Developers Insight On Manifest v3 Privacy and Security Webextensions

TL;DR

This study explores developers' perspectives on Manifest v3 for Webextensions, highlighting challenges, limitations, and the impact on functionality and security through qualitative research.

Contribution

It provides an in-depth analysis of developer concerns and the effects of Manifest v3 transition on webextension functionality and security.

Findings

Some extensions can migrate without losing features

Many developers face API limitations and workarounds

Concerns over reduced functionality and security risks

Abstract

Webextensions can improve web browser privacy, security, and user experience. The APIs offered by the browser to webextensions affect possible functionality. Currently, Chrome transitions to a modified set of APIs called Manifest v3. This paper studies the challenges and opportunities of Manifest v3 with an in-depth structured qualitative research. Even though some projects observed positive effects, a majority expresses concerns over limited benefits to users, removal of crucial APIs, or the need to find workarounds. Our findings indicate that the transition affects different types of webextensions differently; some can migrate without losing functionality, while other projects remove functionality or decline to update. The respondents identified several critical missing APIs, including reliable APIs to inject content scripts, APIs for storing confidential content, and others.