SecureMac, Inc.

Shopping extensions and your security

November 12, 2020

We browser extensions that function as digital shopping assistants are becoming increasingly popular, but like any piece of software, shopping extensions have potential security ramifications.

Shopping extensions and your security

The holiday shopping season is almost here, and more of us than ever will do our gift buying online this year. In this “new normal”, web browser extensions that function as digital shopping assistants are becoming increasingly popular, offering users the ability to comparison shop in-browser, and to access coupons and special deals before they buy.

But like any piece of software that you install on your system, shopping extensions have potential security ramifications. In this short article, we’ll tell you how these specialized web browser extensions work; explain the security and privacy implications; and give you some tips on how to use them safely.

How do shopping extensions work?

Shopping extensions help users find the best deals when they shop. They accomplish this in several ways.

Some extensions have settings that allow users to place specific items on “watch lists”, notifying them if the price drops. Other extensions compare prices for products across different websites, or even across a single marketplace platform if the same item is available from multiple sellers. Many extensions can also be used to find and apply coupon codes at checkout, or help users participate in cash back programs.

In order to do all of this, shopping extensions need to be able to read content from the webpage that a user is visiting, and they also have to be able to alter webpage content so that they can show price alerts and apply coupon codes. 

Are shopping extensions safe?

As you may have realized, this is a lot of power to give to a piece of software, and so it’s important to consider the potential risks.

In general, web browser extension privacy issues are something to think about with any browser extension. And on macOS in particular, both adware and Potentially Unwanted Programs (PUPs) have frequently taken the form of toolbars, search assistants, and extensions, and have caused security issues in the past by injecting malicious links or bogus affiliate ads into web pages and search results. Such programs are intrusive at best, and can be much more than the harmless nuisances they’re so often made out to be (read this article to learn more about the dangers of adware and PUPs on macOS). 

So here’s the problem: In theory, there’s nothing to stop a malicious extension from calling itself a shopping assistant…and then engaging in bad behavior. For this reason, you need to be careful before installing one on your system.

How can I protect myself?

There are reputable shopping extensions out there: ones that can help you save money, that definitely aren’t malware, and that will respect your privacy to a reasonable degree. But the problem, of course, is distinguishing the reputable extensions from the disreputable ones! Here, then, are 4 steps you can take to stay safe while using shopping extensions:

  1. 1

    Do your research

    There are a number of well-established shopping extensions that can be researched before you install them; you can look them up using online review aggregators or even fact-checking websites like Snopes. Before installing an extension, do a little bit of research to see what people are saying about it. Also, consider the business model of the extension you’re thinking of installing: Do they explain on their website how they make money without selling your data? If you can’t find sufficient information about an extension online, it’s probably best not to install it.

  2. 2

    Read the privacy policy

    Before installing an extension, take a moment to read the developers’ privacy policy, and check to see if they’re reselling your data to third parties. If you can’t find this information — or if you don’t like what you see — look for another extension. You should be able to find extensions with clear and user-friendly privacy policies. Honey, for example, tells you exactly what data they collect and how they use it, and stresses that they don’t collect search history data, financial details, or information from non-retail websites.

  3. 3

    Turn it off

    ITo limit a shopping extension’s access, consider turning it off when you’re not using it. Go to the Safari menu in the menu bar and select Preferences, and then go to the Extensions tab. You’ll see a list of installed extensions: simply uncheck the box next to the shopping extension in order to temporarily disable it. In Safari 14, it will eventually be possible to grant extensions permissions to certain web pages only, or for a limited time only, which will make it even easier to restrict a shopping extension’s reach.

  4. 4

    Watch for bad behavior

    If you start noticing any of the classic signs of an adware infection, such as links and pop-ups appearing at random on the web pages that you visit, redirects or changes to your default search engine or browser’s start page, or spammy ads showing up in your search results, disable the extension and see if things improve. To guard against issues with malicious extensions, it’s a good idea to install a robust anti-malware tool on your Mac and perform regular system scans; this can help you detect and remove known offenders.

Get the latest security news and deals