Third-party apps and websites create services that millions of people use to get things done and customize their online experience. To make this ecosystem successful, people need to be confident their data is secure, and developers need clear rules of the road. That’s why last year we announced Project Strobe, a root-and-branch review of third-party developer access to your Google account and Android device data.
As a result of our review, we implemented new policies across Gmail and Android to better protect your data. For example, with changes to SMS and Call Log permissions for Android apps, the number of apps with access to this sensitive information has decreased by more than 98 percent. These apps are still able to deliver core services to people just by switching to permissions that access less sensitive data, or by eliminating minor functionality in their apps.
Today, we’re announcing additional changes as a result of Project Strobe, including new policies for Chrome extensions and the Drive API. Here’s what’s new:
Trustworthy Chrome Extensions
There are more than 180,000 extensions in the Chrome Web Store, and nearly half of all Chrome desktop users actively use extensions to customize Chrome and their experience on the web—helping them keep track of to-dos or find shopping deals online. This ability to improve and personalize online experiences depends on a vibrant community of Chrome browser developers.
Last October, we shared our intention to ensure that all Chrome extensions are trustworthy by default. Today, as part of Project Strobe, we’re continuing that effort with additional Chrome Web Store policies. Specifically:
- We’re requiring extensions to only request access to the appropriate data needed to implement their features. If there is more than one permission that could be used to implement a feature, developers must use the permission with access to the least amount of data. While this has always been encouraged of developers, now we’re making this a requirement for all extensions.
- We’re requiring more extensions to post privacy policies, including extensions that handle personal communications and user-provided content. Our policies have previously required any extension that handles personal and sensitive user data to post a privacy policy and handle that data securely. Now, we’re expanding this category to include extensions that handle user-provided content and personal communications. Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use and sharing of that data.
We’re announcing these changes in advance of the official policy rollout this summer to give developers the time needed to ensure their extensions will be in compliance. Developers can learn more about these changes in our FAQ.
Tightening the Drive API
Last fall we updated our user data policy to provide additional guidelines and restrictions for apps seeking to access your Gmail data. Today we’re announcing plans to extend the same policy to Google Drive, which will give you more control over what data third-party apps can access in Drive.
When you connect third-party apps, Drive gives you one central place to keep all your files and helps you easily collaborate with others. With this updated policy, we’ll limit apps that use Google Drive APIs from broadly accessing content or data in Drive. This means we’ll restrict third-party access to specific files and be verifying public apps that require broader access, such as backup services.
These changes will go into effect early next year. Visit the Cloud blog for more details.
Our top priority is to protect user data and keep it safe, while continuing to enable developers to build features that people want and need. As we continue the work of Project Strobe, we’ll also work with our developer partners to give them appropriate time to adjust and update their apps and services
By Ben Smith, Google Fellow and Vice President of Engineering