Google’s “Web Integrity” Android API could kill “alternative” media clients | Ars Technica - eviltoast
  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    6
    ·
    1 year ago

    This is the best summary I could come up with:


    When you tried to access some protected content, a browser supporting the Web Integrity API would first contact a third-party “environment attestation” server, and your computer would have to pass some kind of test.

    The company says: “We’ve heard your feedback, and the Web Environment Integrity proposal is no longer being considered by the Chrome team.”

    Unlike the web version, which would have been a big step “forward” for invasive DRM solutions, Android already has environment attestation, so it doesn’t sound like this is doing that much.

    If you are Spotify or YouTube, you could already block modified devices at the app level before the embedded WebView even boots up, via the Play Integrity API.

    Netflix famously demands preinstallation of Widevine on devices in order to show HD content, and problems with the DRM are a common support issue.

    The blog post notes that while Android’s WebView system brings "a lot of flexibility… it can be used as a means for fraud and abuse, because it allows app developers to access web content, and intercept or modify user interactions with it.


    The original article contains 784 words, the summary contains 181 words. Saved 77%. I’m a bot and I’m open source!

  • paradox2011@lemmy.ml
    link
    fedilink
    arrow-up
    3
    ·
    edit-2
    1 year ago

    Interesting, so it seems like the WebView that android uses could make a difference. I wonder if all of us on custom ROMs that use alternative webviews will avoid this nastiness if it does make it to stock android.

    • TechNom (nobody)@programming.dev
      link
      fedilink
      English
      arrow-up
      8
      ·
      1 year ago

      The danger is the same as WEI or Play Integrity. Apps may refuse to work if the attestation fails. What do they gain from it? I don’t know. But what is the purpose of banking apps checking if the device is rooted or not? They work without it on laptops.

      • paradox2011@lemmy.ml
        link
        fedilink
        arrow-up
        3
        ·
        1 year ago

        Ok, that makes sense. Well I guess that doesn’t worry me to much (aside from the quicksand of DRM type stuff that it implies). I’ve had zero issues with play integrity because thankfully I don’t have to rely on any services that won’t function on a privacy respecting ROM. Hopefully that principle will hold true with websites as well.

        The exception is of course YouTube, I have yet to find a video sharing site that has the variety of content that YouTube does. Maybe this will be the final straw that pushes me off it, like Reddit’s garbage from a few months back pushed me to Lemmy.

        • TechNom (nobody)@programming.dev
          link
          fedilink
          English
          arrow-up
          1
          ·
          1 year ago

          Hopefully that principle will hold true with websites as well.

          The main issue that I have had is that the web experience for many banking apps is really really bad. Many of them are non-responsive designs aimed only for desktops. Even worse, some features are available only on their mobile apps - like chat support. Honestly, I don’t understand why banks do Google and Apple favors like this.

          • paradox2011@lemmy.ml
            link
            fedilink
            arrow-up
            2
            ·
            1 year ago

            Yeah it’s really frustrating. I haven’t actually experienced it myself, BOA, Amex, Doscover and Chase apps all seem to work just as expected on both CalyxOS and GrapheneOS from my usage. Maybe we’ll just need to start taking our business to the banks that allow more freedom in their app availability

    • TechNom (nobody)@programming.dev
      link
      fedilink
      English
      arrow-up
      12
      ·
      1 year ago

      WEI is canceled. They instead moved the same concept to Android webview as a feature of limited scope. In other words, they’ve just moved it away from public view. They don’t care about your opinion - they care only about money. And since the backlash caused damage to their reputation, ultimately reducing their income, they just took a tactical step back. But they will be back with it.