14 DAY TRIAL // Google has removed two popular games from its Chrome Web Store after it was reported that they requested overly broad permissions, including access to browsing history and session cookies.
The apps in question, Super Mario World and Super Mario 2, were outed by mobile technology blogger David Rogers, who actually ended up installing the latter.
"I saw the big splash screen for the flash game and thought I’d give it a try. There is a big install button. Installation is pretty instantaneous.
"As I looked at the screen, I saw the box to the bottom right. 'This extension can access: Your data on all websites, Your bookmarks, Your browsing history'," Mr. Rogers reports.
The bookmarks and browsing history permissions are self-explanatory, but "your data on all websites" is a bit more generic.
There is, however, a more detailed explanation in the store's help center. "This item can read every page that you visit - your bank, your web mail, your Facebook page, and so on. [...]
"Caution: Besides seeing all your pages, this item could use your credentials (cookies) to request your data from websites," it reads.
That's a lot of information for a simple game to access and it's even more puzzling considering that Google claims to manually review apps asking for this permission before allowing them onto the Chrome Web Store.
This means that someone at Google actually thought it's ok for a game to access people's entire browsing data and session cookies. At the time of being removed, Super Mario 2 had close to 13,500 users and was rated with four and a half out of five stars.
Mr. Rogers believes the entire Chrome app security model is broken and points out that things are even worse when it comes to NPAPI extensions which can access all data on the user's computer.