Google last week put app developers on notice, urging them to comply with a new set of privacy policies that it plans on enforcing starting this summer designed to better promote transparency.
The rules reflect an update to Google’s User Data Policy for the Chrome Web Store. The company has ported over user data policies its previously stressed to app developers who use the Chrome Web Store to distribute their products.
“Protecting our users is our key priority, and we believe this change will make sure users are better informed and allow them to choose how their user data is handled,” Teresita Perez, a Policy Advisor at Google, and Athas Nikolakakos, Associate Principal, Global Product Policy at Google, wrote Friday in an entry on its Chromium Blog.
Going forward, app developers are being encouraged to be transparent about the way they handle user data and to disclose their privacy practices. In addition, if they aren’t already doing so, Google is stressing developers to use encryption when handling customers’ personal information.
Developers also need to ask users if it’s okay to collect personal or sensitive information via a prominent disclosure, assuming the use of the data isn’t related to a prominent feature.
The company has also announced it will crack down on apps that unnecessarily collect and use web browsing activity. Only apps that do so for a user-facing feature – described in the app’s description – will be permissible.
Developers whose apps violate the new rules will be allowed to update them until July 14 but on the following day, Google said it will begin removing apps that fail to comply with the policy.
Google has fine-tuned its Chrome Web Store, a marketplace that serves up apps, extensions, and browser themes for Chrome, over the years.
Last year, citing an increase in attacks, it implemented a policy which mandated that Chrome users on Windows and Mac could only install extensions from the Chrome Web Store.
A handful of extensions that managed to circulate through the Web Store in 2014 violated Google’s terms of service. A dozen spammy apps – all which were eventually removed – made unnecessary requests, like permission to access user information across all website. The apps ultimately injected ads into users’ browsers