マイナポータル
🔍 Security Report Available View on Chrome Web StoreChrome will indicate if you already have this installed.
Lets you access various online administrative services using your My Number card, catering to approximately 2 million users who rely on this application for their daily needs.
Overview
様々なオンライン行政サービスで、マイナンバーカードを利用するためのアプリケーションです。
Tags
Privacy Practices
✓
Not being sold to third parties, outside of the approved use cases
✓
Not being used or transferred for purposes that are unrelated to the item's core functionality
✓
Not being used or transferred to determine creditworthiness or for lending purposes
Security Analysis — マイナポータル
Permissions
Code Patterns Detected
Package Contents 8 files · 33KB
▾_metadata2KB
verified_contents.json2KB
▾images25KB
icon128.png17KB
icon16.png858B
icon38.png3KB
icon48.png4KB
MPA_Background.js1KB
MPA_Content.js2KB
manifest.json2KB
{
"summary": "マイナポータル (My Number Portal) is a Chrome extension that provides an application for using My Number cards with various online administrative services. It's designed to simplify access to these services, making it easier for users to manage their accounts and perform tasks online.",
"permissions": [
{
"name": "nativeMessaging",
"user_explanation": "This permission allows the extension to communicate with native applications on your device.",
"technical_note": "The
"aligned": false,
"concern": true
}
],
"data_exposure": {
"summary": "The extension accesses various online administrative services, including government portals and websites related to My Number cards. It sends data to these domains for authentication and authorization purposes.",
"technical": {
"domains": [
"https://mposs.force.com/*",
"https://portal.post.japanpost.jp/*",
"https://login.post.japanpost.jp/*",
"https://*.go.jp/*",
"https://*.e-shishobako.ne.jp/*",
"https://*.lg.jp/*",
"https://*.e-taxrenkei.jp/*",
"https://aizuwakamatsu.mylocal.jp/*",
"https://*.mypg.jp/*",
"https://*.onshikaku.org/*",
"https://*.online-web-development.net/*",
"https://portal.city.higashimurayama.tokyo.jp/*",
"https://nsa.pref.nara.jp/*",
"https://*.supportnavi.jp/*",
"https://*.su-mynote.jp/*",
"https://www.msc-kumamoto.jp/*",
"https://*.libe-mypg.jp/*",
"https://www.msc-ehime.jp/*",
"https://www.msc-tochigi.jp/*",
"https://www.okayama-musubi.jp/*",
"https://www.ems-kagawa.jp/*",
"https://www.msc-nagasaki.jp/*",
"https://*.smart-cert.d-secure.jp/*",
"https://www.msc-tottori.jp/*",
"https://www.online-a.com/*",
"https://api-smartlife-pf.com/*"
],
"protocols": ["HTTPS"],
"encryption_status": "Not specified",
"data_types": ["cookies", "tokens"]
}
],
"findings": [
{
"title": "Uses postMessage for cross-origin communications",
"severity": "medium",
"user_explanation": "This extension uses the
"technical_detail": "The extension uses
"legitimate_use": "Legitimate extensions often use
"concern": false
},
{
"title": "Sets up event listeners",
"severity": "info",
"user_explanation": "This extension sets up event listeners to monitor user interactions and respond accordingly. This is a common practice in extensions that need to interact with the browser or other scripts.",
"technical_detail": "The extension uses
"legitimate_use": "Legitimate extensions often use event listeners to interact with the browser or other scripts in response to user actions.",
"concern": false
}
],
"verdict": "Based on our analysis, we recommend exercising caution when using this extension. The
}
"summary": "マイナポータル (My Number Portal) is a Chrome extension that provides an application for using My Number cards with various online administrative services. It's designed to simplify access to these services, making it easier for users to manage their accounts and perform tasks online.",
"permissions": [
{
"name": "nativeMessaging",
"user_explanation": "This permission allows the extension to communicate with native applications on your device.",
"technical_note": "The
nativeMessaging API enables the extension to interact with native code, potentially exposing sensitive data or allowing unauthorized access. This poses a critical risk if compromised.","aligned": false,
"concern": true
}
],
"data_exposure": {
"summary": "The extension accesses various online administrative services, including government portals and websites related to My Number cards. It sends data to these domains for authentication and authorization purposes.",
"technical": {
"domains": [
"https://mposs.force.com/*",
"https://portal.post.japanpost.jp/*",
"https://login.post.japanpost.jp/*",
"https://*.go.jp/*",
"https://*.e-shishobako.ne.jp/*",
"https://*.lg.jp/*",
"https://*.e-taxrenkei.jp/*",
"https://aizuwakamatsu.mylocal.jp/*",
"https://*.mypg.jp/*",
"https://*.onshikaku.org/*",
"https://*.online-web-development.net/*",
"https://portal.city.higashimurayama.tokyo.jp/*",
"https://nsa.pref.nara.jp/*",
"https://*.supportnavi.jp/*",
"https://*.su-mynote.jp/*",
"https://www.msc-kumamoto.jp/*",
"https://*.libe-mypg.jp/*",
"https://www.msc-ehime.jp/*",
"https://www.msc-tochigi.jp/*",
"https://www.okayama-musubi.jp/*",
"https://www.ems-kagawa.jp/*",
"https://www.msc-nagasaki.jp/*",
"https://*.smart-cert.d-secure.jp/*",
"https://www.msc-tottori.jp/*",
"https://www.online-a.com/*",
"https://api-smartlife-pf.com/*"
],
"protocols": ["HTTPS"],
"encryption_status": "Not specified",
"data_types": ["cookies", "tokens"]
}
],
"findings": [
{
"title": "Uses postMessage for cross-origin communications",
"severity": "medium",
"user_explanation": "This extension uses the
postMessage API to communicate with other scripts across different domains. This is a common practice, but it can also be used for malicious purposes if not properly secured.","technical_detail": "The extension uses
window.postMessage() to send and receive messages between scripts in different contexts. This allows for cross-origin communication, which can be useful for legitimate purposes like authentication or data sharing.","legitimate_use": "Legitimate extensions often use
postMessage for secure communication with other scripts or services.","concern": false
},
{
"title": "Sets up event listeners",
"severity": "info",
"user_explanation": "This extension sets up event listeners to monitor user interactions and respond accordingly. This is a common practice in extensions that need to interact with the browser or other scripts.",
"technical_detail": "The extension uses
addEventListener() to set up event listeners for various events, such as page loads, clicks, or keyboard input. These listeners allow the extension to respond to user interactions and perform tasks accordingly.","legitimate_use": "Legitimate extensions often use event listeners to interact with the browser or other scripts in response to user actions.",
"concern": false
}
],
"verdict": "Based on our analysis, we recommend exercising caution when using this extension. The
nativeMessaging permission poses a critical risk if compromised, and the extension's data exposure is significant due to its interactions with various online administrative services. Users should carefully review their permissions and consider alternative solutions for accessing these services."}
Similar Extensions
More in Make Chrome Yours/accessibility →
360 Internet Protection
Dark mode for every website. Take care of your eyes, use dark theme for night and daily browsing.
Up to 600% volume boost