To clarify for non-tech folk: TL;DR, there's a silent browser war afoot -- a tug-of-war between apps and real browsers. Some apps use technology designed to show in-app content to render (unsafe) out-of-app content. This endangers privacy, but also hurts the web.https://twitter.com/tomayac/status/1105053795917225985 …
-
-
CCT invocation, on the other hand, delegates this problem to the user's default browser. And browsers spend a _lot_ of time and effort getting transport security and UI indicators about safety right. Now, OS vendors realized that this was happening and have responded (a bit).
Show this thread -
Modern WebView on Android is powered by an auto-updating Chrome. But that still leaves ~8% of devices without up-to-date WebView runtimes:https://developer.android.com/about/dashboards/ …
Show this thread -
...for context, that's almost half the number of people with iPhones. The scale of Android is mind-boggling. But even with auto-updating WebView handling (some of) the security aspects, the privacy issue remains. WebViews aren't browsers.
Show this thread -
Installing a different browser as your default on the system doesn't change the app's WebView implementation. Sure, they can bring their own (super common in CN), but user choice and privacy is undermined. The app *still gets to see everything you do in the WebView*.
Show this thread -
...every keystroke you type, every password you enter, every site you go to in that session. You're now trusting the parent app with *everything*. You installed Brave or Samsung Internet or Opera or FF as your default browser? Tough. In-app, WebView-based browsers DGAF.
Show this thread -
...whereas CCT puts your browsing back in your hands. With CCT, your choices matter, and bowsers can compete on security/privacy/tracking/etc.
Show this thread -
There's a further issue, though. WebViews aren't meant to be full implementations of the web platform. They're sort of halflings: some core stuff is built-in, but anything that reaches outside of the renderer -- APIs that do something other than CSS/HTML/JS -- is often busted.
Show this thread -
This makes WebView based in-app "browsers" totally broken from the perspective of the web platform. They are boat-anchors for progress on the web, even when they're built form exactly the same source code.
Show this thread -
But as much as *I* care about that, it's something of a minor point in the grand scheme. The big issue here is privacy. And WebViews are even worse than just letting the app itself sniff and rewrite all the pages you see... ...remember those out-of-date WebViews?
Show this thread -
Attacks against WebViews aren't just attacks against the pages, they're attacks against *the host app*. Everything you trusted it with.
Show this thread -
Now, again, OS vendors are doing a ton to try to fix webviews...but the model is just busted. The attack surface area isn't just the web platform, it's every API the host app bolts on or intercepts. Disaster in the making.
Show this thread -
WebViews for non-app content are a choice that apps make. Other, better, more respectful and secure choices are available to them. Apps that insist on not taking you out to your browser when you tap on links, but also do not take advantage of CCT/SafariViewController are *bad*.
Show this thread -
Cannot stress this enough: the only reason this happens is because apps are jealous of your time. They build these upside-down "browsers" because they don't want you to go to your real default browser. They want to keep you in-app. They *worked* to break this.
Show this thread -
The default behavior for navigation intents is to launch your default browser. Many apps felt this wasn't in their interest, so they put your privacy and security at risk. Demanding they adopt CCT is the *least* we can ask.
Show this thread -
So when companies start taking about taking privacy seriously but still default hundreds of millions of users to this dog's breakfast of a broken, privacy violating web experience, don't believe a word of it.
Show this thread
End of conversation
New conversation -
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.
: the issue is the `shouldInterceptRequest` method (