Readers like you help support MUO. When you make a purchase using links on our site, we may earn an affiliate commission. Read More.

How does Chrome web store guard against its apps accessing data input by user on it's browser, such as passwords , credit card  etc?

Justin P
2013-09-10 21:24:59
Every time you install an extension you're shown which apps require access to which information – typically which sites these extensions require access to. Chrome will not allow apps to access anything but what their permissions require.Many extensions require access to most everything, of course – whether they need it or not. But avoid those and you can rest easy.
MAKEUSEOF VIDEO OF THE DAY
SCROLL TO CONTINUE WITH CONTENT
Drsunil V
2013-09-11 09:11:01
Thanks. V.nice answer
Oron J
2013-09-10 10:57:20
The Chrome web store scans all the software for viruses, but it doesn't (and can't) prevent the apps from accepting user input. There are perfectly valid reasons for an app to ask for that info (e.g. a banking app which needs your card number to identify the user). Desktop apps are somewhat protected anyway in that every app is a separate window/tab, and as such, runs in a separate process, so game, for example, won't be able to steal your sensitive banking data from an adjacent browser tab. On Android however, you just need to be very careful!
Drsunil V
2013-09-11 09:11:45
Thanks. Useful comparison vis-a-vis desktop app and chrome app
Jan F
2013-09-10 10:10:26
I would simply say it doesn't? After all, that is why you have to confirm permission for apps or extensions to access your private data.As the Chrome Help states:"Don’t install an app or extension unless you trust its creator. Check the item’s ratings and reviews to determine if it’s trustworthy."https://support.google.com/chrome_webstore/answer/186213?hl=en
Jan F
2013-09-17 20:33:46
The site I linked pretty much explains the different levels of access an extension will have.I cannot confirm or deny whether an extension can possible read/record user input on a specific site. One would have to reverse-engineer/inspect the code of the extension in question.My general suggestion is ~ as the Google site states ~ to only use extensions from trustworthy developers and with positive reviews (good rating, a lot of downloads). As far as online banking goes the only suggestion I have is to ALWAYS use incognito mode and make sure all extensions are disabled (chrome://extensions uncheck "allow in incognito").