Posted by the Android group
Android WebView is a robust and versatile API that Android builders can use to embed media of their apps, and frequently enhancing its safety and privateness protections is a high precedence for our group. For instance, embedded media suppliers ought to be capable to confirm that their media is enjoying in a trusted and protected atmosphere. Android app builders and SDK suppliers have already got options for this, together with attestation providers just like the Play Integrity API and Firebase App Verify, which protect consumer privateness whereas enabling builders to confirm their apps’ server requests. Right now, app builders are capable of move data from these attestation providers to embedded content material suppliers; nonetheless, the present course of is neither easy nor scalable. That’s why we’re piloting an experimental Android WebView Media Integrity API with choose embedded media suppliers early subsequent yr.
How does this relate to the Net Setting Integrity API proposal?
We’ve heard your suggestions, and the Net Setting Integrity proposal is not being thought of by the Chrome group. In distinction, the Android WebView Media Integrity API is narrowly scoped, and solely targets WebViews embedded in apps. It merely extends current performance on Android units which have Google Cellular Companies (GMS) and there are not any plans to supply it past embedded media, comparable to streaming video and audio, or past Android WebViews.
What’s the problem with Android WebViews?
The Android WebView API lets app builders show net pages which embed media, with elevated management over the UI and superior configuration choices to permit a seamless integration within the app. This brings a variety of flexibility, however it may be used as a way for fraud and abuse, as a result of it permits app builders to entry net content material, and intercept or modify consumer interactions with it. Whereas this has its advantages when apps embed their very own net content material, it doesn’t prohibit dangerous actors from modifying content material and, by proxy, misrepresenting its supply.
What performance are we bringing to embedded Android WebView media?
The brand new Android WebView Media Integrity API will give embedded media suppliers entry to a tailor-made integrity response that incorporates a tool and app integrity verdict in order that they’ll guarantee their streams are working in a protected and trusted atmosphere, no matter which app retailer the embedding app was put in from. These verdicts are easy, low entropy metadata concerning the app and machine and don’t include any consumer or machine identifiers. In contrast to apps and video games utilizing Play Integrity API, media suppliers is not going to receive the app’s Play licensing standing and apps can even be capable to exclude their bundle title from the decision in the event that they select. Our purpose for the API is to assist maintain a thriving and various ecosystem of media content material in Android apps, and we’re inviting media content material suppliers to specific curiosity in becoming a member of an early entry program early subsequent yr.