Rewards Search Automator
Version 1.6.3 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a substantial user base of 100,000 users, which suggests some level of community adoption. However, the moderate rating of 3.7 out of 5 from 765 reviews indicates mixed user experiences and potential issues. The developer "buildwithkt.dev" appears to be an individual developer rather than an established company, which reduces institutional trust. The extension's purpose of automating reward searches is legitimate but raises questions about compliance with reward program terms of service.
The extension requests an extremely broad and invasive set of permissions that far exceed what would be necessary for basic search automation. The debugger permission is particularly concerning as it allows manipulation of other extensions and browser debugging capabilities. The combination of browsing history access, web navigation tracking, and broad host permissions creates a comprehensive surveillance capability. The ability to inject content scripts into all websites poses significant security risks for credential theft and data harvesting. These permissions collectively enable the extension to monitor, record, and potentially manipulate virtually all browser activity.
Given the critical risk level, avoid installing this extension on your primary browser profile. If you must use it, create a dedicated Chrome profile with no saved passwords, personal data, or access to sensitive websites. Consider alternative reward automation tools with more limited permissions. Regularly review what data the extension might be collecting and consider the potential violation of reward program terms of service that could result in account suspension.
Findings
Security Analysis Details
Required Permissions:
- tabs
- storage
- alarms
- browsingData
- webNavigation
- history
- debugger
Optional Permissions:
- webRequest
- scripting
Host Permissions:
- <all_urls>
Embedded URLs (31 total):
| https://play.google.com/store/apps/details?id=com.overthink.ai.fc | https://apps.apple.com/us/app/overthink-ai/id6745426633 | |
| https://field-garnet-duckling.glitch.me/search-link?link= | https://sweetalert2.github.io/#ajax-request | |
| https://flag-gimn.ru/wp-content/uploads/2021/09/Ukraina.mp3 | https://rewards.bing.com/api/getuserinfo | |
| https://jquery.com/ | https://jquery.org/license | |
| https://gumroad.com/discover?query=rewards+search+automator | https://buildwithkt.dev/rsa_ad_config.json? | |
| https://chromewebstore.google.com/detail/rewards-search-automator/eanofdhdfbcalhflpbdipkjjkoimeeod/reviews | https://chromewebstore.google.com/detail/eanofdhdfbcalhflpbdipkjjkoimeeod/support | |
| https://www.bing.com/ | https://rewards.bing.com/ | |
| https://www.bing.com/rewards/panelflyout?channel=bingflyout&partnerId=BingRewards&ru= | https://buildwithkt.dev/ | |
| https://tnc.buildwithkt.dev/rewards-search-automator/ | https://getprojects.notion.site/Privacy-Policy-Rewards-Search-Automator-1986977bedc08080a1d2e3a70dcb29e5 | |
| https://getprojects.notion.site/More-from-GetProjects-1a66977bedc080418bc1d83367b604cf | https://getprojects.gumroad.com/l/rsa | |
| https://buildwithkt.dev/rsa/config.json?t= | https://github.com/uuidjs/uuid#getrandomvalues-not-supported | |
| https://api.gumroad.com/v2/licenses | https://fonts.googleapis.com | |
| https://fonts.gstatic.com | https://fonts.googleapis.com/css2?family=Outfit:wght@100..900&display=swap | |
| https://fonts.googleapis.com/css2?family=Material+Symbols+Outlined:opsz | https://clients2.google.com/service/update2/crx | |
| https://buildwithkt.dev | https://discord.gg/P6DsfZrCZQ | |
| https://www.youtube.com/@GetProjectsOfficial/search?query=rewards%20search%20automator |
Raw Manifest
{ "name": "Rewards Search Automator", "icons": { "16": "/logo/16.png", "48": "/logo/48.png", "128": "/logo/128.png" }, "action": { "default_icon": { "16": "/logo/16.png", "48": "/logo/48.png", "128": "/logo/128.png" }, "default_popup": "/popup.html" }, "author": "buildwithkt.dev", "version": "1.6.3", "background": { "type": "module", "service_worker": "/js/service.js" }, "short_name": "RSA", "update_url": "https://clients2.google.com/service/update2/crx", "description": "Rewards Search Automator - Automate daily Bing searches for Microsoft Rewards and mobile points with device simulation.", "permissions": [ "tabs", "storage", "alarms", "browsingData", "webNavigation", "history", "debugger" ], "homepage_url": "https://buildwithkt.dev", "content_scripts": [ { "js": [ "ad-script/sweetalert2.min.js", "ad-script/confirm-ad-redirect.js" ], "css": [ "ad-script/sweetalert2.min.css" ], "matches": [ "<all_urls>" ] }, { "js": [ "/js/content.js" ], "matches": [ "*://*.bing.com/*" ] } ], "offline_enabled": false, "host_permissions": [ "<all_urls>" ], "manifest_version": 3, "optional_permissions": [ "webRequest", "scripting" ], "minimum_chrome_version": "102" }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.