LinMailPro Permissions

In order to serve its function LinMailPro needs access to certain things in your Chrome browser. In interest of transparency, the permissions necessary are explained here.

The exact permissions LinMailPro asks for in its manifest.json file are as follows:

"permissions": [
  "https://*.linkedin.com/*",
  "https://www.googleapis.com/*",
  "storage",
  "identity",
  "identity.email",
  "tabs",
  "notifications"
]

One by one, this is what they do and why LinMailPro (LMP) needs them:

  • https://*.linkedin.com/*: Obviously LMP changes the appearance and functionality of LinkedIn pages.
  • https://www.googleapis.com/*: LMP uses Google’s oauth2 api to authenticate customers and check payment.
  • storage: LMP currently stores options and associations, and is looking into storing message templates in the near future. Chrome does not even mention this permission when installing LMP.
  • identity and identity.email: LMP uses email addresses for authentication and association. We don’t, and won’t ever, spam or sell these addresses. For obvious reasons, we prefer to do our marketing through LinkedIn. The identity permission is necessary to use identity.email.
  • tabs: LMP uses this to open and close the dashboard and sending tabs, and send messages to them. Unfortunately, Google hasn’t adequately isolated security concerns, and Chrome states that LMP needs access to browsing history, which the tabs API also enables, even though LMP never accesses history. We can’t imagine needing browsing history at any point, but if we do, we will certainly alert you. In any event, LMP absolutely needs the tabs API.
  • notifications: This is ony used for notifications in the Sales Navigator paid option, which doesn’t use the LMP dashboard.

Technical details about the permissions can be found here and the manifest.json format here.