TypeLingo

Version 1.1.6 View in Chrome Web Store

Last scanned: 1 day ago | force re-scan

Extension Details

Rating: 4.9 ★ (32 ratings)

Users: 773

Context-Aware Verdict

HIGH

Risk Level

Trust Factors:

The extension has a very small user base of only 773 users, which limits community validation. However, it maintains an excellent 4.9-star rating from 32 reviews, suggesting satisfied users. The extension appears to be designed for Duolingo enhancement based on its host permissions, which aligns with its name "TypeLingo." The lack of author and developer information raises transparency concerns.

Concerns:

The tabs permission is excessive for a Duolingo-focused extension and creates significant privacy risks by allowing access to all browser tab information. The declarativeNetRequestWithHostAccess permission enables network request modification, which could be misused for data interception. While host permissions are limited to Duolingo and related domains (Firebase storage, CloudFront CDN), the combination of tabs access with network request modification creates a powerful surveillance capability that extends beyond the stated purpose.

Recommendations:

Consider running this extension in a separate Chrome profile to isolate potential risks from your main browsing activity. Before installation, verify the extension's actual functionality matches its permissions - a simple Duolingo enhancement shouldn't need broad tab access. Monitor your browser's network activity when using the extension. Given the small user base and missing developer information, consider waiting for the extension to gain more users and transparency before installation, or seek well-established alternatives with similar functionality.

Security Analysis

HIGH

Overall Risk

Based on 4 total findings, ranked without considering overall context, including 2 high-risk and 2 medium-risk findings.

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

HIGH

High-Risk Permission: tabs

This extension has the tabs permission. Can access browser tab information and manipulate tabs. This could potentially be used maliciously to compromise security or privacy.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://firebasestorage.googleapis.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Raw Manifest

{
  "name": "TypeLingo",
  "icons": {
    "16": "/icons/16.png",
    "48": "/icons/48.png",
    "128": "/icons/128.png"
  },
  "author": "Nowam",
  "version": "1.1.6",
  "background": {
    "service_worker": "background.js"
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Duolingo typing restored! Get back the ability to type your responses.",
  "permissions": [
    "storage",
    "tabs",
    "scripting",
    "declarativeNetRequestWithHostAccess"
  ],
  "host_permissions": [
    "https://*.duolingo.com/*",
    "https://d35aaqx5ub95lt.cloudfront.net/*",
    "https://firebasestorage.googleapis.com/*"
  ],
  "manifest_version": 3,
  "declarative_net_request": {
    "rule_resources": [
      {
        "id": "ruleset_1",
        "path": "rules.json",
        "enabled": true
      }
    ]
  }
}

TypeLingo

Extension Details

Context-Aware Verdict

Security Analysis

Security Analysis Details

Required Permissions:

Host Permissions:

Embedded URLs (4 total):

Raw Manifest

Secure Annex (beta)

https://firebasestorage.googleapis.com/v0/b/typelingo.appspot.com/o/	https://clients2.google.com/service/update2/crx
https://d35aaqx5ub95lt.cloudfront.net/	https://firebasestorage.googleapis.com/