Moving forward, developers of third-party add-ons in Chrome and Drive must take a more conservative approach with user permissions. Extensions should only request the least amount of user data they need to function. Additionally, any app that handles user-provided content or personal communications must post a privacy policy. In the past, Google only required such user pacts for extensions that handle sensitive information — a rule that merely impacted a small group of apps. One February study found that 85 percent of Chrome extensions lack a privacy policy.

“Now, we’re expanding this category to include extensions that handle user-provided content and personal communications. Of course, extensions must continue to be transparent in how they handle user data, disclosing the collection, use, and sharing of that data,” noted Chrome’s Alexandre Blondin and Swagateeka Panigrahy in a blog post.

Google is asking Chrome developers to inventory their extensions’ current permissions, and if applicable, switch to “alternatives with a more narrow scope.” After October 15th, any app that violates the new policies risks getting rejected from Chrome’s store. Developers can learn more by reading Google’s updated User Data FAQ.