惯性聚合 高效追踪和阅读你感兴趣的博客、新闻、科技资讯
阅读原文 在惯性聚合中打开

推荐订阅源

G
Google Developers Blog
S
Schneier on Security
The Hacker News
The Hacker News
P
Proofpoint News Feed
Spread Privacy
Spread Privacy
L
LINUX DO - 热门话题
L
Lohrmann on Cybersecurity
I
Intezer
cs.AI updates on arXiv.org
cs.AI updates on arXiv.org
www.infosecurity-magazine.com
www.infosecurity-magazine.com
Schneier on Security
Schneier on Security
Security Latest
Security Latest
AWS News Blog
AWS News Blog
B
Blog RSS Feed
Microsoft Security Blog
Microsoft Security Blog
有赞技术团队
有赞技术团队
博客园 - 叶小钗
The Last Watchdog
The Last Watchdog
O
OpenAI News
月光博客
月光博客
Hacker News: Ask HN
Hacker News: Ask HN
阮一峰的网络日志
阮一峰的网络日志
S
Security @ Cisco Blogs
Google Online Security Blog
Google Online Security Blog
云风的 BLOG
云风的 BLOG
奇客Solidot–传递最新科技情报
奇客Solidot–传递最新科技情报
Latest news
Latest news
P
Palo Alto Networks Blog
Last Week in AI
Last Week in AI
M
MIT News - Artificial intelligence
Google DeepMind News
Google DeepMind News
P
Proofpoint News Feed
C
CERT Recently Published Vulnerability Notes
Apple Machine Learning Research
Apple Machine Learning Research
U
Unit 42
PCI Perspectives
PCI Perspectives
博客园 - 聂微东
SecWiki News
SecWiki News
宝玉的分享
宝玉的分享
Forbes - Security
Forbes - Security
H
Heimdal Security Blog
cs.CL updates on arXiv.org
cs.CL updates on arXiv.org
Hugging Face - Blog
Hugging Face - Blog
freeCodeCamp Programming Tutorials: Python, JavaScript, Git & More
T
Troy Hunt's Blog
博客园 - 三生石上(FineUI控件)
Application and Cybersecurity Blog
Application and Cybersecurity Blog
罗磊的独立博客
WordPress大学
WordPress大学
D
Darknet – Hacking Tools, Hacker News & Cyber Security

Open Web Advocacy RSS Feed

28% Faster: The Blink Prototype That Shows Why Apple 28%高速化: AppleのiOSブラウザエンジン禁止措置を終わらせるべき理由を示すBlinkプロトタイプ - Open Web Advocacy 28% Faster: The Blink Prototype That Shows Why Apple Open Letter: Why the CMA Must Enforce the DMCCA - Open Web Advocacy Open Letter: Why the CMA Must Enforce the DMCCA - Open Web Advocacy Open Letter: Why the CMA Must Enforce the DMCCA - Open Web Advocacy The Digital Markets Act Is Delivering Real Wins, But Not Yet for Browser Engines - Open Web Advocacy The Digital Markets Act Is Delivering Real Wins, But Not Yet for Browser Engines - Open Web Advocacy The Digital Markets Act Is Delivering Real Wins, But Not Yet for Browser Engines - Open Web Advocacy Our Submission to the CMA on Apple’s iOS Interoperability Commitments - Open Web Advocacy Our Submission to the CMA on Apple’s iOS Interoperability Commitments - Open Web Advocacy Our Submission to the CMA on Apple’s iOS Interoperability Commitments - Open Web Advocacy Q&A with Simonetta Vezzoso: The Open Web, Apple, and the DMA - Open Web Advocacy Q&A with Simonetta Vezzoso: The Open Web, Apple, and the DMA - Open Web Advocacy Q&A with Simonetta Vezzoso: The Open Web, Apple, and the DMA - Open Web Advocacy Google Backs Down: Will Grant Hotseat in EU Browser Choice Screen - Open Web Advocacy Google Backs Down: Will Grant Hotseat in EU Browser Choice Screen - Open Web Advocacy Google Backs Down: Will Grant Hotseat in EU Browser Choice Screen - Open Web Advocacy OWA on RedMonk: Why the Mobile Web Still Can’t Compete with Native Apps, and How to Fix It! - Open Web Advocacy OWA on RedMonk: Why the Mobile Web Still Can’t Compete with Native Apps, and How to Fix It! - Open Web Advocacy OWA on RedMonk: Why the Mobile Web Still Can’t Compete with Native Apps, and How to Fix It! - Open Web Advocacy Apple’s Interoperability Commitments to the UK’s CMA Promise Nothing - Open Web Advocacy Apple’s Interoperability Commitments to the UK’s CMA Promise Nothing - Open Web Advocacy Apple’s Interoperability Commitments to the UK’s CMA Promise Nothing - Open Web Advocacy How Apple’s Key Tactic Could Prevent Japan’s Smartphone Act from Improving Browser Competition - Open Web Advocacy Appleの主要な戦術が、日本のスマホ法によるブラウザ競争の改善を阻む可能性について - Open Web Advocacy How Apple’s Key Tactic Could Prevent Japan’s Smartphone Act from Improving Browser Competition - Open Web Advocacy Open Web Advocacy 2025 in Review - Open Web Advocacy Open Web Advocacy 2025 in Review - Open Web Advocacy Open Web Advocacy 2025 in Review - Open Web Advocacy Tim Berners-Lee On Apple’s Browser Engine Ban and Web Apps - Open Web Advocacy Tim Berners-Lee On Apple’s Browser Engine Ban and Web Apps - Open Web Advocacy Tim Berners-Lee On Apple’s Browser Engine Ban and Web Apps - Open Web Advocacy What Apple’s UK Strategic Market Status Designation means for Browsers and Web Apps - Open Web Advocacy What Apple’s UK Strategic Market Status Designation means for Browsers and Web Apps - Open Web Advocacy What Apple’s UK Strategic Market Status Designation means for Browsers and Web Apps - Open Web Advocacy OWA at the EU Parliament DMA Working Group - Open Web Advocacy OWA at the EU Parliament DMA Working Group - Open Web Advocacy OWA at the EU Parliament DMA Working Group - Open Web Advocacy Can Perplexity Afford to Fund the Web? The $34.5 Billion-Dollar Question - Open Web Advocacy Can Perplexity Afford to Fund the Web? The $34.5 Billion-Dollar Question - Open Web Advocacy Can Perplexity Afford to Fund the Web? The $34.5 Billion-Dollar Question - Open Web Advocacy Japan: Apple Must Lift Browser Engine Ban by December - Open Web Advocacy Japan: Apple Must Lift Engine Ban by December - Open Web Advocacy Japan: Apple Must Lift Engine Ban by December - Open Web Advocacy UK Regulator Flags Apple’s iOS Browser Engine Ban in Draft SMS Designation - Open Web Advocacy UK Regulator Flags Apple’s iOS Browser Engine Ban in Draft SMS Designation - Open Web Advocacy UK Regulator Flags Apple’s iOS Browser Engine Ban in Draft SMS Designation - Open Web Advocacy Apple Apple Apple Google Google Google Balancing Security and Fair Competition - Open Web Advocacy Balancing Security and Fair Competition - Open Web Advocacy Balancing Security and Fair Competition - Open Web Advocacy Industry Voices Caution Against DOJ’s Plan to Force Sale Of Chrome - Open Web Advocacy Industry Voices Caution Against DOJ’s Plan to Force Sale Of Chrome - Open Web Advocacy Industry Voices Caution Against DOJ’s Plan to Force Sale Of Chrome - Open Web Advocacy Is It Worth Killing Mozilla to Shave Off Less Than 1% From Google’s Market Share? - Open Web Advocacy Is It Worth Killing Mozilla to Shave Off Less Than 1% From Google’s Market Share? - Open Web Advocacy Is It Worth Killing Mozilla to Shave Off Less Than 1% From Google’s Market Share? - Open Web Advocacy Break Google’s Search Monopoly without Breaking the Web - Open Web Advocacy Break Google’s Search Monopoly without Breaking the Web - Open Web Advocacy Break Google’s Search Monopoly without Breaking the Web - Open Web Advocacy UK Regulator UK Regulator UK Regulator SLAP and FLOP: Apple SLAP and FLOP: Apple SLAP and FLOP: Apple Digital Markets Act: Europe’s Digital Competitiveness at Stake - Open Web Advocacy Digital Markets Act: Europe’s Digital Competitiveness at Stake - Open Web Advocacy Digital Markets Act: Europe’s Digital Competitiveness at Stake - Open Web Advocacy UK Launches Investigation into Apple and Google under the DMCC - Open Web Advocacy UK Launches Investigation into Apple and Google under the DMCC - Open Web Advocacy UK Launches Investigation into Apple and Google under the DMCC - Open Web Advocacy Open Web Advocacy 2024 in Review - Open Web Advocacy Open Web Advocacy 2024 in Review - Open Web Advocacy Open Web Advocacy 2024 in Review - Open Web Advocacy iOS age restriction blocks all browsers except Safari, breaks choice screen - Open Web Advocacy iOS age restriction blocks all browsers except Safari, breaks choice screen - Open Web Advocacy iOS age restriction blocks all browsers except Safari, breaks choice screen - Open Web Advocacy Apple implements six of OWA Apple implements six of OWA Apple implements six of OWA It It It Interop 2025 must drop secret vetos - Open Web Advocacy Interop 2025 must drop secret vetos - Open Web Advocacy Interop 2025 must drop secret vetos - Open Web Advocacy Stuart Langridge: The Mazy Web - Open Web Advocacy Stuart Langridge: The Mazy Web - Open Web Advocacy Stuart Langridge: The Mazy Web - Open Web Advocacy Webventures: An Abridged History of Safari Showstoppers - Open Web Advocacy Webventures: An Abridged History of Safari Showstoppers - Open Web Advocacy Webventures: An Abridged History of Safari Showstoppers - Open Web Advocacy Google must share the ability to install Web Apps in Android - Open Web Advocacy
In-App Browsers: The worst erosion of user choice you haven
2024-03-26 · via Open Web Advocacy RSS Feed

In-App Browsers subvert user choice, stifle innovation, trap users into apps, break websites and enable applications to severely undermine user privacy. In-App Browsers hurt consumers, developers and damage the entire web ecosystem.

OWA recently met with both the Digital Markets Act team and the UK's Market Investigation Reference into Cloud Gaming and Browsers team to discuss how tech giants are subverting users' choice of default browser via in-app browsers and the harm this causes.

In-App browsers is a complex topic, so to outline our thoughts we wrote a detailed 61 page submission to the EU Commission which we are now publicly publishing today.

So what are In-App Browsers, and what problems do they cause?

An In-App Browser can open when users tap on links in a non-browser app. Rather than switching out of the app and to the user's default browser, in-app browsers open a pane within the host native app to render web pages. Hence the name, “in-app browser”.

When you click on a link to a third-party website, many popular apps ignore your choice of default browser and instead automatically and silently replace your default browser with their own in-app browser. Many users - likely most users! - are not aware that this switch has taken place.

Worst of all, this switch grants these apps the ability to spy and manipulate third-party websites. Popular apps like Instagram, Facebook Messenger and Facebook have all been caught injecting JavaScript via their in-app browsers into third party websites. TikTok was running commands that were essentially a keylogger. While we have no proof that this data was used or exfiltrated from the device, the mere presence of JavaScript code collecting this data combined with no plausible explanation is extremely concerning.

It is possible to use in-app browsers in a way that preserves privacy. Both iOS and Android provide a system components (SFSafariViewController and Android Custom Tabs respectively), which do not allow the hosting app to inject JavaScript or otherwise spy on the user. Android Custom Tabs solution also (by default) invokes the users default browser.

Thus, this behavior would be impossible if links were simply opened in the user's default browser or in the system provided in-app browser.

This is the reality users face on their phones today. It doesn't have to be this way. Mandating that apps respect browser choice isn't just a matter of convenience; it's about empowering both consumers and companies to thrive in a more open, stable, feature rich, secure and private digital ecosystem.

Disrespect of users' choice of browser also stifles innovation. The Web thrives when browsers compete on functionality and user experience. In-app browsers, however, don't compete as browsers. Many, perhaps even most, users are unaware they are being foisted upon them. They're also unaware of the quality, security and privacy risks associated with them. In-app browsers operate in a vacuum, immune from competitive pressure to improve.

This stagnation hurts everyone. Users are stuck with forgetful, subpar in-app browsers. Businesses struggle to reach and engage with audiences due to missing features and bugs in browsers that no one made an affirmative choice to use.

The solution is clear – respect the user's choice of browser.

Mandating that non-browser apps utilise a users' default browser for third-party websites will unlock a more vibrant and equitable digital landscape. Users will enjoy familiar tools they trust, experiencing websites as they were designed. Businesses and publishers will gain access to earned audiences, free from interference by native app developers.

The intrusion of in-app browsers, along with the significant bugs, missing features and critical privacy and data protection concerns they introduce should be addressed. The Digital Markets Act and the UK's MIR have all of the necessary enforcement powers to right this wrong.

Remote tab in-app browsers such as Android Custom Tabs are a potentially ideal solution for most users. Android Custom Tabs, by default, invokes the user's default browser and prevents the app injecting JavaScript. This is an interesting middle ground where the user (and the app) can benefit from not leaving the app context while still respecting the user's choice of default browser and preserving the user's privacy. However, it is currently possible for the hosting native app to lock Android Custom Tabs to a particular browser and override the user's choice of default browser. This ability needs to be removed.

While iOS's remote tab in-app browser (SFSafariViewController) prevents the app injecting JavaScript, it is locked to Safari (or more specifically the WkWebView) and thus overrides the user's choice of default browser.

We have proposed 6 remedies:

  • Designated Core Platform Services should respect the user's choice of default browser. (DMA specific)
  • App Store rules must mandate non-browser apps use the user's chosen default browser for http/https links to third-party websites/Web Apps.
  • Apple must update SFSafariViewController (Apple's system provided in-app browser for iOS) to respect the user's choice of default browser.
  • Third-Party businesses must be provided an explicit and effective technical opt-out from non-default In-App Browsers.
  • Operating systems must provide a global user opt-out. Apps must also request explicit permission from users in order to override their choice of default browser.
  • Google must remove the ability to override a user's choice of default browser via Android Custom Tabs (Google's system provided in-app browser for Android).

These remedies overlap, addressing different aspects of the problem. When effected, these remedies will prevent gatekeepers from subverting the user choice of browser, provide users enhanced control over their privacy and security, and make technical fixes to the underpinnings of how web pages are loaded. These fixes will project a user's choice of browser in non-browser apps they use, providing users the security, privacy, stability and features on which browser wars are legitimately fought. No longer will apps be allowed to syphon web traffic for their own enrichment at the detriment of the community at large.

We would in particular like to thank Lukasz Olejnik, Felix Krause, Jesper van den Ende, Stuart Langridge, Bruce Lawson and Adrian Holovaty for their work in helping make this case. We are also thankful for the broad support and feedback we have received from the web development and browser development community.

We will continue to pursue this matter until it is fixed globally. Users' choice of browser is only important if that choice is actually respected.

Your browser, your choice!

Stay tuned: