Google announced a new policy for Chrome browser extensions to eliminate the use of deceptive installation tactics.
The additional changes are part of the Project Strobe presented by Google in October 2018 in the aftermath of the data breach that exposed data of over 500,000 users of its Google+.
Google aims at ensuring that all Chrome extensions are trustworthy by default.
Google says that users’ trust in extensions is greatly influenced by the path to downloading an extension. A single bad experience could affect users’ interest in these applications.
“Setting the right expectations for what an extension does, from the start, helps create a healthy and thriving ecosystem of extensions, developers, and passionate users.” states Google.
“Last year, to improve user
Unfortunately, Google still receives user feedback about deceptive extension install flows. The company is prohibiting extensions that benefit from deceptive install tactics with the following policy:
“Extensions must be marketed responsibly. Extensions that use or benefit from deceptive installation tactics will be removed from the Chrome Web Store.
Deceptive installation tactics include:
Developers are asked to audit their install traffic to ensure it is compliant before July 1st, 2019.
Google also introduced two additional restrictions on Chrome browser extensions, the most important one requires the use of the “minimum set of permissions necessary” when asking for access to data. Below the two restrictions: