Google’s Chrome browser has come under intensifying inspection lately, especially after its Manifest V3 plans announced previously this year, which made some adblockers to break.
Now privacy advocates are refining in on an emerging web API called getInstalledRelatedApps, which has been in development since 2015 and accessible to experiment with ever since Chrome 59’s launch in 2017.
Defined on GitHub, the API lets developers verify if their native app is installed on your device.
For sure, some benefits will advance the experience when people have native apps and web from the same developer installed on their device. It will avoid potentially bothersome consequences, such as getting the same notification twice.
So what’s the trouble? As an article on reputed tech site The Register hints, the purpose of this API “isn’t actually about users so much as app and web publishers.”
In reality, if it isn’t managed properly, it could be a key risk to people’s privacy and security. “If done wrongly, there’s a good possibility of it being open to abuse–and with that accompany some pretty important privacy and security associated issues,” says security researcher Sean Wright.
Google Chrome privacy: Recognizing factors
The privacy issue arises from the fact that the API would permit sites to see which apps you have installed on your device, possibly. “Seeing what you have installed enables them to form a picture of what you do,” says Wright.
Simultaneously, it could affect your security: “Knowing which apps are installed can aid attackers to execute targeted phishing or to target apps with known susceptibilities,” Wright cautions.
It seems like Google will formally support this API in a future version of Chrome, as per a statement of intent sent by Google engineer Rayan Kanso at the end of November. In the message, he accepted that it would not help Chrome users directly though he said it “indirectly helps them through improved web experiences.”
Google is aware that its new move could have concerns. This week, Google engineer Yoav Weiss expressed fears, emphasizing the API’s risks. He mentioned that “the collection of bits of answers” to “Is app X installed” could reveal sufficient about a user to exclusively identify them.
A risk to Google Chrome users’ security and privacy: What to do
As the Register’s Thomas Claburn says, it shows “how user interests, like privacy, don’t essentially guide how software gets made.”
Certainly, concerns such as privacy and security often take a secondary priority, right behind functionality. “There has to be stability, but unfortunately, this often seems tilted in favor of functionality,” says Wright. “It’s placing the company before users. This really upsets me because without your users, there would be no corporation.”
Sound familiar? That’s because it is. Increasingly often, users are being ignored when they really should be at the core of every product.
But there is one thing you can do. The only way to defend yourself against changes that affect privacy is to look for substitutes that do not disturb you in the same way.
Many companies are hitting back against the likes of Facebook and Google by offering services that value their users’ privacy and security. Firefox is presently the browser of choice for those who are worried, and many Chrome users have already moved there.
At the same time, smaller browsers such as Brave are rapidly gaining a strong repute, so it might be a decent time to try something new.
