Web PowerUp | Blog

Privacy - Google Keep PowerUp Permissions

Privacy is a concern and many users are wondering what are the permissions required by Google Keep™ PowerUp in order to be installed.

Long story short, this web extension lives and stores data in the user web browser. Nothing is communicated to the outside world and as a matter of fact if you install the same web extension in multiple browsers you have to configure it from scratch every time and they are not kept in sync. By the way, it would be a very cool feature but it would compromise the simplicity of current minimal permissions model.

Current permissions - v.0.8.x

To dive deeper into technical details, the actual permissions required by this web extensions are:

 "permissions": ["storage", "https://keep.google.com/*"]

The first permission is storage, which allows Google Keep™ PowerUp to access storage API in order to save settings locally to the web browser.

The second permission is Google Keep™ URL which allows Google Keep™ PowerUp to run and access on Google Keep™ web pages in order to modify their look and feel.

There is another interesting detail, that this web extension needs to access the following URLs:

 "matches": ["https://keep.google.com/*","https://clients6.google.com/static/proxy.html*","https://notes-pa.clients6.google.com/static/proxy.html*"],

You may wonder what are the last two URLs, they are proxy pages used by Google Keep™ to fetch data. Google Keep™ PowerUp needs to listens such communications to detect changes to the page that are asynchronous, for instance when the user scrolls down and the page is loading more notes.

Future developments

I don't plan to develop more complex features that may require wider permissions, it is a quite important feature per se that permissions requirements are as less as possibile.

  • person Davide Ungari
  • calendar_today Dec 21, 2020 2:28:50 PM