惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

Martin Fowler
Martin Fowler
L
LINUX DO - 最新话题
P
Proofpoint News Feed
Cyberwarzone
Cyberwarzone
Know Your Adversary
Know Your Adversary
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
L
Lohrmann on Cybersecurity
D
Darknet – Hacking Tools, Hacker News & Cyber Security
Security Latest
Security Latest
T
The Exploit Database - CXSecurity.com
Exploit-DB.com RSS Feed
Exploit-DB.com RSS Feed
P
Privacy & Cybersecurity Law Blog
K
Kaspersky official blog
The Last Watchdog
The Last Watchdog
Webroot Blog
Webroot Blog
Scott Helme
Scott Helme
T
Threat Research - Cisco Blogs
C
Cyber Attacks, Cyber Crime and Cyber Security
WordPress大学
WordPress大学
L
LINUX DO - 热门话题
OSCHINA 社区最新新闻
OSCHINA 社区最新新闻
博客园 - Franky
V
Visual Studio Blog
O
OpenAI News
AI
AI
Hacker News: Ask HN
Hacker News: Ask HN
V2EX - 技术
V2EX - 技术
GbyAI
GbyAI
Recent Commits to openclaw:main
Recent Commits to openclaw:main
Simon Willison's Weblog
Simon Willison's Weblog
S
Schneier on Security
Spread Privacy
Spread Privacy
Y
Y Combinator Blog
I
InfoQ
H
Hackread – Cybersecurity News, Data Breaches, AI and More
T
Threatpost
C
Cybersecurity and Infrastructure Security Agency CISA
F
Fortinet All Blogs
C
CERT Recently Published Vulnerability Notes
T
The Blog of Author Tim Ferriss
C
Check Point Blog
Apple Machine Learning Research
Apple Machine Learning Research
有赞技术团队
有赞技术团队
人人都是产品经理
人人都是产品经理
N
News and Events Feed by Topic
Project Zero
Project Zero
小众软件
小众软件
让小产品的独立变现更简单 - ezindie.com
让小产品的独立变现更简单 - ezindie.com
B
Blog
G
Google Developers Blog

Open Web Advocacy RSS Feed

28% Faster: The Blink Prototype That Shows Why Apple 28%高速化: AppleのiOSブラウザエンジン禁止措置を終わらせるべき理由を示すBlinkプロトタイプ - Open Web Advocacy 28% Faster: The Blink Prototype That Shows Why Apple Open Letter: Why the CMA Must Enforce the DMCCA - Open Web Advocacy Open Letter: Why the CMA Must Enforce the DMCCA - Open Web Advocacy Open Letter: Why the CMA Must Enforce the DMCCA - Open Web Advocacy The Digital Markets Act Is Delivering Real Wins, But Not Yet for Browser Engines - Open Web Advocacy The Digital Markets Act Is Delivering Real Wins, But Not Yet for Browser Engines - Open Web Advocacy The Digital Markets Act Is Delivering Real Wins, But Not Yet for Browser Engines - Open Web Advocacy Our Submission to the CMA on Apple’s iOS Interoperability Commitments - Open Web Advocacy Our Submission to the CMA on Apple’s iOS Interoperability Commitments - Open Web Advocacy Our Submission to the CMA on Apple’s iOS Interoperability Commitments - Open Web Advocacy Q&A with Simonetta Vezzoso: The Open Web, Apple, and the DMA - Open Web Advocacy Q&A with Simonetta Vezzoso: The Open Web, Apple, and the DMA - Open Web Advocacy Q&A with Simonetta Vezzoso: The Open Web, Apple, and the DMA - Open Web Advocacy Google Backs Down: Will Grant Hotseat in EU Browser Choice Screen - Open Web Advocacy Google Backs Down: Will Grant Hotseat in EU Browser Choice Screen - Open Web Advocacy Google Backs Down: Will Grant Hotseat in EU Browser Choice Screen - Open Web Advocacy OWA on RedMonk: Why the Mobile Web Still Can’t Compete with Native Apps, and How to Fix It! - Open Web Advocacy OWA on RedMonk: Why the Mobile Web Still Can’t Compete with Native Apps, and How to Fix It! - Open Web Advocacy OWA on RedMonk: Why the Mobile Web Still Can’t Compete with Native Apps, and How to Fix It! - Open Web Advocacy Apple’s Interoperability Commitments to the UK’s CMA Promise Nothing - Open Web Advocacy Apple’s Interoperability Commitments to the UK’s CMA Promise Nothing - Open Web Advocacy Apple’s Interoperability Commitments to the UK’s CMA Promise Nothing - Open Web Advocacy How Apple’s Key Tactic Could Prevent Japan’s Smartphone Act from Improving Browser Competition - Open Web Advocacy Appleの主要な戦術が、日本のスマホ法によるブラウザ競争の改善を阻む可能性について - Open Web Advocacy How Apple’s Key Tactic Could Prevent Japan’s Smartphone Act from Improving Browser Competition - Open Web Advocacy Open Web Advocacy 2025 in Review - Open Web Advocacy Open Web Advocacy 2025 in Review - Open Web Advocacy Open Web Advocacy 2025 in Review - Open Web Advocacy Tim Berners-Lee On Apple’s Browser Engine Ban and Web Apps - Open Web Advocacy Tim Berners-Lee On Apple’s Browser Engine Ban and Web Apps - Open Web Advocacy Tim Berners-Lee On Apple’s Browser Engine Ban and Web Apps - Open Web Advocacy What Apple’s UK Strategic Market Status Designation means for Browsers and Web Apps - Open Web Advocacy What Apple’s UK Strategic Market Status Designation means for Browsers and Web Apps - Open Web Advocacy What Apple’s UK Strategic Market Status Designation means for Browsers and Web Apps - Open Web Advocacy OWA at the EU Parliament DMA Working Group - Open Web Advocacy OWA at the EU Parliament DMA Working Group - Open Web Advocacy OWA at the EU Parliament DMA Working Group - Open Web Advocacy Can Perplexity Afford to Fund the Web? The $34.5 Billion-Dollar Question - Open Web Advocacy Can Perplexity Afford to Fund the Web? The $34.5 Billion-Dollar Question - Open Web Advocacy Can Perplexity Afford to Fund the Web? The $34.5 Billion-Dollar Question - Open Web Advocacy Japan: Apple Must Lift Browser Engine Ban by December - Open Web Advocacy Japan: Apple Must Lift Engine Ban by December - Open Web Advocacy Japan: Apple Must Lift Engine Ban by December - Open Web Advocacy UK Regulator Flags Apple’s iOS Browser Engine Ban in Draft SMS Designation - Open Web Advocacy UK Regulator Flags Apple’s iOS Browser Engine Ban in Draft SMS Designation - Open Web Advocacy UK Regulator Flags Apple’s iOS Browser Engine Ban in Draft SMS Designation - Open Web Advocacy Apple Apple Apple Google Google Google Balancing Security and Fair Competition - Open Web Advocacy Balancing Security and Fair Competition - Open Web Advocacy Balancing Security and Fair Competition - Open Web Advocacy Industry Voices Caution Against DOJ’s Plan to Force Sale Of Chrome - Open Web Advocacy Industry Voices Caution Against DOJ’s Plan to Force Sale Of Chrome - Open Web Advocacy Industry Voices Caution Against DOJ’s Plan to Force Sale Of Chrome - Open Web Advocacy Is It Worth Killing Mozilla to Shave Off Less Than 1% From Google’s Market Share? - Open Web Advocacy Is It Worth Killing Mozilla to Shave Off Less Than 1% From Google’s Market Share? - Open Web Advocacy Is It Worth Killing Mozilla to Shave Off Less Than 1% From Google’s Market Share? - Open Web Advocacy Break Google’s Search Monopoly without Breaking the Web - Open Web Advocacy Break Google’s Search Monopoly without Breaking the Web - Open Web Advocacy Break Google’s Search Monopoly without Breaking the Web - Open Web Advocacy UK Regulator UK Regulator UK Regulator SLAP and FLOP: Apple SLAP and FLOP: Apple SLAP and FLOP: Apple Digital Markets Act: Europe’s Digital Competitiveness at Stake - Open Web Advocacy Digital Markets Act: Europe’s Digital Competitiveness at Stake - Open Web Advocacy Digital Markets Act: Europe’s Digital Competitiveness at Stake - Open Web Advocacy UK Launches Investigation into Apple and Google under the DMCC - Open Web Advocacy UK Launches Investigation into Apple and Google under the DMCC - Open Web Advocacy UK Launches Investigation into Apple and Google under the DMCC - Open Web Advocacy Open Web Advocacy 2024 in Review - Open Web Advocacy Open Web Advocacy 2024 in Review - Open Web Advocacy Open Web Advocacy 2024 in Review - Open Web Advocacy iOS age restriction blocks all browsers except Safari, breaks choice screen - Open Web Advocacy iOS age restriction blocks all browsers except Safari, breaks choice screen - Open Web Advocacy iOS age restriction blocks all browsers except Safari, breaks choice screen - Open Web Advocacy Apple implements six of OWA Apple implements six of OWA Apple implements six of OWA It It It Interop 2025 must drop secret vetos - Open Web Advocacy Interop 2025 must drop secret vetos - Open Web Advocacy Interop 2025 must drop secret vetos - Open Web Advocacy Stuart Langridge: The Mazy Web - Open Web Advocacy Stuart Langridge: The Mazy Web - Open Web Advocacy Stuart Langridge: The Mazy Web - Open Web Advocacy Webventures: An Abridged History of Safari Showstoppers - Open Web Advocacy Webventures: An Abridged History of Safari Showstoppers - Open Web Advocacy Webventures: An Abridged History of Safari Showstoppers - Open Web Advocacy Google must share the ability to install Web Apps in Android - Open Web Advocacy
In-App Browsers: The worst erosion of user choice you haven
2024-03-26 · via Open Web Advocacy RSS Feed

In-App Browsers subvert user choice, stifle innovation, trap users into apps, break websites and enable applications to severely undermine user privacy. In-App Browsers hurt consumers, developers and damage the entire web ecosystem.

OWA recently met with both the Digital Markets Act team and the UK's Market Investigation Reference into Cloud Gaming and Browsers team to discuss how tech giants are subverting users' choice of default browser via in-app browsers and the harm this causes.

In-App browsers is a complex topic, so to outline our thoughts we wrote a detailed 61 page submission to the EU Commission which we are now publicly publishing today.

So what are In-App Browsers, and what problems do they cause?

An In-App Browser can open when users tap on links in a non-browser app. Rather than switching out of the app and to the user's default browser, in-app browsers open a pane within the host native app to render web pages. Hence the name, “in-app browser”.

When you click on a link to a third-party website, many popular apps ignore your choice of default browser and instead automatically and silently replace your default browser with their own in-app browser. Many users - likely most users! - are not aware that this switch has taken place.

Worst of all, this switch grants these apps the ability to spy and manipulate third-party websites. Popular apps like Instagram, Facebook Messenger and Facebook have all been caught injecting JavaScript via their in-app browsers into third party websites. TikTok was running commands that were essentially a keylogger. While we have no proof that this data was used or exfiltrated from the device, the mere presence of JavaScript code collecting this data combined with no plausible explanation is extremely concerning.

It is possible to use in-app browsers in a way that preserves privacy. Both iOS and Android provide a system components (SFSafariViewController and Android Custom Tabs respectively), which do not allow the hosting app to inject JavaScript or otherwise spy on the user. Android Custom Tabs solution also (by default) invokes the users default browser.

Thus, this behavior would be impossible if links were simply opened in the user's default browser or in the system provided in-app browser.

This is the reality users face on their phones today. It doesn't have to be this way. Mandating that apps respect browser choice isn't just a matter of convenience; it's about empowering both consumers and companies to thrive in a more open, stable, feature rich, secure and private digital ecosystem.

Disrespect of users' choice of browser also stifles innovation. The Web thrives when browsers compete on functionality and user experience. In-app browsers, however, don't compete as browsers. Many, perhaps even most, users are unaware they are being foisted upon them. They're also unaware of the quality, security and privacy risks associated with them. In-app browsers operate in a vacuum, immune from competitive pressure to improve.

This stagnation hurts everyone. Users are stuck with forgetful, subpar in-app browsers. Businesses struggle to reach and engage with audiences due to missing features and bugs in browsers that no one made an affirmative choice to use.

The solution is clear – respect the user's choice of browser.

Mandating that non-browser apps utilise a users' default browser for third-party websites will unlock a more vibrant and equitable digital landscape. Users will enjoy familiar tools they trust, experiencing websites as they were designed. Businesses and publishers will gain access to earned audiences, free from interference by native app developers.

The intrusion of in-app browsers, along with the significant bugs, missing features and critical privacy and data protection concerns they introduce should be addressed. The Digital Markets Act and the UK's MIR have all of the necessary enforcement powers to right this wrong.

Remote tab in-app browsers such as Android Custom Tabs are a potentially ideal solution for most users. Android Custom Tabs, by default, invokes the user's default browser and prevents the app injecting JavaScript. This is an interesting middle ground where the user (and the app) can benefit from not leaving the app context while still respecting the user's choice of default browser and preserving the user's privacy. However, it is currently possible for the hosting native app to lock Android Custom Tabs to a particular browser and override the user's choice of default browser. This ability needs to be removed.

While iOS's remote tab in-app browser (SFSafariViewController) prevents the app injecting JavaScript, it is locked to Safari (or more specifically the WkWebView) and thus overrides the user's choice of default browser.

We have proposed 6 remedies:

  • Designated Core Platform Services should respect the user's choice of default browser. (DMA specific)
  • App Store rules must mandate non-browser apps use the user's chosen default browser for http/https links to third-party websites/Web Apps.
  • Apple must update SFSafariViewController (Apple's system provided in-app browser for iOS) to respect the user's choice of default browser.
  • Third-Party businesses must be provided an explicit and effective technical opt-out from non-default In-App Browsers.
  • Operating systems must provide a global user opt-out. Apps must also request explicit permission from users in order to override their choice of default browser.
  • Google must remove the ability to override a user's choice of default browser via Android Custom Tabs (Google's system provided in-app browser for Android).

These remedies overlap, addressing different aspects of the problem. When effected, these remedies will prevent gatekeepers from subverting the user choice of browser, provide users enhanced control over their privacy and security, and make technical fixes to the underpinnings of how web pages are loaded. These fixes will project a user's choice of browser in non-browser apps they use, providing users the security, privacy, stability and features on which browser wars are legitimately fought. No longer will apps be allowed to syphon web traffic for their own enrichment at the detriment of the community at large.

We would in particular like to thank Lukasz Olejnik, Felix Krause, Jesper van den Ende, Stuart Langridge, Bruce Lawson and Adrian Holovaty for their work in helping make this case. We are also thankful for the broad support and feedback we have received from the web development and browser development community.

We will continue to pursue this matter until it is fixed globally. Users' choice of browser is only important if that choice is actually respected.

Your browser, your choice!

Stay tuned: