Yes, it also narrows down the number of potential targets for analysis / report. If an extension is not marked “none” then no need to go out of your way to figure out if it does it.
For some extensions it might actually be relatively easy to figure out if they do communicate with an external server that they might not need to, specially considering that the extension format can easily be decompressed, .crx files are just zip files with some javascript and other files inside… they might want to obfuscate the logic, but it’s not impossible to try and unravel things to some extent.
Yes, it also narrows down the number of potential targets for analysis / report. If an extension is not marked “none” then no need to go out of your way to figure out if it does it.
For some extensions it might actually be relatively easy to figure out if they do communicate with an external server that they might not need to, specially considering that the extension format can easily be decompressed,
.crxfiles are justzipfiles with some javascript and other files inside… they might want to obfuscate the logic, but it’s not impossible to try and unravel things to some extent.