Privacy Policy

Overview

Extension Auditor is a powerful browser extension that helps users understand and evaluate the security implications of their installed browser extensions. We are committed to protecting your privacy and ensuring that our extension operates with minimal permissions while providing maximum security benefits.

Data Collection & Privacy Focus

What We Analyze

• Installed extensions and their metadata
• Extension permissions and their security implications
• Host access patterns and potential privacy risks
• Content script interactions with web pages
• Extension manifest settings and security practices
• Combined risk assessment based on multiple security factors

Privacy Commitment

Extension Auditor runs entirely in your browser and does not:

• Collect any personal data
• Send data to external servers
• Modify any other extensions
• Modify webpage content
• Track browsing history or behavior
• Store any data outside your browser

Required Permissions

Extension Auditor requires specific permissions to provide its security analysis features. Each permission serves a distinct purpose:

Core Permissions

• management: Essential for accessing information about installed extensions, including their manifests, permissions, and settings
• storage: Stores your preferences and analysis results locally in your browser
• unlimitedStorage: Ensures we can store comprehensive analysis data without size limitations

User Interface Permissions

• sidePanel: Powers our convenient side panel interface for quick access to security insights
• contextMenus: Enables right-click menu options for quick access to extension features
• notifications: Allows us to alert you about important security findings or extension status changes

Functionality Permissions

• commands: Enables keyboard shortcuts for quick access to features:
  • Open Side Panel (Ctrl+Shift+K / Command+Shift+K)
  • Open Dashboard (Ctrl+Shift+E / Command+Shift+E)
  • Reload Extension (Ctrl+Shift+Y / Command+Shift+Y)
• alarms: Used for scheduling periodic security scans and updates

Security Measures

We implement strict security policies:

• Content Security Policy (CSP) restricts script and object sources to only our extension
• Minimum Chrome version requirement (v120+) ensures security features availability
• Offline functionality support for privacy-focused operation

How It Works

On-device Analysis

Extension Auditor performs all analysis locally in your browser, evaluating:

• Permission Analysis: Evaluates permissions and their security implications
• Host Access: Identifies broad host permissions that could pose privacy risks
• Content Script Analysis: Examines how extensions interact with web pages
• Manifest Analysis: Reviews extension manifest settings for security best practices
• Combined Risk Assessment: Calculates overall risk based on multiple security factors

Risk Classification

• Critical: Highly sensitive permissions or combinations that could be dangerous if misused
• High: Permissions that could potentially be used maliciously
• Medium: Permissions that require caution as they provide significant capabilities
• Low: Permissions with limited potential for misuse

Contact Us

If you have any questions about our privacy policy or security practices, please contact us at support@extensionauditor.com