Technical functioning of Mihon extensions and security concerns
Hello everyone,
I know this question has probably been asked hundreds of times already, but I’d like to bring a slightly more nuanced and technical angle to it.
Context: • Mihon installed from the official website • Only one repository used: Keiyoushi
My question is mainly about the security of Mihon extensions and the potential risks they could pose to a device.
***I already know that the Mihon developers themselves state that they do not guarantee the safety of extensions.
However, after spending hours searching (Google, Reddit, etc.), I still haven’t found any really clear or technical explanation about how these extensions actually work.
So if there are people here with technical knowledge, I’d really appreciate an explanation of: • how a Mihon extension actually works; • how it interacts with the app; • and most importantly, what kind of access it has or doesn’t have to the rest of the device.
After asking several AIs about it, the answer I keep getting is that extensions are basically APK-based scrapers that only operate through Mihon and within the permissions granted to the app itself.
Understanding this more clearly could probably reassure users like me who are very cautious about device security and keeping their phone “clean,” and who worry about whether an extension could potentially access personal data.
I also understand there’s a psychological aspect to this kind of topic, and that some people will simply say: “If you’re scared, just uninstall it.”
But honestly, Mihon seems pretty well designed, which is exactly why I’d like to better understand the actual risks: • what an extension could realistically do; • what kinds of threats are actually possible; • and what risks are mostly just paranoia or misunderstanding.
I think having a clearer technical explanation would remove a lot of the uncertainty and the constant feeling of “what am I actually risking here?”
Sorry if this ended up being a bit long, and of course, if this has already been answered properly in another subreddit, I’d be happy to be redirected there.