Simple Douyin Downloader 简单抖音下载器
Version 1.6 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a moderate user base of 6,000 users with a decent 4.0-star rating from 22 reviews, suggesting basic functionality works as intended. However, the lack of developer information and company details raises transparency concerns. The extension targets Douyin (TikTok's Chinese version), which is a legitimate use case for a video downloader.
The combination of webRequest and downloads permissions creates significant privacy and security risks. The webRequest permission allows the extension to intercept and potentially modify all network traffic on Douyin domains, which could be exploited to capture sensitive data or inject malicious content. The downloads permission, while necessary for the core functionality, also grants access to download history. The CSP policy allowing localhost connections is unusual and could indicate development/debugging code left in production. The broad host permissions across multiple Douyin-related domains expand the attack surface unnecessarily.
Run this extension in a separate Chrome profile dedicated to video downloading activities. Avoid using it while logged into sensitive accounts or browsing other websites. Monitor your download folder for unexpected files. Consider using alternative video downloaders with more transparent developers and narrower permissions. If you must use this extension, disable it when not actively downloading videos and regularly review your download history for suspicious activity.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- webRequest
- downloads
Host Permissions:
- https://*.douyin.com/*
- https://*.douyinvod.com/*
- https://*.zjcdn.com/*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'; script-src-elem 'self' 'unsafe-inline' http://localhost:* http://127.0.0.1:*;
Embedded URLs (10 total):
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://www.douyin.com | https://www.douyin.com/aweme/v1/web/aweme/detail?aid=6383&version_code=190500&aweme_id= | |
| https://clients2.google.com/service/update2/crx | https://douyin.com/ | |
| https://www.douyin.com/ | http://127.0.0.1: | |
| https://chromewebstore.google.com/detail/simple-douyin-downloader/hpdbhmoofegmpcggbhofpkpppkcncnmj | https://medium.com/@yiqun.rong2/how-to-build-your-own-chrome-extension-7b4136266619 |
Raw Manifest
{ "name": "Simple Douyin Downloader 简单抖音下载器", "action": { "default_icon": { "16": "assets/images/icon.png", "48": "assets/images/icon.png", "128": "assets/images/icon.png" } }, "version": "1.6", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "A Simple Douyin Downloader 简单抖音下载器", "permissions": [ "activeTab", "webRequest", "downloads" ], "content_scripts": [ { "js": [ "content.js" ], "matches": [ "*://*.douyin.com/*" ] } ], "host_permissions": [ "https://*.douyin.com/*", "https://*.douyinvod.com/*", "https://*.zjcdn.com/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'; script-src-elem 'self' 'unsafe-inline' http://localhost:* http://127.0.0.1:*;" }, "web_accessible_resources": [ { "matches": [ "https://douyin.com/*", "https://www.douyin.com/*" ], "resources": [ "assets/*", "popup.js", "popup.css" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.