Google Chrome extensions must obey new privacy rules by October 15th

The new restrictions are a result of the Project Strobe audit.

Time is running out for Chrome developers to follow Google's new privacy rules. The company announced today that third-party developers have until October 15th to comply with updated restrictions on user data, or risk getting kicked off Chrome's Web Store. Google unveiled the changes earlier this year as a result of Project Strobe, its audit on how third-party services handle user privacy.

Moving forward, developers of third-party add-ons in Chrome and Drive must take a more conservative approach with user permissions. Extensions should only request the least amount of user data they need to function. Additionally, any app that handles user-provided content or personal communications must post a privacy policy. In the past, Google only required such user pacts for extensions that handle sensitive information -- a rule that merely impacted a small group of apps. One February study found that 85 percent of Chrome extensions lack a privacy policy.

"Now, we're expanding this category to include extensions that handle user-provided content and personal communications. Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use, and sharing of that data," noted Chrome's Alexandre Blondin and Swagateeka Panigrahy in a blog post.

Google is asking Chrome developers to inventory their extensions' current permissions, and if applicable, switch to "alternatives with a more narrow scope." After October 15th, any app that violates the new policies risks getting rejected from Chrome's store. Developers can learn more by reading Google's updated User Data FAQ.