Browsers, on the other hand, are designed to update outside the OS update cycle and fundamentally mistrust content -- they're the *user's* agent, rather than an app component.
-
Show this thread
-
This difference runs deep, but the most important thing to understand is that users choose browsers. That's an intentional preference that should mean something.
1 reply 1 retweet 10 likesShow this thread -
When apps use CCT to load third-party content, they are _respecting user choice_. But they're also practicing security hygiene and acting as good web citizens. Why? First, WebView puts the problem of loading content onto the app. This means that apps *incidentally* see plaintext
1 reply 1 retweet 5 likesShow this thread -
CCT invocation, on the other hand, delegates this problem to the user's default browser. And browsers spend a _lot_ of time and effort getting transport security and UI indicators about safety right. Now, OS vendors realized that this was happening and have responded (a bit).
2 replies 1 retweet 9 likesShow this thread -
Modern WebView on Android is powered by an auto-updating Chrome. But that still leaves ~8% of devices without up-to-date WebView runtimes:https://developer.android.com/about/dashboards/ …
1 reply 2 retweets 7 likesShow this thread -
...for context, that's almost half the number of people with iPhones. The scale of Android is mind-boggling. But even with auto-updating WebView handling (some of) the security aspects, the privacy issue remains. WebViews aren't browsers.
1 reply 1 retweet 10 likesShow this thread -
Installing a different browser as your default on the system doesn't change the app's WebView implementation. Sure, they can bring their own (super common in CN), but user choice and privacy is undermined. The app *still gets to see everything you do in the WebView*.
4 replies 2 retweets 10 likesShow this thread -
...every keystroke you type, every password you enter, every site you go to in that session. You're now trusting the parent app with *everything*. You installed Brave or Samsung Internet or Opera or FF as your default browser? Tough. In-app, WebView-based browsers DGAF.
2 replies 3 retweets 14 likesShow this thread -
This Tweet is unavailable.
-
This Tweet is unavailable.
That's literally what CCT is.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.