Google Announces Changes to Its Chrome Web Store to Improve Extensions Experience

Google has announced several changes as to how its Chrome browser handles extensions that request numerous permissions, as well as new requirements for developers who wish to publish their extensions in the Chrome Web Store. These changes are part of the company's work in order to make Chrome extensions safer (see our related update regarding Google's previous update of disabling inline installations here).

The upcoming changes include user controls for host permissions; new code readability requirements (developers of extensions in the Chrome Web Store with obfuscated code are asked to review Google's content policies as well as Google's recommended minification techniques and submit a new compliant version before 1 January 2019); and in addition, 2- Step verification requirements for developer accounts.

In addition, beginning with the new version of Chrome (v70), extensions that ask for extensive permissions will be subject to a more comprehensive review process. Google will also begin monitoring extensions with a remotely-hosted code in order to quickly detect malicious changes. In this regard, Google requests that the extension's permissions (sought by the extension developers), have as narrow a scope as possible.

Google Play Updated Policies

Google Play has updated several policies as follows:

  • Google's Enforcement section has been updated, and offers a better explanation regarding the extent of Google's policy coverage and actions that will be taken against policy violations, in which it is stated that if an app violates any of Google's policies, it will be removed from Google Play. In cases of repeated or serious violations of Google's policies or the Developer Distribution Agreement, an individual's or related account will be terminated;
  • Malicious Behaviour policy: this policy has been updated to clarify the prohibition on surveillance and commercial spyware apps. Inter alia, it prohibits all kinds of malicious software, such as viruses and Trojan horses; apps that link to the distribution or installation of malicious software; and apps or SDKs that download executable code from a source other than Google Play. The only exception to this prohibition is policy-compliant apps, which are exclusively designed and marketed for parental monitoring or enterprise management, provided they comply with Google's requirements, and do not present themselves as spyware or secret surveillance solution and do not hide tracing behaviour;
  • Both 'Designed for Families Program' requirements and Primarily Child-Directed Declaration guidelines have been updated to include a prohibition on the misrepresentation of the participating apps and their target age group; and
  • User Data and Permissions policies have been updated to include restrictions on Call Log and SMS permission usage;

The content of this article is intended to provide a general guide to the subject matter. Specialist advice should be sought about your specific circumstances.