Folio: Manage Real Estate Deals from Gmail
Version 1.2.49608 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a solid user base of 40,000 users and maintains a strong 4.7-star rating from 212 reviews, indicating positive user experiences. It's developed by Inside Real Estate, LLC, which appears to be a legitimate company in the real estate technology sector. The specific focus on real estate deal management from Gmail suggests a targeted, professional use case rather than a generic utility.
The cookies permission is particularly concerning as it allows the extension to access and modify browser cookies across permitted domains, which could compromise user privacy and security. The broad host permissions, while limited to specific domains (Gmail, Google APIs, and Amitree), still provide significant access to sensitive email data and external services. The storage permission, though less critical, allows local data retention that users should be aware of. The extension's access to Gmail content through content scripts means it can read and potentially process all email communications.
Consider running this extension in a dedicated Chrome profile used specifically for real estate work to isolate it from personal browsing. Regularly review what data the extension might be storing locally and ensure your Gmail account has appropriate security measures enabled. Monitor the extension's behavior and disable it when not actively managing real estate deals. Given the legitimate business use case and positive user feedback, the risk may be acceptable for real estate professionals who need this functionality, but personal users should exercise caution.
Findings
Security Analysis Details
Required Permissions:
- storage
- cookies
- scripting
Host Permissions:
- https://www.amitree.com/
- https://apis.google.com/
- https://mail.google.com/*
Content Security Policy:
- sandbox: sandbox allow-scripts; script-src 'self'; object-src 'self'
Embedded URLs (805 total):
| http://www.w3.org/2000/svg | https://www.amitree.com | |
| https://www.googleadservices.com/pagead/conversion/999678629/?label=i2u0CKnkqmkQpcXX3AM& | https://qunitjs.com/ | |
| https://jquery.org/license | https://github.com/qunitjs/qunit/pull/1395 | |
| https://github.com/qunitjs/qunit/issues/1437 | https://fonts.googleapis.com/css?family=Roboto:400 | |
| https://www.googleapis.com | https://graph.microsoft.com/v1.0/me/messages | |
| https://support.amitree.com/en/articles/9882676-folio-docgpt | https://support.amitree.com/en/articles/11081864-timeline-auto-population-with-docgpt | |
| https://support.amitree.com/en/articles/9882674-folio-docgpt-automatic-information-gathering | https://api.jqueryui.com/datepicker/#option-dateFormat | |
| https://support.amitree.com/en/articles/12258310-boldtrail-front-office-integration | https://amitree-folio-assets.s3.us-west-2.amazonaws.com/doc-gpt-intro-video.mov | |
| https://calendar.google.com/calendar/r/ | https://www.googleapis.com/calendar/v3/calendars/primary/events | |
| https://support.amitree.com/hc/en-us/articles/4411656367249-Organize-documents-in-Smart-Folders | https://support.amitree.com/en/articles/9882595-organize-documents-in-smart-folders | |
| https://www.googleapis.com/gmail/v1/users/me/messages | https://support.amitree.com/en/articles/9882665-folio-plans | |
| https://mail.google.com/mail/u/ | https://chrome.google.com/webstore/detail/folio/ecaieeiecbdhkcgknidmfelflleobbnp | |
| https://www.amitree.com/try-folio?utm_medium=product_email&utm_source=timeline | https://drive.google.com/drive/folders/ | |
| https://api.jqueryui.com/datepicker/#utility-formatDate | https://support.amitree.com/hc/en-us/articles/4412005217169-Your-Smart-Folder-s-board-website | |
| https://github.com/ember-cli/ember-cli-deprecation-workflow | https://github.com/decaffeinate/decaffeinate/blob/master/docs/suggestions.md | |
| https://github.com/dexterouslogic/super-simple-highlighter/blob/master/js/content_script/marker.js | https://www.googleapis.com/drive/v3/files | |
| https://people.googleapis.com/v1/people:searchContacts | https://people.googleapis.com/v1/otherContacts:search | |
| https://people.googleapis.com/v1/people/me/connections | https://people.googleapis.com/v1/otherContacts | |
| https://calendar.google.com/calendar/u/ | https://calendar.google.com/calendar/r | |
| https://www.googleapis.com/calendar/v3/calendars/ | https://graph.microsoft.com/v1.0/me/contacts | |
| https://cdnjs.cloudflare.com/ajax/libs/pdf.js/2.16.105/pdf.worker.min.js | https://unpkg.com/pdfjs-dist@5.2.133/build/pdf.worker.min.mjs | |
| https://drive-thirdparty.googleusercontent.com/16/type/application/vnd.google-apps.folder | https://www.google.com/calendar/render? | |
| https://www.pivotaltracker.com/story/show/158345633 | https://mail.google.com/u/0/#inbox | |
| https://mail.google.com/mail/#inbox/1234567890abcdef | https://mail.google.com/mail/ca/u/0/#inbox | |
| https://mail.google.com/mail/b/406/#inbox | https://chrome.google.com/webstore/detail/folio/ | |
| https://www.googleapis.com/drive/v3/drives | https://maxcdn.bootstrapcdn.com/font-awesome/4.7.0/css/font-awesome.min.css | |
| https://calendar.google.com/calendar/b/ | http://api.mixpanel.com | |
| https://api.mixpanel.com | https://fonts.googleapis.com | |
| https://maps.googleapis.com | https://fonts.gstatic.com | |
| https://www.amitree.com/users/auth/google_oauth2 | https://www.amitree.com/users/auth/google_drive | |
| https://www.amitree.com/users/auth/google_contacts | http://www.w3.org/1999/xlink | |
| https://sketchapp.com | https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String/Trim#Polyfill | |
| http://dbj.org/dbj/?p=286 | https://github.com/douglascrockford/JSON-js/blob/master/json_parse.js | |
| https://developers.google.com/search/docs/advanced/crawling/overview-google-crawlers | http://dean.edwards.name/weblog/2005/10/add-event/ | |
| https://gist.github.com/1930440 | http://www.w3.org/TR/css3-selectors/#attribute-selectors | |
| https://developer.samsung.com/internet/user-agent-string-format | http://www.useragentstring.com/pages/useragentstring.php | |
| https://publicsuffix.org/ | http://www.cs.rochester.edu/research/synchronization/pseudocode/fastlock.html | |
| https://github.com/wolever | https://gist.github.com/wolever/5fd7573d1ef6166e8f8c4af286a69432. | |
| http://mixpanel.com/ | http://documentcloud.github.com/underscore/ | |
| http://hacks.mozilla.org/2009/07/cross-site-xmlhttprequest-with-cors/ | https://developer.mozilla.org/en-US/docs/DOM/XMLHttpRequest#withCredentials |
Raw Manifest
{ "name": "Folio: Manage Real Estate Deals from Gmail", "icons": { "16": "16x16.png", "48": "48x48.png", "128": "128x128.png" }, "action": { "default_title": "Folio" }, "version": "1.2.49608", "background": { "type": "module", "service_worker": "assets/background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "Create and share real estate closing timelines from your Gmail inbox. Integrates seamlessly with Google Drive and Calendar.", "permissions": [ "storage", "cookies", "scripting" ], "content_scripts": [ { "js": [ "assets/vendor.js", "assets/folio.js", "assets/inject-css.js" ], "run_at": "document_end", "matches": [ "https://mail.google.com/*" ], "all_frames": false } ], "host_permissions": [ "https://www.amitree.com/", "https://apis.google.com/", "https://mail.google.com/*" ], "manifest_version": 3, "externally_connectable": { "matches": [ "https://www.amitree.com/*" ] }, "minimum_chrome_version": "92", "content_security_policy": { "sandbox": "sandbox allow-scripts; script-src 'self'; object-src 'self'" }, "web_accessible_resources": [ { "matches": [ "https://mail.google.com/*" ], "resources": [ "pageWorld.js", "fonts/folio.ttf", "assets/*" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.