Extension Details
Context-Aware Verdict
The extension has a substantial user base of 200,000 users, which suggests some level of community acceptance. However, the relatively low rating of 3.2 out of 5 from 748 reviews indicates mixed user experiences and potential issues. The developer domain "wapi7.com" lacks clear corporate identity or established reputation, which reduces trustworthiness. The vague description and missing key metadata (size, last updated date) further diminish confidence in the extension's legitimacy.
The extension requests broad host permissions for WhatsApp Web, which is appropriate for its apparent WhatsApp-related functionality. However, the combination of scripting, declarativeNetRequest, and browsingData permissions creates potential for data collection beyond what's necessary for basic WhatsApp enhancement. The activeTab permission, while flagged as medium-risk, is actually reasonable for this type of extension. The high-risk finding regarding broad host permissions is somewhat mitigated since they're specifically limited to WhatsApp Web domains rather than all websites.
Given the medium risk level and mixed user reviews, consider running this extension in a separate Chrome profile to isolate potential security risks. Monitor the extension's behavior closely and review what data it accesses. Consider researching alternative WhatsApp Web extensions with better ratings and more transparent developers. Regularly check for updates and user feedback to stay informed about any emerging security issues.
Findings
Security Analysis Details
Required Permissions:
- scripting
- declarativeNetRequest
- browsingData
- background
- activeTab
Host Permissions:
- http://web.whatsapp.com/*
- https://web.whatsapp.com/*
Embedded URLs (39 total):
| https://web.whatsapp.com | https://raw.githubusercontent.com/Iquaridys/hextension/master/123.json | |
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://www.whatsapp.com/otp/code/?otp_type=COPY_CODE&code=otp | https://wa.me/c/ | |
| https://chat.whatsapp.com/ | https://analytics.google.com/g/collect | |
| https://whatsapp.com/channel/ | https://cobrancas.uppermesh.com.br:8000 | |
| https://wajsapi.titanchat.com.br | https://wppc-linkpreview.cloudtrix.com.br | |
| https://web.whatsapp.com/ | http://web.whatsapp.com/ | |
| https://clients2.google.com/service/update2/crx | https://www.googleapis.com/auth/userinfo.email | |
| https://whatsapp.com/channel/0029VaBaVr6IiRox2zNvTZ0l | https://www.wapi7.com/ | |
| https://connect.facebook.net/en_US/fbevents.js | https://www.facebook.com/tr?id=25868147869483018&ev=PageView&noscript=1 | |
| http://wa.me/ | https://api.serverwapi.com | |
| https://fonts.googleapis.com/css2?family=Open+Sans:wght@600 | https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOX-hpKKSTj5PW.woff2 | |
| https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOVuhpKKSTj5PW.woff2 | https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOXuhpKKSTj5PW.woff2 | |
| https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUehpKKSTj5PW.woff2 | https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOXehpKKSTj5PW.woff2 | |
| https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOXOhpKKSTj5PW.woff2 | https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UNirkOUuhpKKSTjw.woff2 | |
| https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOX-hpKKSTj5PW.woff2 | https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOVuhpKKSTj5PW.woff2 | |
| https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOXuhpKKSTj5PW.woff2 | https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUehpKKSTj5PW.woff2 | |
| https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOXehpKKSTj5PW.woff2 | https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOXOhpKKSTj5PW.woff2 | |
| https://fonts.gstatic.com/s/opensans/v17/mem5YaGs126MiZpBA-UN7rgOUuhpKKSTjw.woff2 | https://fontawesome.com | |
| https://fontawesome.com/license/free |
Raw Manifest
{ "name": "WAPI FREE - Jaguar", "icons": { "16": "imgs/16.png", "32": "imgs/32.png", "48": "imgs/48.png", "128": "imgs/128.png" }, "action": { "default_icon": { "16": "imgs/16.png", "48": "imgs/48.png" }, "default_title": "WAPI FREE - Send personalized messages" }, "author": "creativeOs", "oauth2": { "scopes": [ "https://www.googleapis.com/auth/userinfo.email" ], "client_id": "xxxxxxx" }, "version": "3.2.305", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Send personalized messages to your clients with our extension .", "permissions": [ "scripting", "declarativeNetRequest", "browsingData", "background", "activeTab" ], "content_scripts": [ { "js": [ "/js/fgEmojiPicker.js", "/js/jquery.js", "/smph/app736e75726620636f7270.js", "/js/siema.min.js" ], "css": [ "/style/mystyle.css", "style/0d8fd505a99478275324ed48ae42bfea.css" ], "matches": [ "https://web.whatsapp.com/*" ] } ], "host_permissions": [ "http://web.whatsapp.com/*", "https://web.whatsapp.com/*" ], "manifest_version": 3, "minimum_chrome_version": "88", "web_accessible_resources": [ { "matches": [ "https://web.whatsapp.com/*" ], "resources": [ "js/*", "imgs/*", "smph/*", "/image/gear-icon-min.png", "/image/*", "/style/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.