Recently Google has just announced the tightening of the rules for placing plugins in the Chrome Web Store catalog.
Where the first part of the changes that will be made is related to the Strobe project, in which the methods used by third-party application developers and plug-ins to access services related to a user account on Google or data on Android devices were reviewed.
“Third-party websites and applications create services that millions of people use to get things done and personalize their online experience. For this ecosystem to be successful, people must be sure that their data is safe. "
In addition to the new rules previously introduced for managing Gmail data and access restrictions to SMS and call lists for applications on Google Play, Google announced a similar initiative to add Chrome.
About the first part of the changes that Google will implement
The main purpose of all this that Google has implemented to change the rules is to combat the practice of extra requesting additional permissions with a request.
Since these days applications often ask for the highest possible authority, which is not really necessary.
In addition to arguing that the user stops paying attention to the required permissions, which creates favorable conditions for the development of malicious add-ons.
In a matter of weeks, it is planned to make changes to the Chrome Web Store catalog rules, which will require plugin developers to request access only to advanced features that are actually necessary to implement the declared functionality.
Also, if multiple types of authority can be used to implement this, then the developer should use the permission that provides access to the least amount of data.
Previously, such behavior was described in the form of a recommendation, and now it will be transferred to the category of mandatory requirements, in case of non-compliance with which additions are not accepted in the catalog.
The situations in which plugin developers must publish personal data processing rules are also expanded.
In addition to additions that explicitly process personal and confidential data, the personal data processing rules will have to be published and plugins that process any user content and any personal communication.
Early next year, it is also planned to tighten the Google Drive API access rules. Users will be able to explicitly control what data can be given and which applications can be granted access, in addition to performing application verification and viewing installed links.
Our top priority is protecting user data and keeping it safe, while continuing to enable developers to create features that people want and need.
About the second part of the changes
The second part of the changes refers to protection against abuse con the imposition of the installation of unsolicited add-ons, which are often used to carry out fraud.
Last year, the ban on installing add-ons from third-party sites was introduced without changing the add-on directory.
Such a move reduced the number of complaints about unsolicited plug-in installation by 18%. Now it is planned to ban some other tricks used to install add-ons fraudulently.
As of July 1, the accessories that do not comply with the established standards will be removed from the catalog.
En particular, accessories will be subject to being removed from the catalog and for whose distribution misleading interactive elements are used, such as fraudulent activation buttons or forms that are not clearly marked as conducive to the installation of the plug-in.
We are announcing these changes before the official implementation of the policy this summer to give developers the necessary time to ensure their extensions are compliant. Developers can learn more about these changes in our FAQ.
Plugins that save marketing support information or attempt to hide their true purpose on the Chrome Web Store page will also be removed.
Source: https://blog.google/