Some Chrome Extensions requiring to sign in to add

===============================

Some Chrome Extensions such as  "HelloFax - Free Online Faxing & Signing",
"youtify", "Torrent search" and etc. require users to sign in google account to add them while majority of its extensions do not.

For instance, if you click the "sign in to add" button to install "youtify" you will see google log-in window (https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fchrome.google.com%2Fwebstore%2Fdetail%2Fyoutify%2Fceimdjnelbadcaempefhdpdhdokpnbho%3Fhl%3Den-US&service=chromewebstore).

And if you click the "sign in to add" button to install "Torrent search(from atomurl.net)" you will see google log-in window as well (https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fchrome.google.com%2Fwebstore%2Fdetail%2Ftorrent-search%2Fafbpdhiclgghnffhkinjikglgmolhpee%3Fhl%3Den-US&service=chromewebstore).

But if you are going to log-in to your normal google account you will see a log-in window on "https://accounts.google.com/ServiceLogin?hl=ko&continue=http://www.google.co.kr/"

I have no idea whether some Chrome Extensions requiring to sign in to add are safe and why they want users to key in users' google account IDs and passwords.

---------------------------

Ex) In case of Torrent Search


1) You see the screen as blow.

2) If you click "Sign in to add", you see the screen as blow.

    https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fchrome.google.com%2Fwebstore%2Fdetail%2Ftorrent-search%2Fafbpdhiclgghnffhkinjikglgmolhpee%3Fhl%3Den-US&service=chromewebstore

3) If you enter your google account ID and password, you see the screen as blow.

4) If you logged in to your google account before you visit Chrome Web Store,

    you see the screen as blow.

** I do not know why only a few extensions are done this way.

==============================================

Stealing login details with a Google Chrome extension

http://blog.dreasgrech.com/2010/07/stealing-login-details-with-google.html

====================================================

▶ chrome web store - Torrent Search (https://chrome.google.com/webstore/detail/torrent-search/afbpdhiclgghnffhkinjikglgmolhpee/details) - report bug / report abuse

▶ report abuse (Nov.2.2012)
: I am not quit sure if this item is harmful.
 Please review the following.
I just installed a Chrome extension "Torrent Search" provided by "atomurl.net".
On the course of installation,it asked me to log in to my google account.So I did.
Just after I did, I started to worry whether the developer took my Google  ID and password.
I have no idea why this particular Chrome Extension want users to sign in to add it while almost of the other Extensions do not.
The url to log in to google account when installing Torrent Search was "https://accounts.google.com/ServiceLogin?continue=https%3A%2F%2Fchrome.google.com%2Fwebstore%2Fdetail%2Ftorrent-search%2Fafbpdhiclgghnffhkinjikglgmolhpee%3Fhl%3Den-US&service=chromewebstore"
while the url to log in to normal google account was "https://accounts.google.com/ServiceLogin?hl=ko&continue=http://www.google.co.kr/".
After installation I even could not locate it on tools-extensions page.
I called several times to the developer's registered phone number but I heard recored voice telling "there is no phone number like that.".
I sent an email to the developer but there was no reply.
So I changed my google account password.
Am I still at risk on everything that I use with my google account including my Android based smartphone ?
I appreciate it if you email me the result at nicolai999gm@gmail.com