Starting analysis...
Simple Douyin Downloader 简单抖音下载器
Version 1.6 View in Chrome Web Store
Extension Details
Context-Aware Verdict
The extension has a modest user base of 7,000 users with a below-average rating of 3.6 stars from only 28 reviews, which suggests limited user satisfaction or engagement. The lack of clear developer information raises transparency concerns. The extension targets Douyin (TikTok's Chinese version), indicating it serves a specific regional market for video downloading functionality.
The extension's permission set is concerning given its stated purpose. While webRequest and downloads permissions are technically necessary for video downloading functionality, they create significant security risks. The webRequest permission allows interception and modification of all web traffic, which far exceeds what's needed for simple video downloading. The broad host permissions extend beyond just Douyin domains to include content delivery networks, potentially allowing access to sensitive data across multiple sites. The Content Security Policy allowing localhost connections suggests development/debugging features that shouldn't be present in production releases.
Consider running this extension in a separate Chrome profile to isolate potential security risks. Before installation, verify that video downloading complies with Douyin's terms of service and local copyright laws. Monitor the extension's network activity if possible, and consider alternative video downloaders with more restrictive permissions and better developer transparency. Given the high-risk permission combination, users should exercise extreme caution and consider whether the functionality is worth the security trade-offs.
Findings
Security Analysis Details
Required Permissions:
- activeTab
- webRequest
- downloads
Host Permissions:
- https://*.douyin.com/*
- https://*.douyinvod.com/*
- https://*.zjcdn.com/*
Content Security Policy:
- extension_pages: script-src 'self'; object-src 'self'; script-src-elem 'self' 'unsafe-inline' http://localhost:* http://127.0.0.1:*;
Embedded URLs (10 total):
| http://www.w3.org/2000/svg | http://www.w3.org/1999/xlink | |
| https://www.douyin.com | https://www.douyin.com/aweme/v1/web/aweme/detail?aid=6383&version_code=190500&aweme_id= | |
| https://clients2.google.com/service/update2/crx | https://douyin.com/ | |
| https://www.douyin.com/ | http://127.0.0.1: | |
| https://chromewebstore.google.com/detail/simple-douyin-downloader/hpdbhmoofegmpcggbhofpkpppkcncnmj | https://medium.com/@yiqun.rong2/how-to-build-your-own-chrome-extension-7b4136266619 |
Raw Manifest
{ "name": "Simple Douyin Downloader 简单抖音下载器", "action": { "default_icon": { "16": "assets/images/icon.png", "48": "assets/images/icon.png", "128": "assets/images/icon.png" } }, "version": "1.6", "background": { "service_worker": "background.js" }, "update_url": "https://clients2.google.com/service/update2/crx", "description": "A Simple Douyin Downloader 简单抖音下载器", "permissions": [ "activeTab", "webRequest", "downloads" ], "content_scripts": [ { "js": [ "content.js" ], "matches": [ "*://*.douyin.com/*" ] } ], "host_permissions": [ "https://*.douyin.com/*", "https://*.douyinvod.com/*", "https://*.zjcdn.com/*" ], "manifest_version": 3, "content_security_policy": { "extension_pages": "script-src 'self'; object-src 'self'; script-src-elem 'self' 'unsafe-inline' http://localhost:* http://127.0.0.1:*;" }, "web_accessible_resources": [ { "matches": [ "https://douyin.com/*", "https://www.douyin.com/*" ], "resources": [ "assets/*", "popup.js", "popup.css" ] } ] }
ⓘ CRXaminer has partnered with our friends at Secure Annex to provide additional findings unique to their platform.
Secure Annex also analyzes extensions from other browsers, IDEs, and can continuously monitor.
This extension may not yet be analyzed by Secure Annex.