Important: Chrome will be removing support for Chrome Apps on Windows, Mac, and Linux. Chrome OS will continue to support Chrome Apps. Additionally, Chrome and the Web Store will continue to support extensions on all platforms. Read the announcement and learn more about migrating your app.
Important: The new requirements for Minimum Permission and updated User Data policy will be enforced starting 10/15/2019.
1. How do I determine if my Product is compliant with the User Data Policy or if I need to make any changes?
Read these frequently asked questions in order (from top to bottom) and they will lead you through a series of steps to help determine whether any changes are needed. The first question is: Does your Product handle personal or sensitive user data?
2. What does "handle" mean in the User Data Policy? What are some common ways a Product handles sensitive or personal user data?
Generally, by "handle" we mean collecting, transmitting, using, or sharing user data. Here are some examples of functionality that handle sensitive or personal user data:
- Having login functionality (even if you use a third-party system, like Google authentication)
- Having a form that collects any type of personally identifiable information (see the answer to question #3 for more information)
- Clipping or scraping content from a website that the user visits, such as taking screenshots or capturing data from a web page
- Collecting data obtained from web requests, such as a background activity that accesses contacts, emails, files, or other data from a user's cloud service
- Collecting web browsing activity and any information about the website content or resources a user requests or interacts with, including the domains or URLs the browser interacts with, the content of the HTTP requests and responses, and data in a website's browser storage (like cookies)
3. What are examples of sensitive or personal user data?
Sensitive or personal user data may include:
- Personally identifiable information (including a person's name, address, telephone number, email address, and username. It also includes any type of identification number, such as a government issued number, driver's license number, or account number),
- Financial and payment information,
- Health information, Authentication information (such as logins, password, and authentication cookies),
- Website content and resources,
- Form data,
- Web browsing activity (which is any information about the websites or other web resources a user requests or interacts with, including the domains or URLs the browser interacts with).
- Personal communications, and
- User-generated content.
4. My Product DOES NOT handle sensitive or personal data. What do I need to do?
5. My Product DOES handle sensitive or personal data. What do I need to do?
Products that handle personal or sensitive user data must, at a minimum:
- Handle the user data securely, including transmitting it via modern cryptography.
Read the policy and the answers to the other FAQs because certain uses of personal or sensitive user data are subject to additional requirements or are prohibited.
- What information do you collect?
- Explain all the information your extension collects. This includes information that you may collect automatically, such as server and HTTP logs, data transmitted by the extension to you, and usage information. This also includes information that you get from the user, either directly or via the permissions API, including persistent identifiers.
- How do you use the information?
- Disclose how you use the information you collect. For example, you may use the information to provide certain services to users, to recognize them the next time they use your extension, or to send them promotional emails.
- What information do you share?
- Describe the circumstances when you share information.
7. Does all user data need to be encrypted?
This policy establishes a minimum requirement of encrypting transmissions of all personal or sensitive user data: we strongly recommend that you encrypt all transmissions facilitated by your Product (see our I/O 2014 talk on HTTPS Everywhere).
8. What type of encryption does the User Data Policy require?
Extensions must transmit "personal and sensitive user data" over a secure connection (e.g. HTTPS, WSS) and stored at rest using a strong encryption method such as RSA or AES. You should not use any cipher suite that is blacklisted by IETF. Our requirements may change over time.
9. Does my Product's handling of personal or sensitive user data require a prominent disclosure and affirmative consent?
These requirements only apply when both:
- The Product handles personal or sensitive user data AND
- The handling of that personal or sensitive user data is not closely related to functionality described prominently in the Product's Chrome Web Store page and user interface.
Here are a few examples:
|Description||Prominent Disclosure Required?|
|An extension whose sole marketed purpose is to sync a user's browser history to a central service.||
Prominent Disclosure not Required
(a) Sensitive Data? Sensitive (web browsing activity)
(b) Relation to Described Functionality? Related (the marketed purpose was to sync the history)
|An extension, app, or hosted app collects and transmits anonymous usage information about how frequently users click on or see various user interface elements of the Product.||
Prominent Disclosure not Required
(a) Sensitive Data? Not Sensitive (this type of anonymous usage data is not personal or sensitive)
(b) Relation to Described Functionality? Unrelated (usage collection statistics aren't usually disclosed so prominently and aren't closely related to user functionality)
|An extension whose sole marketed purpose is add themes to popular social media sites, but also anonymously scrapes the number of friends a user has, for sale or research purposes.||
Prominent Disclosure Required
(a) Sensitive Data? Sensitive (website content or resources)
(b) Relation to Described Functionality? Unrelated (not closely related to a described functionality)
|An extension, app, or hosted app that handles an email address for login purposes and also provides that email address to others for the others' marketing purposes.||
Prominent Disclosure Required
(a) Sensitive Data? Sensitive (personally identifiable information)
(b) Relation to Described Functionality? Unrelated (while the use for authentication is closely related to the user functionality, the transfer to others for marketing purposes is not)
10. How do I satisfy the prominent disclosure requirement?
To obtain consent, the Product must ask the user to agree to the prominent disclosure in a manner that requires them to take a specific action clearly agreeing to the disclosure before collecting or using the personal or sensitive user data.
The prominent disclosure and consent must occur within the Product's user interface. Disclosures in the Chrome Web Store description or inline installation page do not satisfy this requirement.
11. Can my Product publicly disclose authentication, payment or financial Information?
No. The Other Requirements section prohibits publicly disclosing authentication, payment, or financial information; therefore this product would be in violation of our policies.
12. Can my extension collect web browsing activity not necessary for a user-facing feature, such as collecting behavioral ad-targeting data or other monetization purposes?
No. The Other Requirements section states that an extension can only collect and transmit web browsing activity to the extent required for a user-facing feature that is prominently described in the Chrome Web Store page and user interface. Ad targeting or other monetization of this data isn't for a user-facing feature. And, even if a user-facing feature required collection of this data, its use for ad targeting or any other monetization of the data wouldn't be permitted because the Product is only permitted to use the data for the user-facing feature.
13. What are examples of "user-facing features" for the purposes of the restriction on collecting and using web browsing activity in the Other Requirements section?
A "user-facing feature" means functionality provided by the extension via a user interface element (including interactive buttons, text, forms, and images). Compliance with the policy requires that the extension have some type of user interface element and that the element provide some type of functionality needing the web browsing data.
Examples of user-facing features include:
- A browser action button whose popup shows the WHOIS information for the current domain
- A dialog box added to websites by content script that allows users to view others' and add their own annotations to any web page
- A new tab page that includes a list of recently browsed websites
Examples of features that aren't user-facing include:
- A dialog box disclosing the collection of web browsing history
- An extension that has no interactive UI elements exposed to the user, but collects web browsing activity in the background for another purpose, including providing rewards to the user
15. How does the User Data Policy apply to client applications, such as FTP or IRC clients?
When the Product is a client for an internet protocol with user-specified servers, like an FTP or IRC client, the Personal or Sensitive User Data section does not apply to the Product's collection of data for, or transmission of data with, the user-specified server.
The User Data Policy still applies, however, to user data handled for other purposes. For example, if the Product required users to enter an email address for registration, then the Product would need to comply with the Personal or Sensitive User Data section of the policy.
16. Does data transmitted between a Chrome app or extension and native programs on the same computer need to be encrypted?
1. Why did Google create a "minimum permission" policy for Chrome extensions?
Chrome Web Store provides a platform for users to access a wide variety of useful apps, and we want extension users to be confident that their data is secure. We want to support the use of extension permissions that directly benefit the user. In the past we've tried to ensure end-user safety and security by recommending that extensions only use the minimum set of permissions necessary, but to promote safe data use practices, we are now making that recommendation a requirement for all extensions.
Extensions must require only the narrowest set of permissions necessary to provide their existing services or features. Developers may use minimally-scoped optional permissions to further enhance the capabilities of the extension, but must not require users to agree to additional permissions. When an update requires additional permissions, end users will be prompted to accept them or disable the extension. This prompt notifies users that something has changed and gives them control over whether or not to accept this new use.
2. Does the "minimum permission" policy also apply to optional permissions?
Yes. The policy applies to both required and optional permissions.
3. What does "minimum permission" mean here?
Extensions must only require access to the narrowest set of permissions necessary to implement the existing services or features of your product. If there is more than one permission that can be used to implement a feature, you must choose the one that accesses the least amount of data.
4. Will the "minimum permission" policy affect my extension?
The exact impact will depend on what permissions you request and how they are used. You should inventory your extensions' current permissions and, where possible, switch to alternatives that are more narrowly scoped. Additionally, you should include a list of permissions used and the reasons you require them in your Chrome Web Store listing or in an "about page" in your extension.
5. My extension is currently using more permissions than needed so I can future-proof future versions of my extension. Is this ok under the "minimum permission" policy?
No, extensions may not require permissions they do not need for their current functionality, regardless of future plans. Extensions must only require permissions that enable their existing services or features. Extensions may request additional capabilities via minimally-scoped optional permissions. If you expand the features of your extension and require a new permission, you may only request the permission in the updated version of the extension.