I’m learning Bubble and have recently installed Chrome extensions Frames, Nalfe, Air Dev / Canvas. Just now I was going to install a few others (Buildshare, Zippy Project) when I came across this in Chrome Settings. Upon initial installation, all the way until today, these extensions had the ability to “read and change all your data on websites you visit” and the default setting was “on all sites”.
Can these extensions see our Bubble apps in their entirety (all pages, elements, workflows, etc?)
Is it just me or is this sketchy, scary, risky, and potentially unethical?
Hi there, @hibubble… that setting may be any or all of the things you mentioned depending on who has set it, but the one thing it apparently isn’t is uncommon.
From the article…
Click around and you’ll quickly realize that most browser extensions offer features that interact with the current web page, from password managers that need to fill passwords to dictionary extensions that need to define words. That’s why this permission is so common.
Anyway, I’m not sure how much this response helps (if at all), but I learned something new because of your post, so I thought I’d share the link.
Best…
Mike
As someone who is behind Zippy, and having done another extension too, yes, a malicious extension can be harmful.
Just like any app you install in your device. So keep extensions to a minimum and only from sources you trust, do not “install all the extensions” around the web.
Same for plugins, same for links you open, same for emails… list goes on.
Are there automated and manual mechanisms to defend against all these threats? Yes, but none of them are bulletproof, keep yourself safe and again, do not open or install everything you see, it would be like eating random food found on the ground or in a bench in a public park.
But extensions for Bubble are safe, we are all real people you can reach and verify 
So getting software from people you can reach is like eating in a restaurant where you can see the kitchen and talk to the cooks and waiters.
3 Likes
Wait, I do that all the time! Hmm, maybe I should stop. 
1 Like
Thanks @mikeloc and @vini_brito great answers!
I should have made the original question a bit more clear: in the “interaction” of the Chrome extension with the current web page, can the developers Nalfe, Airdev, Sudsy, etc see our Bubble apps in their entirety? Pages, elements, workflows?
Short answer: yes.
We created the first extension that does this, openBuild: openBuild is now completely FREE 🆓
And most if not all the ones you mentioned use the same mechanism so I can say that yes, those developers can see basically everything you mentioned. We use the interaction to access the clipboard so you can paste and copy components to and from openBuild.
However, everything you mentioned can more or less be already seen anyway. With or without those extensions.
Have a look at check.tinkso.com and enter your app ID. Pages, workflows, plugins etc are all visible anyway.
Using any tool or service is a risk and the same goes for these extensions, you need to do your die diligence and decide for yourself if the added value is worth the potential risk. Like using bubble itself …
2 Likes
Thanks @vincent56 . Can these tools copy/paste our Bubble pages/elements as if they were in a Bubble editor?
