Extension Security
Introduction
In this document, we go over in brief on Trellus' chrome extension security policy. This policy is subject to change depending on updates to the Trellus chrome extnesion.
For more information on Trellus' data policy - please check our user terms at https://trellus.ai/terms
Chrome Extension Code Availability
We hope to provide a full understanding of what the Trellus chrome extension is capable of in the following paragraphs, but there is no need to take our word for it. Chrome extensions are required to have their code source publicly available to all end-users - you can check out the Trellus chrome extension (fully unobfuscated) at https://chrome-stats.com/d/enhpjjojmnlnaokmppkkifgaonfojigl/download . We are happy to answer any questions you have.
Trellus security permissioning
At a minimum, Trellus requires the following permission sets 'storage', 'tabs', and 'system.display'. We outline how each of these permissions works and what it gives us access to.
'storage' - Using storage, we can store Trellus keys and Trellus settings that the user may want to configure. Because extension execution contexts are ephemeral, we must use storage to persist information between sessions (e.g., does the user want Trellus to pop up on the right or left hand side of the screen). Storage does not give us access to anything that is outside our extensions context.
'tabs' - Using tabs, we are able to figure out which dialer pages are active and send message between our Trellus coaching assistant and dialer content scripts. In general, the tabs permission allows chrome extensions to access metadata about current tabs that are active such as urls. It is possible if you are using sensitive urls, that the Trellus chrome extension could query for that url and store it. We do not do this and you can ensure this behavior by auditing our code's behavior in the code source above.
'system.display' - Using system.display, we can figure out the pixel position of different chrome windows. This is used to resize the chrome window when there is an active call to position the Trellus widget correctly.
We do allow users that want to work outside of our originally supported dialers to leverage a 'scripting' permission. This allows Trellus to enable content scripts inside dialers we may not have originally supported at the initial release of Trellus.
Trellus page permissioning
Trellus requests page access explicitly from the user on install - specifically we request page access to the following pages that meet the following url criteria:
"*://app.salesloft.com/*",
"*://orum.com/*",
"*://web.outreach.io/*",
"*://ringcentral.github.io/ringcentral-embeddable/*",
"*://app.hubspot.com/*",
"*://app.apollo.io/*",
"*://www.phoneburner.com/dialer/dial/begin*",
"*://salesfinity.co/*",
"*://*.connectandsell.com/*",
"*://dialpad.com/*",
"*://*.kixie.com/*",
"*://*.salesforce.com/*",
"*://*.force.com/*"
This allows Trellus to embed inside these pages and figure out when calls are active / intercept audio during said calls.
Trellus audio access
Some users are sensitive to how Trellus fetches audio and so here we describe the mechanics behind how we listen in on phone calls that reps are placing. First, Trellus at no point is granted MediaDevices permission and so it cannot on its own intercept user media.
Second, Trellus is able to listen into calls by attaching to WebRTC streams that are placed by the dialer. This is a common practice used to be able to allow for other pieces of software to intercept audio streams. You can see how this code works fully in dialer-audio-injected.
User control
Finally, at any point users are able to turn Trellus into 'authorization mode' or explicitly turn off Trellus functionality in our settings page. This invalidates all extension contexts and prevents Trellus from operating.