-blockers in Chrome:
..."There will be a replacement for the current API that content blockers may use instead to continue blocking web content but it will limit the number of filters that content blockers may load at any given time."...

Kudos to CADesertRat for posting a link to that Forbes article in the AskWoody forum <here>.
 

My Computers

System One System Two

  • Operating System
    32-bit Vista SP2 Home Premium
    Manufacturer/Model
    HP Pavilion dv6835ca
    CPU
    Intel Core2Duo T5550 @ 1.83 GHz
    Motherboard
    Quanta 30D2 (U2E1)
    Memory
    3 GB RAM
    Graphics Card(s)
    NVIDIA GeForce 8400M GS
    Sound Card
    Realtek High Definition Audio
    Hard Drives
    250 GB SATA Western Digital Scorpio WD2500BEVS 5400 rpm
    Other Info
    Malwarebytes Premium v3.5.1-1.0.365 * Firefox ESR v52.9.0
  • Operating System
    64-bit Win 10 Pro v22H2
    Manufacturer/Model
    Dell Inspiron 15 5584
    CPU
    Intel i5-8265U @1.60/1.80 GHz
    Motherboard
    Dell Inc. 07R8NW
    Memory
    8 GB DDR4 SDRAM
    Graphics card(s)
    Intel UHD Graphics 620
    Hard Drives
    Toshiba 256 GB KBG40ZNS256G NVMe SSD
    Other Info
    Microsoft Defender * Malwarebytes Premium * Firefox
Back
Top