Extension Details
Context-Aware Verdict
The extension has a modest user base of 5,000 users with a decent 4.2-star rating from 49 reviews, suggesting generally positive user experiences. However, the lack of visible developer information and company details reduces transparency and accountability. The extension appears to be specifically designed for Duolingo users, as evidenced by its content script targeting only Duolingo domains.
The primary concern is the tabs permission, which grants broad access to browser tab information and manipulation capabilities. This is excessive for what appears to be a keyboard enhancement tool for Duolingo. The extension could potentially monitor browsing activity across all tabs, access sensitive information from other websites, or manipulate tabs in unintended ways. While the storage permission is standard for extensions that need to save user preferences, the combination with tabs access creates elevated privacy risks.
Consider running this extension in a separate Chrome profile dedicated to language learning to limit exposure to other browsing activities. Before installation, verify that the keyboard functionality truly requires tab-level permissions by testing similar extensions with more restrictive permissions. Monitor the extension's behavior and remove it if you notice any unexpected tab manipulation or performance issues. Given the limited developer transparency, stay alert for updates and user reviews that might indicate changes in behavior or security concerns.
Findings
Security Analysis Details
Required Permissions:
- storage
- tabs
Embedded URLs (2 total):
| https://duolingo.com | https://clients2.google.com/service/update2/crx |
Raw Manifest
{ "name": "__MSG_extension_name__", "icons": { "16": "data/img/icon-16.png", "48": "data/img/icon-48.png", "128": "data/img/icon-128.png" }, "action": { "default_icon": { "19": "data/img/icon-19.png", "38": "data/img/icon-38.png" }, "default_popup": "./data/options/dummy.html", "default_title": "__MSG_extension_action_title__" }, "version": "1.5.1", "options_ui": { "page": "./data/options/index.html", "open_in_tab": true }, "short_name": "__extension_short_name__", "update_url": "https://clients2.google.com/service/update2/crx", "description": "__MSG_extension_description__", "permissions": [ "storage", "tabs" ], "default_locale": "en", "content_scripts": [ { "js": [ "./data/common/interact.js", "./data/common/SettingsElements.js", "./data/common/Common.js", "./data/common/DynamicHTML.js", "./data/common/Data.js", "./data/duokeyboard/DuoKeyboardInputMethodExtension.js", "./data/duokeyboard/DuoKeyboardDeadKeys.js", "./data/duokeyboard/DuoKeyboardVietnamese.js", "./data/duokeyboard/DuoKeyboardHangul.js", "./data/duokeyboard/DuoKeyboard.js", "./data/duokeyboard/DuoKeyboardOnscreen.js", "./data/duokeyboard/DuoKeyboardController.js" ], "css": [ "./data/duokeyboard/DuoKeyboardOnscreen.css" ], "matches": [ "https://*.duolingo.com/*" ] } ], "manifest_version": 3, "web_accessible_resources": [ { "matches": [ "https://*.duolingo.com/*" ], "resources": [ "data/img/icon-16.png", "data/duokeyboard/duokeyboardSetup.json", "data/duokeyboard/keyboard-layouts/*.json" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.