[ new scan ] [ statistics ] [ github ] [ twitter ] [ help ]

Simplify Gmail

Version 3.4.2 View in Chrome Web Store

Last scanned: about 6 hours ago

Extension Details

Developer: simpl.fyi

Rating: 4.5 ★ (624 ratings)

Users: 30,000

Context-Aware Verdict

MEDIUM

Overall Risk

Trust Factors:

The extension has a solid user base of 30,000 users with a strong 4.5-star rating from 624 reviews, indicating generally positive user experiences. The name "Simplify Gmail" clearly indicates its purpose, and the developer domain "simpl.fyi" appears to be dedicated to this specific functionality. The extension uses Manifest V3, which provides better security controls than older versions.

Concerns:

The primary concern is the broad host permissions that extend beyond just Gmail to include all Google user content domains (googleusercontent.com), which could potentially access more data than necessary for Gmail simplification. While the storage permission is standard for extensions that need to save user preferences, it does allow local data storage. The content script injection into Gmail pages means the extension can modify and access all Gmail content, including potentially sensitive email data.

Recommendations:

Given the medium risk level and the extension's specific Gmail functionality, the risk appears proportionate to its stated purpose. The permissions align with what would be expected for a Gmail enhancement tool. Users should ensure they trust the developer with access to their Gmail data. If you're particularly security-conscious, consider running this extension in a separate Chrome profile dedicated to Gmail use only. Monitor for any unusual behavior or unexpected data requests, and regularly review the extension's continued necessity for your workflow.

Findings

HIGH

Broad Host Permissions

This extension has broad host permissions allowing it to access many or all websites. This could potentially be used to steal sensitive data or track browsing activity.

MEDIUM

Access to Sensitive Domains

This extension requests access to sensitive domains: https://mail.google.com/*, https://*.googleusercontent.com/*. Ensure you trust this extension with access to these sites.

MEDIUM

Medium-Risk Permission: storage

This extension has the storage permission. Can store data locally.

Security Analysis Details

Required Permissions:

storage
declarativeNetRequestWithHostAccess

Optional Permissions:

contentSettings
downloads

Host Permissions:

https://mail.google.com/*
https://*.googleusercontent.com/*

Content Security Policy:

extension_pages: default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'

Embedded URLs (133 total):

Page 1 of 2

Raw Manifest

{
  "name": "Simplify Gmail",
  "icons": {
    "48": "img/app/icon48.png",
    "128": "img/app/icon128.png",
    "512": "img/app/icon512.png"
  },
  "action": {
    "default_icon": {
      "48": "img/app/icon48.png",
      "128": "img/app/icon128.png"
    },
    "default_popup": "misc/popup.html",
    "default_title": "Simplify for Gmail"
  },
  "version": "3.4.2",
  "background": {
    "service_worker": "js/workers.js"
  },
  "options_ui": {
    "page": "misc/permissions.html",
    "open_in_tab": true
  },
  "update_url": "https://clients2.google.com/service/update2/crx",
  "description": "Make Gmail simpler, more capable, and more respectful",
  "permissions": [
    "storage",
    "declarativeNetRequestWithHostAccess"
  ],
  "homepage_url": "https://simpl.fyi",
  "default_locale": "en",
  "content_scripts": [
    {
      "js": [
        "js/simplifyGmail.js"
      ],
      "css": [
        "css/simplifyGmail.css"
      ],
      "run_at": "document_start",
      "matches": [
        "https://mail.google.com/*"
      ],
      "all_frames": false
    }
  ],
  "host_permissions": [
    "https://mail.google.com/*",
    "https://*.googleusercontent.com/*"
  ],
  "manifest_version": 3,
  "optional_permissions": [
    "contentSettings",
    "downloads"
  ],
  "content_security_policy": {
    "extension_pages": "default-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'"
  },
  "declarative_net_request": {
    "rule_resources": [
      {
        "id": "simplifyTrackerList",
        "path": "misc/trackers.json",
        "enabled": true
      }
    ]
  },
  "web_accessible_resources": [
    {
      "matches": [
        "https://mail.google.com/*"
      ],
      "resources": [
        "misc/*",
        "img/**",
        "fonts/*",
        "js/authUser.js"
      ]
    }
  ]
}

by ✦ Astarte

Simplify Gmail

Extension Details

Context-Aware Verdict

Findings

Security Analysis Details

Required Permissions:

Optional Permissions:

Host Permissions:

Content Security Policy:

Embedded URLs (133 total):

Raw Manifest

Detections

Manifest Findings

https://clients2.google.com/service/update2/crx	https://simpl.fyi
https://mail.google.com/	http://www.w3.org/2000/svg
https://picsum.photos/seed/19710/1920/1080	https://ssl.gstatic.com/images/icons/material/system_gm/2x/label_off_black_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/delete_baseline_nv700_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/drafts_baseline_nv700_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/mark_email_unread_baseline_nv700_20dp.png	https://ssl.gstatic.com/images/icons/material/system_gm/2x/label_off_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/delete_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/drafts_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/mark_email_unread_white_20dp.png	https://www.gstatic.com/images/icons/material/system/2x/add_black_24dp.png
https://www.gstatic.com/images/icons/material/system_gm/2x/close_black_20dp.png	https://www.gstatic.com/images/icons/material/system/2x/check_box_outline_blank_black_20dp.png
https://www.gstatic.com/images/icons/material/system/2x/indeterminate_check_box_black_20dp.png	https://www.gstatic.com/images/icons/material/system/2x/check_box_black_20dp.png
https://www.gstatic.com/images/icons/material/system/2x/arrow_drop_down_black_20dp.png	https://www.gstatic.com/images/icons/material/system_gm/2x/schedule_send_black_20dp.png
https://www.gstatic.com/images/icons/material/system/2x/more_horiz_black_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/arrow_back_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/check_box_outline_blank_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/indeterminate_check_box_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/check_box_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/arrow_drop_down_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/refresh_white_20dp.png	https://www.gstatic.com/images/icons/material/system_gm/1x/label_off_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/archive_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/report_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/delete_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/drafts_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/mail_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/schedule_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/add_task_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/move_to_inbox_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/drive_file_move_outline_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/label_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/more_vert_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/keyboard_arrow_up_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/keyboard_arrow_down_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/vertical_split_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/reorder_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/horizontal_split_white_20dp.png
https://ssl.gstatic.com/inputtools/images/ita_sprite_grey8_2x.png	https://ssl.gstatic.com/images/icons/material/system_gm/2x/arrow_drop_down_white_20dp.png
https://ssl.gstatic.com/images/icons/material/system_gm/1x/offline_pin_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/chevron_right_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/1x/chevron_left_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/arrow_back_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/check_box_outline_blank_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/indeterminate_check_box_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/check_box_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/arrow_drop_down_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/refresh_white_20dp.png	https://www.gstatic.com/images/icons/material/system_gm/2x/label_off_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/archive_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/report_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/mail_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/schedule_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/add_task_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/move_to_inbox_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/drive_file_move_outline_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/label_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/more_vert_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/keyboard_arrow_up_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/keyboard_arrow_down_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/vertical_split_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/reorder_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/horizontal_split_white_20dp.png
https://ssl.gstatic.com/images/icons/material/system_gm/2x/offline_pin_white_20dp.png	https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/chevron_right_white_20dp.png
https://ssl.gstatic.com/ui/v1/icons/mail/gm3/2x/chevron_left_white_20dp.png	https://www.gstatic.com/images/icons/material/system/2x/arrow_right_black_20dp.png
https://www.gstatic.com/images/icons/material/system/2x/expand_more_black_20dp.png	https://www.gstatic.com/images/icons/material/system/2x/expand_less_black_20dp.png
https://simpl-fyi.firebaseio.com	https://simpl.fyi/auth/subscription
https://ssl.gstatic.com/ui/v1/icons/mail/rfr/gmail.ico	https://simpl.fyi/favicons/gmail-