With the release of iOS 15, Apple introduced us to Safari extensions for iPhone and iPad. Some extensions allow us to customize our browser and provide it with new functions. Some extensions, however, that should be used with caution, since their ability to act on the websites in which they act is more than considerable.

Extensions can “read and modify sensitive information on web pages”

Safari extensions allow us to go much further with our browser. There are extensions for all tastes: for translation, for text correction, to save pages to read them later, to activate dark mode, to redirect AMP pages to normal versions, etc. However, let’s look at the warning text that the system shows us in this regard:

“It can read and modify sensitive information on web pages, such as passwords, phone numbers and credit cards, as well as view your browsing history.”

And then we find a list of authorized sites, a list that too often contains “Other sites”, that is to say: all. We can find this text in the Settings application by entering Safari, then Extensions and touching an extension that we have installed.

The text could not be clearer. The modifications that extensions are able to make by altering websites, injecting javascript and other mechanisms, is something we need to consider when choosing which extensions to install and what permissions to grant.

And now what should I do?

There are several things we need to keep in mind. Regarding the permissions we grant, note that when we install and activate an extension, it asks us for permission to perform certain tasks. The access authorization can be for an indefinite period or for a single day, interesting for extensions of which we only need the function in a timely manner.

At the same time, it is the number of websites we grant permission to access. An application to change the behavior of YouTube, for example, only needs access to youtube.com, nothing more is needed. Let’s also take into account the type of activity that we develop on the pages to which we provide access. Especially if we log into it or enter credit card numbers to place orders.

We’re not saying all expansions are going to be bad at all, far from it. Apps, including extensions, that are uploaded to the App Store are tested by Apple, but a well-meaning app may still contain a bug that disrupts page protections.

In view of the seen, it is important that, as with any other application, we consult the privacy labels of the App Store. To do this, we simply enter the App Store, search for the application that interests us, select it and scroll to where the Privacy section of the application appears. Here we can see, if collected, what data is collected and for what purpose.

In the case of Amplosion or SuperAgent, two well-known apps, we see that the first does not collect any data, while the second collects the email address if we decide to create a user account.

In matters as delicate as browsing the Internet, it is always a good idea to take extreme precautions when installing extensions to modify the behavior of the browser. Fortunately, the App Store makes it easy for us.