Responsive Website Testing Toolkit - Multiple Viewport Simulator

Suspicious permissions requiring access to all websites and complete control over downloads

Why does it need to access all the data on all websites when it only needs access to the tab I want to test?

**DOWNLOAD WITH CAUTION** This extension requests access to "read and change all your data on all your websites" as well as "manage your downloads", as it uses the `<all_urls>` host permission, and the `downloads` permission, which I believe to be overkill for the extension's use case, and a major security risk if the extensions was used maliciously. A better alternative would be the `activeTab` permission and using a combination of `createObjectURL()` and `<input type="file">` for importing/exporting files. I will change this rating to 5-stars if the developer can remedy these insecurites. EDIT: The deveoper is trying to justify the use of excessive permissions in a reply to this review even though I gave them really simple alternatives which are available, and would accomplish the exact same thing. I've seen this type of behaviour before from developers of extensions that start out legit, and quickly become credential farmers, browser hijackers, etc.. In response to the developers response, your permission are overkill, uneeded, and unsafe. There very very few use cases where `<all_urls>` and `downloads` permissions are required, and yours is not one of them. Your permissions are dangerous and need to be change, and any users installing this extension need to do so with caution, or use an alternative that accomplish the same thing without intrusive permissions. Developer says that all extensions similar to use this use the same permissions, which is incorrect. Here are some safer alternatives with friendy permissions: - https://chromewebstore.google.com/detail/responsive-viewer/inmopeiepgfljkpkidclfgbgbmfcennb - https://chromewebstore.google.com/detail/responsive-buddy/pkpodanfippddohhfchdmebebbepjkkf - https://chromewebstore.google.com/detail/responsive-tester/ppbjpbekhmnekpphljbmeafemfiolbki Google's own advice regarding permissions: 1. https://developer.chrome.com/docs/webstore/review-process#review-time-factors Host permissions patterns like *://*/*, https://*/*, and <all_urls> give extensions extensive access to the user's web activity, especially when combined with other permissions. Extensions with this kind of access can collect a user's browsing history, hijack web search behavior, scrape data from banking websites, harvest credentials, or exploit users in other ways. 2. https://developer.chrome.com/docs/extensions/reference/api/downloads Use the chrome.downloads API to programmatically initiate, monitor, manipulate, and search for downloads. <-- there are safer alternatives that allow users to download stuff and that don't allow the developer to initiate downloads with free will, and monitor all other download activity. 3. Privacy policy or not, your current excessive permissions leave users open to serious exploits should your extension ever be compromised and used maliciously. A privacy policy doesn't protect users from that. Not a hater, the main idea of the extension is great, it's only the unsafe excessive use of permissions that I have a problem with. I'm just a concerned dev who has seen people be burnt by this exact same bad practice too many times before.