Google will make changes to the Chrome Web Store privacy policy
In order to prevent malicious extensions from entering the Chrome Web Store, Google has deployed a variety of automated scanning tools that can automatically detect extensions.
But even so, there are still many extensions that show malicious behavior after being reviewed by Google. In fact, Google has no good way to solve this problem.
In another case, although some extensions are not malicious extensions, they collect user information privately, such as collecting user access records and then pushing advertisements.
In particular, there are more such extensions involving privacy issues. For this reason, Google is preparing a new policy to restrict the permissions that extensions can obtain to protect privacy.
The more obvious change in this new policy is that Google does not authorize all websites for extensions by default, which means that each application can only be applied to a single website.
For example, if an extension program wants to read website content, an authorization prompt box will pop up, and when the user confirms, the extension program will be granted to read all website content.
The new policy is to only grant permission to the website where the authorization is popped up. If you want to authorize multiple websites, you need to pop up multiple times to request user authorization.
Although this may be a little troublesome, it can help users prevent extensions from reading all website content outside of their authorization to steal user privacy.
In addition to the authorization changes, Google will also expand the privacy policy page of the store to make improvements. Users can see the corresponding privacy policy on the expanded details page.
Including what the extension needs to read, what problems may exist, how the data is used, etc. Users can check the privacy policy before installing.
If the permissions actually used by the extension do not conform to the privacy policy, it is a violation of the developer’s policy and will be taken down directly after being discovered by Google.
These new policies will be officially launched next month, when users download and install extensions, they can first check the comments and privacy policies to decide whether to install them.
Via: VentureBeat