|
|
|
|
|
|
by gizmo686
1252 days ago
|
|
|
Several problems. 1) Bypassing any sort of static analysis of your extension requires, at worst, crafting an arbitrary code execution attack against yourself. This is not particuarly difficult. 2) Often times, the specific method you want to use is more powerful than what you need to do, so even if you were restricted to those specific methods, you still have more power than you actually use. 3) Supposing you want to go down the "whitelist at the method level" approach, you could just ... whitelist at the method level. The developer knows what methods he will be calling, so just have a seperate permission for each of them. In practice, this would lead to a lot of permissions that are effectivly equievelent, and people would be asking why they aren't just bundled together in a single permission. |
|
|
The example raised elsewhere in the thread is good: in a browser, if you have access to the current URL of any tab in context of which you run, you can start building browsing history. Whatever mitigations one could think of get defeated if the extension is allowed to make network requests, or modify content of web pages. Once an extension can communicate with outside world, it can exfil the data, even if piece by piece - and it can also keep its state outside of the browser.
Same applies to mobile apps.