Google is putting a new set of restrictions on Chrome extensions to make browser plug-ins more considerate for user privacy. The main change is that now all extensions will be required to use the "minimum set of necessary permissions" when requesting access to the data. Then, if a task can be performed through multiple routes, the extension will be required to take the one that requires access to the least sensitive amount of data.
In addition to that, Google will also start requiring more extensions to publish the privacy. Policies in the Chrome web store. This requirement already exists for extensions that require "personal and confidential user data", but now it is expanding to extensions that need access to any type of personal communication or user-generated content.
Both policies will be implemented sometime this fall, and Google promises developers at least 90 days in advance before that come into force. Extensions that do not meet the requirements will be removed from the store and will be disabled in Chrome browsers.
In addition to Chrome's new extension policies, Google is announcing a similar data limitation policy for apps that connect to Google Drive. Now they will be limited to the "broad access" content and, instead, they must access only the specific files they need. Full backup services and other applications that require full access will still be allowed, but Google will examine them first.
All changes stem from the widespread realization last summer that Gmail application developers have almost complete access for users' emails. In the months that followed, Google has begun to limit developers' access to user data on many of its platforms, including Gmail. While there have not yet been major security breaches, Google is aware of what can happen if an unscrupulous developer takes advantage of the generous data permissions (it's almost the formula of the Cambridge Analytica Facebook scandal) and is trying to crack down on that access before something goes wrong.