Google announced new rules that will restrict access to user data for third-party add-ons in Chrome and Drive. From now on, Chrome extension developers must request the least amount of user data their app requires to function. Apps that connect with Google Drive — such as Pixlr and many popular document signing apps — will be barred from accessing the entirety of the user’s files. The changes are a result of Project Strobe, an audit Google launched in October to study how third-party services handle user data.
Google Drive apps are being asked to move to a “per-file” user consent model. In short, apps will have to ask for permission each time they need access to an individual file.
While the new privacy rules are promising, they’ll take some time to go into effect. Google is making developers aware of the updated policy today, but the rules won’t be enforced until this fall. For Google Drive developers, enforcement won’t start until early next year.