|
|
|
|
|
|
by teruakohatu
701 days ago
|
|
|
Yes, a network access and DOM write permission should be one and the same. I think the reason it isn't done is because there are so many ways to leak data over a network. If the extension can trigger a DNS lookup somehow, it can exfiltrate data. Android used to have a network permission but Google removed it. |
|
|
That's because google is in the ads business and wants apps to always be able to exfiltrate data to google (google analytics, google ads, etc) & display ads without needing additional permissions.
Having a network permission means there is an incentive for apps to not have the network permission which means they can't load ads. And Google wants you to look at their ads.