I'm wondering about privacy aspects of Safari extensions, or which pieces of information active extensions can obtain about my web browsing activities. Should I expect that an extension will generally be able to collect information about everything I'm doing in Safari, or are there any restrictions on what extensions can access? The question is it possible to disable Safari extensions when using Private browsing? seems to indicate that there may be privacy issues when extensions are enabled.
More specifically, I'm interested in the Google Scholar extension that installs a button in the toolbar. Should I expect that this extension communicates information to Google only when I'm actually clicking the button, or can it communicate more?
Best Answer
In general, extensions should only be installed from trusted sources. See the popup that appears when you attempt to install an extension below. Unlike Chrome's extension API, Safari does not require that extensions request specific rights from the browser that the user must in turn grant when installing the extension, or specify a set of domains that the extension is allowed to operate on.
The developer of a Safari extension must, however, be part of Apple's Developer Program, and must obtain a signed security certificate from Apple for an extension to load in a user's browser. Unlike iOS or Mac App Store apps, though, this does not mean that Apple reviews extensions that are not hosted in the Safari Extension Gallery on apple.com.
The second part of your question is out of scope for this site, as it requires interpretation of Google's TOS and Privacy Policy (as linked from the page you linked).