Rewards Search Automator
Version 1.6.5 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a moderate user base of 90,000 users with a below-average rating of 3.7 stars, suggesting user dissatisfaction. The developer "buildwithkt.dev" appears to be an individual rather than an established company, which reduces accountability. The extension's purpose of automating reward searches is legitimate but raises questions about compliance with reward program terms of service.
The permission set is extremely excessive for a search automation tool. The debugger permission is particularly alarming as it allows manipulation of other extensions and deep system access. The combination of history, webNavigation, and tabs permissions creates a comprehensive surveillance capability. The <all_urls> host permission grants unlimited website access, far beyond what's needed for Bing reward searches. The browsingData permission adds another layer of privacy invasion potential. These permissions collectively enable complete browsing activity monitoring, data theft, and system manipulation.
Do not install this extension due to its critical risk level. If you must use it, run it in a completely isolated Chrome profile with no sensitive data or other extensions. Consider alternative reward automation tools with more limited permissions. The permission set suggests potential malicious intent or extremely poor security practices. The risk-to-benefit ratio is unacceptable for most users. Monitor your accounts closely if you've previously used this extension.
Findings
Security Analysis Details
Required Permissions:
- tabs
- storage
- alarms
- browsingData
- webNavigation
- history
- debugger
Host Permissions:
- <all_urls>
Embedded URLs (32 total):
| https://rewards.bing.com/api/getuserinfo | https://jquery.com/ | |
| https://jquery.org/license | https://gumroad.com/discover?query=rewards+search+automator | |
| https://chromewebstore.google.com/detail/rewards-search-automator/eanofdhdfbcalhflpbdipkjjkoimeeod/reviews | https://chromewebstore.google.com/detail/eanofdhdfbcalhflpbdipkjjkoimeeod/support | |
| http://jsfiddle.net/asimshahiddIT/p7n9vdon/ | https://github.com/szabbas/Sample-programs.git | |
| https://www.mysite | https://datahub.io/nl/dataset/mercer-and-hall-wheat-yield-data | |
| https://www.bing.com/ | https://rewards.bing.com/ | |
| https://www.bing.com/rewards/panelflyout?channel=bingflyout&partnerId=BingRewards&ru= | https://buildwithkt.dev/ | |
| https://tnc.buildwithkt.dev/rewards-search-automator/ | https://getprojects.notion.site/Privacy-Policy-Rewards-Search-Automator-1986977bedc08080a1d2e3a70dcb29e5 | |
| https://getprojects.notion.site/More-from-GetProjects-1a66977bedc080418bc1d83367b604cf | https://getprojects.gumroad.com/l/rsa | |
| https://api.gumroad.com/v2/licenses | http://preprod.nom.fr/nomdosiier/ | |
| http://www.apple.com/ | https://maven.google.com | |
| https://www.googleapis.com/blogger/v3/blogs/2057990476459552980/posts/6878660672609467307?callback=handleResponse&key | https://www.codechef.com/problems/CIELAB | |
| https://fonts.googleapis.com | https://fonts.gstatic.com | |
| https://fonts.googleapis.com/css2?family=Outfit:wght@100..900&display=swap | https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz | |
| https://clients2.google.com/service/update2/crx | https://buildwithkt.dev | |
| https://discord.gg/P6DsfZrCZQ | https://www.youtube.com/@GetProjectsOfficial/search?query=rewards%20search%20automator |
Raw Manifest
{ "name": "Rewards Search Automator", "icons": { "16": "/logo/16.png", "48": "/logo/48.png", "128": "/logo/128.png" }, "action": { "default_icon": { "16": "/logo/16.png", "48": "/logo/48.png", "128": "/logo/128.png" }, "default_popup": "/popup.html" }, "author": "buildwithkt.dev", "version": "1.6.5", "background": { "type": "module", "service_worker": "/js/service.js" }, "short_name": "RSA", "update_url": "https://clients2.google.com/service/update2/crx", "description": "Rewards Search Automator - Automate daily Bing searches for Microsoft Rewards and mobile points with device simulation.", "permissions": [ "tabs", "storage", "alarms", "browsingData", "webNavigation", "history", "debugger" ], "homepage_url": "https://buildwithkt.dev", "content_scripts": [ { "js": [ "/js/content.js" ], "matches": [ "*://*.bing.com/*" ] } ], "offline_enabled": false, "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "minimum_chrome_version": "102" }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.