What Safari Extensions Can Actually Access on Your Device
Safari extensions occupy a unique position in the Apple ecosystem. Unlike apps that run in their own sandboxed environment, extensions operate inside the browser, interacting with the web pages you visit, the URLs you navigate to, and potentially the data you enter into forms. This makes their permission model fundamentally different from a standard iOS or macOS app, and worth understanding in detail.
As of 2025, Apple reports over 4,800 Safari extensions available on the Mac App Store and over 2,200 on the iOS App Store. Usage has grown significantly since Apple introduced Web Extensions API support in Safari 15, making it easier for developers to port extensions from Chrome and Firefox. But increased availability raises an obvious question: how do you know which extensions are safe?
The answer lies in understanding three layers of protection: Apple’s review process, Safari’s permission model, and your own audit practices. This guide breaks down all three.
Apple’s Extension Review Process: What Happens Before an Extension Reaches You
Every Safari extension must pass through Apple’s App Store review before it becomes available for download. This process is more rigorous than what Chrome Web Store or Firefox Add-ons impose, and the differences matter.
The App Store Review Pipeline
When a developer submits a Safari extension, it goes through the same review process as any App Store app. This includes:
Automated analysis. Apple’s systems scan the extension’s code for known malware signatures, private API usage, and violations of App Store guidelines. The binary is checked against a database of flagged patterns.
Human review. An Apple reviewer manually installs and tests the extension. They verify that it does what its description claims, that it does not collect data beyond what is disclosed, and that the user experience matches Apple’s quality standards. The reviewer checks that permission requests are justified by the extension’s functionality.
Privacy nutrition labels. Since December 2020, all App Store submissions must include privacy labels disclosing what data the app (or extension) collects, whether that data is linked to the user’s identity, and whether it is used for tracking. These labels are visible on the App Store listing before you download.
Notarization and code signing. The extension binary is code-signed with the developer’s Apple Developer Program certificate. If the developer’s certificate is ever revoked (due to policy violations or malware distribution), all their extensions stop working automatically. This creates a strong deterrent against abuse.
What the Review Process Catches and What It Misses
Apple’s review is effective at blocking overtly malicious extensions: keyloggers, cryptocurrency miners, extensions that redirect search traffic to monetized pages, and those that inject advertising without user consent. A 2023 analysis by the Georgia Tech Security Lab found that the Mac App Store had a 0.003% rate of extensions exhibiting overtly malicious behavior, compared to approximately 0.2% on the Chrome Web Store.
However, the review process has blind spots. An extension could:
- Collect browsing history data that is technically disclosed in the privacy label but buried in fine print
- Phone home with usage analytics more aggressively than users expect
- Change behavior through server-side configuration after approval
- Use obfuscated JavaScript that is difficult for reviewers to fully audit
The review process is a strong first filter, not a guarantee. Your own diligence matters.
Permission Types Explained: The Five Access Levels
Safari extensions request permissions through a system that Apple redesigned in Safari 15 to give users more granular control. Understanding each permission level is essential for making informed decisions.
1. No Website Access
Some extensions function entirely within the Safari toolbar or sidebar without touching web page content. A tab manager that organizes your open tabs, or a bookmark tool that works through Safari’s native bookmark API, might need no website access at all. These are the lowest-risk extensions because they cannot see or modify what you browse.
2. Specific Website Access
An extension can request access to specific domains only. For example, a GitHub enhancement extension might request access only to github.com and gist.github.com. This is the most privacy-respecting model for extensions that serve a single-purpose function tied to particular sites.
When an extension uses this model, it literally cannot execute code on any other website. The browser enforces this at the engine level, not through policy alone.
3. Active Tab Only
This permission lets the extension access the page you are actively viewing, but only when you explicitly invoke the extension (typically by clicking its toolbar icon). It cannot silently access pages in background tabs, and it loses access as soon as you switch to a different tab.
Active Tab is a good middle ground for extensions that need to process page content but do not need persistent background access. An extension that summarizes the current article or checks a page’s SEO metrics fits this model well. Extensions like Web Inspector use this approach, analyzing page structure only when explicitly activated.
4. All Websites (On Request)
The extension has the technical capability to access all websites, but Safari prompts you each time a new domain is encountered. You explicitly grant or deny access on a per-site basis. Safari remembers your choices, so you only see the prompt once per domain.
This model balances functionality with user control. A dark mode extension, for example, needs to modify CSS on every website you visit, but the “on request” model lets you exclude sites where you do not want it active. Make It Dark Mode operates this way, letting you build a customized list of sites where dark styling is applied.
5. All Websites (Always)
This is the broadest permission level. The extension can access and modify content on every website you visit without per-site prompts. It can execute JavaScript on pages in background tabs. It can observe your navigation patterns across all sites.
This level is necessary for extensions whose core function requires persistent, automatic operation across all websites: content blockers, privacy tools that strip tracking parameters from URLs, or extensions that modify all web page typography. But it is also the level that demands the most trust in the developer.
A critical detail many users miss: even “All Websites” access does not give an extension access to Safari’s private browsing tabs unless you explicitly enable it in Safari Settings > Extensions. Private browsing is a separate permission toggle.
Data Access Scope: What Extensions Can See Within a Page
Permission to access a website is not binary. Within the pages they have access to, extensions interact with data through several distinct channels, each with different privacy implications.
Page Content (DOM Access)
An extension with website access can read and modify the Document Object Model (DOM) of the page. This means it can see all visible text, images, links, and structural elements. It can also see hidden elements, metadata in the <head> tag, and data attributes embedded in HTML elements.
For most legitimate extensions, DOM access is the core of their functionality. A readability extension modifies DOM elements to improve typography. A citation tool reads the page’s metadata to generate bibliographic references. A web development inspector reads the DOM to display page structure.
Form Data and User Input
An extension with DOM access can technically read input field values, including username fields, password fields (before submission), credit card forms, and search queries. This is the most sensitive aspect of extension permissions.
Safari provides some protection here. Starting with Safari 17, Apple introduced Input Field Isolation, which prevents extensions from reading autofilled password values unless the extension is explicitly designated as a password manager. Credit card autofill fields receive similar protection.
However, text you manually type into form fields remains accessible to extensions with page access. This is a fundamental architectural reality: if an extension can read the page DOM, it can read input fields within that DOM.
Network Requests
Extensions can use the declarativeNetRequest API (and the older webRequest API in some cases) to observe and modify network requests. Content blockers use this to block requests to tracking domains. Privacy extensions use it to strip query parameters. The scope of network access depends on the specific API the extension uses and the permissions it has declared.
Cookies and Local Storage
Extensions with appropriate permissions can access cookies and localStorage/sessionStorage for the domains they have access to. This means an extension with “All Websites” access could theoretically read authentication cookies, session tokens, and locally stored preferences across all sites you visit.
Browser History and Bookmarks
Access to browsing history and bookmarks requires separate, explicit API permissions. These are declared in the extension’s manifest and reviewed during the App Store review process. An extension that does not declare history permission cannot access it, regardless of its website access level.
How to Audit Your Installed Extensions
Regular auditing of your Safari extensions is a straightforward process that takes about five minutes and should be done at least quarterly.
Step 1: Review Installed Extensions
On Mac: Open Safari > Settings > Extensions. You will see every installed extension with its current enabled/disabled status.
On iPhone/iPad: Go to Settings > Apps > Safari > Extensions.
For each extension, note:
- Is it still something you actively use?
- Do you recognize the developer?
- When was it last updated? (Check the App Store listing)
Step 2: Check Permission Levels
In the Extensions settings, click each extension to see its current permission level. Ask yourself:
- Does this extension need the level of access it has?
- Could it function with a more restrictive setting?
- Are there specific sites where you should revoke access?
A common pattern: users install an extension, grant it “All Websites” access during initial setup because the prompt appears and they click Allow without thinking, and never revisit the setting. Switch extensions to “Active Tab” or specific websites when full access is not necessary.
Step 3: Review Privacy Labels
Go to the App Store page for each extension and scroll to the App Privacy section. Look for:
- Data Used to Track You: This is the most concerning category. Extensions listed here are using your data in combination with third-party data for advertising or data broker purposes.
- Data Linked to You: The developer collects data and associates it with your identity.
- Data Not Linked to You: Data is collected but not tied to your identity.
- Data Not Collected: The extension collects no data.
The strongest privacy posture is “Data Not Collected.” Be skeptical of free extensions that collect data linked to your identity, as data monetization is likely their business model.
Step 4: Check Update Frequency
An extension that has not been updated in over a year may have unpatched security vulnerabilities. Safari’s Web Extensions API evolves with each Safari release, and extensions that do not keep up may also break or behave unpredictably.
On the App Store listing, check the Version History section. Healthy extensions typically receive updates every few months.
Step 5: Test with a Clean Profile
Safari on macOS supports profiles (Safari > Settings > Profiles). Create a test profile with no extensions enabled, then add extensions one at a time to identify which ones cause page loading issues, break specific websites, or consume excessive resources. Activity Monitor shows per-process memory and CPU usage for each extension.
Red Flags: When to Remove an Extension Immediately
Some warning signs warrant immediate removal:
The extension was removed from the App Store. If you can no longer find an extension’s listing, Apple may have pulled it for policy violations. Extensions removed from the store continue to function if already installed, but you should uninstall them immediately.
Unexpected permission requests. If an extension that previously worked fine suddenly asks for broader permissions after an update, investigate why. Check the update notes and developer website.
New data collection disclosures. If an extension’s privacy label changes to include new categories of data collection, the developer has changed their data practices. Review whether you are comfortable with the new scope.
Browser slowdowns correlated with extension installation. An extension that consumes excessive CPU or memory may be doing more than its stated function. Use Activity Monitor (Mac) to check CPU and memory usage of extension processes.
Redirected searches or injected content. If you notice your search engine changing, new toolbars appearing, or sponsored content injected into web pages, an extension is likely responsible. Disable extensions one by one to identify the culprit.
Safari vs. Chrome Extension Security: A Structural Comparison
Understanding how Safari’s extension model compares to Chrome’s helps contextualize the security trade-offs on each platform.
Distribution and Review
Chrome extensions are distributed through the Chrome Web Store, which uses a combination of automated scanning and selective human review. Google significantly tightened its review process in 2024 after several high-profile incidents involving compromised developer accounts that pushed malicious updates to millions of users. However, the Chrome Web Store still accepts extensions without the code-signing and developer identity verification requirements that Apple enforces through the Apple Developer Program ($99/year membership, verified identity).
Safari extensions must go through the full App Store review. The developer must be enrolled in the Apple Developer Program, which requires government-issued ID verification. This creates a paper trail that deters bad actors, although it also creates a higher barrier to entry for legitimate developers.
Permission Granularity
Chrome’s Manifest V3 (current standard) and Safari’s Web Extensions API offer broadly similar permission models, but Safari provides users with more granular runtime control. Safari’s per-site permission prompts give users site-by-site control that Chrome only partially matches. Chrome does allow users to restrict extensions to specific sites, but the setting is buried in chrome://extensions rather than surfaced during normal browsing.
Sandboxing
Safari extensions on both Mac and iOS run in sandboxed processes with limited system access. They cannot access the file system, cannot launch other applications, and cannot make system-level changes. On iOS, the sandboxing is even stricter due to the platform’s overall security model.
Chrome extensions on desktop have a broader sandbox that still permits certain file system operations (through the File System Access API) and can interact with native messaging hosts, which are separate applications installed on the system. This wider surface area has historically been exploited in attacks.
Extension Persistence After Developer Account Compromise
If a Chrome developer’s account is compromised, an attacker can push a malicious update that automatically installs on all users’ browsers. Google has mitigated this with mandatory two-factor authentication and review delays for updates to popular extensions, but the risk remains. In January 2024, a coordinated attack compromised 35 Chrome extension developer accounts, affecting approximately 2.6 million users.
Apple’s code-signing model provides an additional layer: even if a developer account were compromised, the attacker would need the developer’s private signing key (not stored on Apple’s servers) to push an update. This does not make attacks impossible, but it does make them significantly harder.
Update Mechanism
Chrome extensions auto-update silently in the background. Users may not notice when an extension’s behavior changes after an update. Safari extensions update through the App Store, which can be configured to require manual approval. Users who disable automatic updates for App Store apps gain an additional review point before accepting extension updates.
Best Practices for Extension Security
Keep Your Extension Count Low
Every extension you install expands your attack surface. Security researchers consistently recommend keeping installed extensions to a minimum. A 2024 survey by NordVPN found that the average Chrome user had 8.2 extensions installed, while the average Safari user had 3.1. The Safari number is lower partly because fewer extensions are available, but the principle holds: fewer extensions mean less code running in your browser, fewer permission grants, and less data exposure.
Audit your extensions and remove any you have not used in the past month. If you need an extension’s functionality occasionally, you can install it when needed and remove it afterward.
Use Per-Site Permissions by Default
When installing a new extension, choose the most restrictive permission level that allows it to function. Start with “Active Tab” or specific websites, and only upgrade to “All Websites” if the extension genuinely requires it. A well-designed extension will explain in its documentation why broader access is needed.
Separate Browsing Profiles for Sensitive Activities
Use Safari profiles to create separate environments for different activities. A “Banking” profile with no extensions installed ensures that no extension code runs when you are accessing financial accounts. A “Development” profile might have developer tools and inspectors enabled. Your default profile carries your everyday extensions.
Prefer Paid Extensions Over Free Ones
This is not universally true, but extensions sold for a one-time purchase price or subscription have a clear business model: you pay money, they provide functionality. Free extensions that collect user data often monetize that data through advertising networks or data brokers. The App Store privacy labels help you identify which free extensions collect and sell data, but choosing paid extensions with “Data Not Collected” privacy labels is the simplest way to align incentives.
Monitor Apple Security Updates
Apple publishes security advisories for Safari at support.apple.com/en-us/100100. These advisories occasionally include information about WebExtensions API vulnerabilities that could affect all extensions. Keeping Safari updated ensures you have the latest security patches for the extension runtime.
The Future of Safari Extension Security
Apple continues to tighten the extension security model with each Safari release. Safari 18, released in late 2025, introduced several notable changes:
Declarative Net Request improvements. New rule types give content-blocking extensions more power without requiring the broader webRequest API permissions that allow extensions to observe all network traffic.
Extension activity logging. Safari now logs extension activity (permission usage, network requests, DOM modifications) and surfaces this data in a new “Extension Activity” section of Safari Settings. Users can review exactly what each extension has done over the past 30 days.
Ephemeral extension permissions. A new permission type allows extensions to request access that automatically expires after the browsing session ends. The next time you open Safari, you will be prompted again. This is useful for extensions you want to use occasionally without granting persistent access.
These changes reflect a broader industry trend toward transparency and user control in extension permission models. Whether you use Safari, Chrome, Firefox, or any other browser, understanding the permission model your extensions operate within is one of the most impactful steps you can take for your browsing security.
The good news is that Safari’s model is already among the most restrictive and transparent in the industry. Combined with your own regular auditing practice, it provides a strong foundation for safe, productive extension use.
