How does Chrome web store guard against its apps accessing data input by user on its browser?

Drsunil V September 10, 2013
Pinterest Stumbleupon Whatsapp

How does Chrome web store guard against its apps accessing data input by user on it’s browser, such as passwords , credit card  etc?

  1. Justin P
    September 10, 2013 at 9:24 pm

    Every time you install an extension you're shown which apps require access to which information – typically which sites these extensions require access to. Chrome will not allow apps to access anything but what their permissions require.

    Many extensions require access to most everything, of course – whether they need it or not. But avoid those and you can rest easy.

    • Drsunil V
      September 11, 2013 at 9:11 am

      Thanks. V.nice answer

  2. Oron J
    September 10, 2013 at 10:57 am

    The Chrome web store scans all the software for viruses, but it doesn't (and can't) prevent the apps from accepting user input. There are perfectly valid reasons for an app to ask for that info (e.g. a banking app which needs your card number to identify the user).

    Desktop apps are somewhat protected anyway in that every app is a separate window/tab, and as such, runs in a separate process, so game, for example, won't be able to steal your sensitive banking data from an adjacent browser tab. On Android however, you just need to be very careful!

    • Drsunil V
      September 11, 2013 at 9:11 am

      Thanks. Useful comparison vis-a-vis desktop app and chrome app

  3. Jan F
    September 10, 2013 at 10:10 am

    I would simply say it doesn't? After all, that is why you have to confirm permission for apps or extensions to access your private data.

    As the Chrome Help states:
    "Don’t install an app or extension unless you trust its creator. Check the item’s ratings and reviews to determine if it’s trustworthy."

    https://support.google.com/chrome_webstore/answer/186213?hl=en

    • Drsunil V
      September 11, 2013 at 9:12 am

      Thanks

    • Drsunil V
      September 17, 2013 at 1:29 pm

      Appending a sub-question : If an app ( which is NOT a bank app ) asks permissions to access all data input by user on browser , then it can access passwords of email , bank and credit card input?

    • Jan F
      September 17, 2013 at 8:33 pm

      The site I linked pretty much explains the different levels of access an extension will have.

      I cannot confirm or deny whether an extension can possible read/record user input on a specific site. One would have to reverse-engineer/inspect the code of the extension in question.

      My general suggestion is ~ as the Google site states ~ to only use extensions from trustworthy developers and with positive reviews (good rating, a lot of downloads).

      As far as online banking goes the only suggestion I have is to ALWAYS use incognito mode and make sure all extensions are disabled (chrome://extensions uncheck "allow in incognito").

Ads by Google