Google Updates Chrome Web Store Policy, Requires Devs To Be More Transparent About User Data

An anonymous reader writes: On Friday, Google announced it is making changes to Chrome Web Store's User Data Policy to ensure developers are more transparent about how their extensions handle customer data. The company has notified developers and is giving them three months to comply with the changes. Come July 15, 2016, company says, extensions that violate the policy will be removed from the Chrome Web Store.The announcement comes amid a report that pointed out a rogue extension in the Chrome Web Store. The incident was one of many we have seen in the past few months. Following are the requirements that a developer must meet: 1. Be transparent about the handling of user data and disclose privacy practices. 2. Post a privacy policy and use encryption, when handling personal or sensitive information. 3. Ask users to consent to the collection of personal or sensitive data via a prominent disclosure, when the use of the data isn't related to a prominent feature.

And Android apps?

[pz]

How about Android apps? Sure, it's nice to know that something I've downloaded needs access to my camera, or my files, or my contacts, etc., but I'd like to have the transparency about exactly WHAT they will be doing with that access.

In some cases, the nefarious intent is pretty clear. There are airline apps that want access to my camera. Not going to happen. There are car tuning apps that want access to my contacts. Not going to happen. There are music apps that want access to my location. Not going to happen.

In other cases, though, there is a plausible case for access, but it might well be hiding nefarious intent. Although a published policy alone won't prevent nefarious intent, if there's enforcement behind it, it will certainly help.

What I fear, though, is the equivalent of EULAs -- documents so large and complex that it becomes effectively impossible to read through them. We need the equivalent of simple language instructions. In my line of work, I occasionally have to write documents for public consumption that are strictly enforced to be short and understandable by people with reading skills of an 8 year old. Why can't we have EULAs, and by extension privacy and transparency documents, with the same requirements?

Re:And Android apps?

[ArylAkamov]

Ever browse flashlight apps?

Nearly all of them want access to your camera (Understandable, as it uses the led flash), microphone, contacts, GPS location, file system.

Too bad most people don't bother to read what various "apps" want access to (Or don't care).

Re:And Android apps?

[tlhIngan]

In other cases, though, there is a plausible case for access, but it might well be hiding nefarious intent. Although a published policy alone won't prevent nefarious intent, if there's enforcement behind it, it will certainly help.

Actually, the main reason for the overreach is because the app is free, and the devs are making it up showing ads. It's a sad fact that Android users as a whole hate paying for apps (the app piracy rate rival's the PC, and we're talking 99 cent apps here, not Photoshop or Office).. Thus, as a dev, well, the only way is to sell ads. (Which is probably why Google's got you covered).

And those ad networks are, generally speaking, going to try to rape your phone of its data. Like they did on iOS until Apple made the user painfully aware of that.

As for other apps - an airline app may want camera access so you can quickly transfer a booking to your phone - you know, to show the gate agent your electronic ticket instead of a paper printout. This may require scanning in the information via a barcode, which requires the camera.

And until the FTC started making noise about it, I'm sure some apps needed microphone access to see what you were watching on TV or listening to on the radio.