Chrome add-ons just became less scary, security-wise

Google has tightened the rules for admission to the Chrome Web Store, the online bazaar for add-ons to its browser.

The big change to the Alphabet subsidiary's User Data Policy is that third-party party developers are no longer permitted to move personal data in plain text. Developers must also create and publish a privacy policy explaining what data they collect using Chrome, how it is used and apply “modern cryptography” when the data is in transit.

Privacy policies “... must, together with any in-Product disclosures, comprehensively disclose how your Product collects, uses and shares user data, including the types of parties with whom it’s shared.” Google will check to ensure the policy is included in the dashboard offered to developers and made prominent on the installation page.

Google's even insisting on a “Prominent Disclosure Requirement” that will force developers to stop collecting data “that is not closely related to functionality described prominently in the Product’s Chrome Web Store page and user interface” to “Prominently disclose how the user data will be used, and obtain the user’s affirmative consent for such use.”

Welcome improvements all, if Google enforces them properly. And that's a big-ish if: the search and ad operation has allowed hundreds of malware-riddled apps into its Android Play Store, hardly a sign of quality curation.

The company's new policies read well, but the proof of this pudding will be in the eating. ®