Much of Chrome’s power and flexibility comes from its huge ecosystem of extensions. The problem is that these extensions can also steal data, watch your every move, or worse. Here’s how to make sure an extension is safe before installing it.
Why Chrome Extensions Can be Dangerous
When you install a Chrome extension, you’re essentially entering into a trust-based relationship with the creator of that extension. You’re allowing the extension to live in your browser, potentially watching everything you do. We’re not suggesting that they all do this—but the ability is there.
There is a permission system in place to help prevent this, but a system like this is only as good as the people who are using it. In other words, if you’re not actually paying attention to the permissions you allow extensions to have, then they might as well not even exist.
To make things worse, even trustworthy extensions can become compromised, transforming them into malicious extensions that harvest your data—most likely without you even realizing what’s happening. In other situations, a developer can build a useful extension that generates no revenue, then turn around and sell it to another company that fills it with ads and other tracking tools to turn some profit.
In short, there are lots of ways browser extensions can be dangerous or can become dangerous. So not only do you have to watch out when you’re installing an extension, but you also have to continuously monitor them after installation.
What to Look for Before Installing an Extension
In order to stay safe when it comes to browser extensions, there are a few key things you need to pay attention to.
Check Out the Developer’s Website
The first thing to look at before installing a new extension is the developer. In short, you want to make sure it’s a legitimate extension. For example, if you’re installing an extension for Facebook that was published by some random guy, you may want to look a bit closer at what it’s doing.
Now, that’s not to say that every extension written by a single developer is illegitimate, just that you may need to take a closer look before automatically trusting it. There are plenty of legitimate, honest extensions that add useful features to other services—like Ink for Google, for example.
You can find the developer name directly under the name of the extension, generally prefaced by “Offered By.”
In many cases, you can find more information about the developer by clicking the name—if available, it will redirect to the dev’s website. Do some sleuthing, see what you find. If they don’t have a website or the name doesn’t link to anything, then you may have to dig around a little more. Good thing we have more stuff on this list.
Read the Description—All of It
Read the description—and not just part of it! Read through the entire description and look for things that may be questionable, like tracking info or data sharing. Not all extensions include these details, but some do. And that’s something you want to know.
You can find the description on the right side of the app window, directly beside the extension images. The above image shows an example of something you could miss if you don’t read the entire description.
Pay Attention to the Permissions
When you try to add an extension to Chrome, a pop up warns you about what permissions the extension needs. There isn’t a granular “pick and choose” permission granting system here, but rather an all or nothing system. You’ll get this menu after clicking the “Add to Chrome” button. You have to approve these permissions before you can install the extension.
Pay attention to what’s going on here—think about what you’re reading. If a photo editing extension needs access to everything you do online, I would question that. Common sense goes a long way here—if something doesn’t sound right, then it probably isn’t.
Check Out the Reviews
This is the low man on the totem poll because you can’t always trust user reviews. You can, however, look for common themes and questionable content.
For example, if there are several similarly-worded reviews, that should at least raise an eyebrow. There are a handful of reasons why this can happen, most of which are highly questionable (developers buying reviews, etc.).
Otherwise, keep an eye out for common themes—users complaining of oddities happening, speculating on their data being taken, basically anything that strikes you as odd—especially if multiple users are saying it.
Now, we’re not suggesting you read through every single review. That could take ages on some extensions! Instead, just a quick skim should do the trick.
Dig into the Source Code
So here’s the thing: this one isn’t for everyone. Or even most people! But if an extension is open source (many are, most aren’t), then you can dig through the code. If you know what to look for, then you probably already do this. But just in case, it’s still worth a mention.
You can oftentimes find the source code from the developer’s website, which we talked about early. If it’s available, that is.