Students Using Browser Extensions to "hack" Canvas Quizzes?

Jump to solution
DCadaret
Community Member

In my large (120-ish) 100-level undergraduate class, I assign about 20-25 homework assignments that I set up in Canvas Quizzes.

I have set up the quizzes to allow multiple attempts, keeping the highest scores. Indeed, they are not just "open-book," I expect and encourage the students to use their notes. Furthermore, the quizzes pull the questions from question banks and shuffle the answers, so every individual attempt of one of the quizzes is different. And, I set the quizzes to show the results only once after each attempt, while hiding the correct answers. The theory is the students should look up what they missed and learn from the attempt, then try it again to improve.

I recently discovered that at least a few of my students have downloaded browser extensions for Canvas, which apparently allow them to see things in their versions of Canvas that I had hidden.

I am attaching screenshots the students sent to me. I have hidden the "assignments" list on the lefthand side of the home page, because the homepage (which I have set to the syllabus page) for the course lists all the assignments for the course in order. But as you can see from the screenshots, and from what the students have disclosed, the students navigate to "assignments" (again, which I have hidden) then selected the quiz (which I labeled "CFU 9"). When the students selected this, the browser pointed them to the assignment "submission" (see the URL).

I think the extensions allow them to see all previous attempts multiple times. Furthermore I fear that, perhaps, the browser extension may even autofill in the correct answers from previous attempts when the Canvas quiz calls up the same question from the question bank on a subsequent attempt.

This is cheating, right? If my understanding is right, these students are using a browser extension to hack Canvas quizzes to see answers on graded assignments.

On the one hand, setting up a browser extension that gives access to parts of Canvas the instructor has hidden seems pretty clearly to be a form of academic dishonesty and misconduct. On the other hand, I am unaware of and doubtful that my institution has even addressed this question (as so many at my institution are focused on harnessing AI and detecting/deterring problematic use of ChatGPT and similar.)

Has anyone run into this problem? Do you have ways to address it?

Thanks in advance.

3 Solutions

@DCadaret,

At this moment in time, I am not sure I understand how students are accessing something they shouldn't have access to.

With your example CFU9:

  • it was built with the New Quizzes tool, thus the url and breadcrumb list it under Assignments
  • it is published
  • it is listed with other published assignments on the Syllabus (which is set as the homepage)
  • is is not available through the Assignments page (because that page is disabled/hidden)

They should be using the Syllabus link to get to the quiz. The screenshot makes me think you do not have Assignment Enhancements on in the Feature Options under Settings. From submissions being in the url, I suspect the student may have manually changed the assignment id in the url to that of CFU9. After submissions there is an id number (170368). I wouldn't be surprised if you saw that submission id listed on a different assignment for that student.

I tested a couple Canvas Quizzes extensions in Chrome and none of them ever did anything that included the submissions url piece.

There is no real good way to. determine how the student got to the page, but you can clarify to students that following the link from the Syllabus Course Summary will get them to the right assignments and to make sure submissions is not in the url or they are just previewing submissions they haven't made yet (hence the No Preview Available).

I'm sorry there is not a more definite way to determine what the student is doing and whether they are doing something malicious. These things are very difficult to definitely determine in Canvas. Even the community documentation references that the access logs and user details are not intended for use in academic integrity cases.

Regards,

James


 

View solution in original post

DCadaret
Community Member
Author

Hello, thanks again for replying.

I discussed this access issue with the four students that brought it to me; each student showed me his/her Canvas interface in the browser, and I asked each about browser extensions. One student told me that she was using two extensions: “Better Canvas” and “Tasks for Canvas.” That student was using a task list assembled by the extension to navigate to the assignment. She was able to navigate to and access the assignment just fine using the list of assignments on the syllabus page (explained below)

 

The other three said they were not using browser extensions. Those three were doing something different to navigate to the assignment: they were selecting the “grades” tab on the lefthand side of the Canvas homepage for the class (which I have set to the syllabus), and then they were clicking on the as yet undone assignment—which I built in New Quizzes and named CFU 9.

I have set up the Canvas page expecting that students will  scroll through the list of assignments and events on the syllabus page in order to select and open the various assignments. Thus, navigating to an assignment by first going through the grades page was “new” to me, not what I expected.

 

Apparently, when students navigate to “grades” and then select an assignment, Canvas returns the  “submission details” page for the assignment, regardless of the type of assignment, as in . . . “canvas.institution.edu/courses/242000/assignments/1600007/submissions/111113” and the breadcrumbs read Class 101 > Assignments > CFU X .

What is interesting and puzzling is that when I do this using my “student view” I see something different from what the students are seeing.

When I do this with an assignment that I built using Classic Quizzes, I see only the results of the assignment – I suppose that’s the “preview” that was unavailable (see earlier post) – however, when my students do this on an assignment that I built in Classic quizzes, they see the results (their score) and the button that says “Take the Quiz” regardless of whether or not they have attempted assignment.

Why is this happening? Weird, right?

 

On the other hand, when both the students and I navigate this way (grades to link to specific assignment) to an assignment that I built in New Quizzes, then we see “preview unavailable” if the assignment had not yet been attempted. Or, if the student(s) have already attempted the assignment, they see the results from their previous attempts and a button to retake the assignment.

I think the simplest solution is to remind the students to scroll through the assignments on the syllabus page (homepage for this class) and select the assignment from that list (at least for the first attempt). That seems to work for everyone.

Also, I did just a little internet surfing on the topic of finding an extension to “hack” canvas, and there sure seems to be a market in these apps, but, alas, my students have not come forward and shared any first-hand experiences with them.

I see (from other Canvas community discussions) that others have found students using these types of “cheating” apps as well, and there are YouTube and TikTok demonstrations on them. It’s vexing to me. I don’t have any experience with apps or extensions that help people cheat, nor do I have the time to try to gain the experience in them necessary to investigate if/how/when our students might be using them. Love to hear what others are learning and doing regarding this topic.

Thanks, again for considering. My best, David

View solution in original post

0 Likes

Hello @DCadaret,

That's frustrating that students aren't navigating to assignments as you intended. I can see how that might provide a strange experience. At least you know now and can be sure to communicate the intended access methods moving forward.

I did some testing and found that a student user navigating to a classic quiz through the Grades page would end up at the submission page for that quiz, even if a submission had not been made. If a submission had been made, the results were there based on the viewing privileges in the settings of the quiz. If a submission had not been made, the student has the option to attempt the quiz, but it displays weird because the quiz is now in an iframe window inside the submission page.

I can also confirm that the Student View is slightly different and did not give me the opportunity to attempt an unattempted quiz from the submission page. This is likely a bug that it would be really easy to overlook (since you wouldn't expect someone to navigate to an assignment they have not completed through the Grades page).

It makes sense that this behavior is different for New Quizzes (since it is functioning as an External Tool assignment rather than being re-routed. to assignments from Quizzes or Discussions).

As for what others may be doing to battle the use of cheating add-ons/apps, I regretfully have no experience to speak from. I am not aware of any faculty on our campus that are doing anything special to battle that form of cheating. I hope someone else can speak to this matter for you.

Regards,

James

View solution in original post