Reject apps that use a custom-in-app web browser for no valid reason

Originator:KrauseFx
Number:rdar://38109139 Date Originated:March 3 2018
Status:Open Resolved:
Product: Product Version:
Classification: Reproducible:
 
Allowing apps to show third party web content in an in-app web view (WKWebView) introduces a major security and privacy risk for iOS users, as it allows app developers to
- Track the user: which links to they tap, what do they read, what gestures do they use
- Show or replace ads with their own
- Steal user's credentials when they login on third party websites using simple JavaScript queries
and many more issues.

My proposal is to first warn, and then reject apps that show third party content using their own browser for no good reason. There should be exceptions, but it shouldn't be the case that every social media app just has their own browser so you can't share content with your friends using the platform of your choice.

More information on https://krausefx.com/blog/follow-user

Comments


Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!