|
|
|
|
|
|
by somehnacct3757
1289 days ago
|
|
|
The extension would need both the all_urls and webRequest permissions to do this, since you can only spy on requests to origins your extension has a host permission for. The review team discourages all_urls permissions and scrutinizes them more, so theoretically getting a spy onto the store with the right permission combo is hard. If you trust the review team. Note that these regulations were established for MV2, and MV3 doesn't do anything new to address this. So there's still no benefit to MV3 on this topic. As far as I can tell, and I work with these APIs for a living, the privacy claims of MV3 are bogus. |
|
|