I’m always faintly shocked at how many people seem blissfully unaware of what their addons are doing behind their back. Don’t get me wrong, I love Chrome, but its addon security…sometimes leaves a bit to be desired.
To be fair, a lot of the onus is on the user. In the same way that one must practice safe browsing to keep from acquiring a nasty computer virus, one must also exercise caution when installing and using addons. Really, this holds true for pretty much any browser where you can download extensions. You’d think the stuff I’m about to tell you would go without saying, but…
Apparently not. Those of you who use Chrome, think about the last time you installed an application or extension. Did you consider what the extension was supposed to do, or did you just blithely install it?
In the future, if you’re considering installing a new app or extension, here’s a list of questions you should ask:
1. Does the addon appear in the Chrome Web Store?
Google actually does have a pretty decent approval process that they put their new addons through before posting them on the web store. It’s not perfect, but just the same; the automated process roots out most of the nastier bits and pieces of malware, and the user base tends to do the rest. As a general rule, if you’re thinking of downloading an addon or extension, and you find out you can only get it off the developer website…don’t.
The reason for this is simple- whereas there are certain qualifications and standards addons posted on the web store must meet. If an addon exclusively appears on a developer’s website…they aren’t bound by any of Google’s program policies. What small permissions and freedoms are accorded to them by Chrome will more than likely be abused. Worse, addons that don’t have to go through the web store’s approval process have some very nasty exploits they can utilize- fancy getting your account data stolen? No? Then be more wary of what you install.
2. What Does The Extension Do? Do The Permissions It Requires Match With That?
Image via Blogtechnika
Even addons that make it into the Chrome Web Store might end up coming back to bite you, in a sense. Look at what the extension does. Then look at what permissions it asks for. Ask yourself: Why does an extension that tells me when someone’s removed me on Google + need to know my physical location and information about every single page I visit?
Here’s a tip: it doesn’t.
Addons that open up every single permission Chrome will allow-even if those permissions aren’t related to their function- are generally little more than data mining tools. Regardless of whether or not they work, it’s very likely that your personal data is being farmed. If you’re okay with that, well…I guess you can disregard this question.
3. Does The Addon Require Additional Software To Function?
It always sends up a red flag when an addon requires the user to install an additional program. Granted, the additional software could be a platform on which the application/extension was developed- but I’d still be wary. Want an example of why? Look at the Google+Facebook extension. While there’s still some contention on whether or not it’s malware; the developer’s response was…very telling. More on that later.
4. What Are The Users Saying?
When in doubt, read the reviews. They’ll tell you pretty much everything you need to know about the software. Look at what people have said in their comments on the web store page. Look up reviews of the addon on Google. Research pays off in the long run, and you could very well find yourself dodging a bullet. And hey, if an addon ends up being a lemon; you’ll save yourself the time and effort of installing it.
5. Who Is The Developer?
This is a big one. Look at the developer of the addon. See if you can dig up any dirt on them. How do they present themselves to the community? What do people say about them? Are they relatively well known? Unknown? Famous? Infamous? Looking at the person behind the program can often tell you all you need to know.
For example: Google+Facebook was originally called out as being malware on a reddit thread posted by RogueDarkJedi. Now, take a look at the developer’s response. Apparently he never heard of the old adage “’tis better to stay silent and be thought a fool, than to open one’s mouth and remove all doubt”
Final Thoughts- Addon Safety
I believe that about covers it. Follow the steps above, and your personal data- as well as your account data, in the more extreme cases- should remain safe.
The PCMech.com weekly newsletter has been running strong for over 8 years. Sign up to get tech news, updates and exclusive content - right in your inbox. Also get (several) free gifts.
idk if it’s because I’m lazy or what but, I don’t use addons. I suppose it’s because of the reason I like using chrome…simplicity.