Facebook puts its own Chromium WebView browser in the Android app • The Registry

Analysis Meta’s Facebook has tested its own custom browser engine in its Android app and plans to distribute the code more widely, apparently for better security and an improved user experience.

Facebook on Android defaults to having users open web links in the app rather than the mobile browser designated as the default in Android’s System Preferences. It does this, like many other popular Android apps, by using Android System WebView, a Google-provided component that loads web pages into the app.

This has some user benefits in terms of resource efficiency, but comes at the expense of users’ browser choice, saved passwords, retained login state, and privacy-related browser settings. , accessibility and extensions.

WebViews also have some benefits for Facebook in terms of improving engagement metrics — getting people out of the app to a standalone web browser means they might not immediately return. It also means better visibility into user activity – WebViews expose more user data and activity than standalone browsers.

An industry source described WebView browsers for The register like “tracker-blocker-blockers”, while noting that the main issue is what it does to the user’s choice.

Coincidentally, Facebook parent Meta was sued last month for allegedly failing to adequately disclose the consequences of WebView-based browsing — a charge the company disputes.

Facebook considers the iOS WebView – from Safari’s WebKit engine – less than ideal because as a system component it only gets updated with iOS updates. On Android, things work differently. Android WebView and Chrome system can be updated through Google Play.

Even so, according to Nate Schloss, director of software engineering at Facebook, Android users often don’t bother to update their Chrome app or apps that incorporate WebViews, which can compromise security and lead to less good user experience.

Blurred lines

“To help address these issues – and following the precedent of browser vendors such as Microsoft Edge, Samsung Internet and Mozilla Firefox all offering custom browser engines on Android – we built and tested a separate Chromium-based WebView for a few years.” Schloss said in a blog post on Friday, blurring the line between companies that offer standalone browsers on Android and Facebook, which offers an embeddable browser component.

According to Schloss, Facebook’s Chromium-based WebView will replace the Android system’s WebView (also Chromium-based, but controlled by Google) for Facebook on Android’s built-in browser.

“This WebView can be updated in sync with Facebook app updates and function as an instant replacement for the System WebView in the Facebook app without compromising or altering the user experience in any way” , explains Schloss.

The register asked Meta if people could use their favorite browser to open links displayed in the Facebook app.

A spokesperson said: “If desired, users can use our in-app browser menu to select the option to open links in the system browser. Additionally, people who do not wish to use the full functionality of our technologies (including the in-app browser) can access Facebook and Instagram through the web instead of our apps.”

However, there is no easy way to configure the Facebook app to open all links in the default Android browser selected by the user. Links have to be opened in the Facebook app first, then the user has to tap the menu ••• More options to load the page a second time in the user’s standalone browser – not exactly an experience transparent user. Meta’s spokesperson observed that this is more than some competing apps allow – TikTok does not support opening links in an external browser, for example.

[A reader writes in to say that Facebook does allow users to open a link first in an external browser, it’s just a fairly hidden option. We’re told you need to open the menu then navigate to Settings and Privacy -> Settings -> Profile -> Profile settings for your account -> Media and contacts -> “Links open externally”. That should work albeit until Facebook undoes the option after a while. – ed.]

Facebook could have used a different technology to implement its WebView replacement, Chrome Custom Tabs (CCTs). Introduced in 2015, Google recommends WebViews for hosting your own content in an application and CCT for external content.

“If your app redirects users to URLs outside of your domain, we recommend using custom tabs,” the company’s documentation suggests, because CCTs offer “support for the same features and capabilities of the web platform than browsers”, and various other benefits like that of Google. Safe browsing system.

We can handle it

Meta’s spokesperson, however, said The register that CCTs wouldn’t work for the Facebook app on Android: “Our in-app browser provides features and security protections for users that we can’t create with Chrome’s custom tabs. For example, we can allow users to report malicious web pages to us and we can more easily detect attacks by malicious actors, such as when a scammer tries to redirect users to a malicious site.”

Meta, obviously, prefers to handle web attacks on its own rather than providing data to Google’s Safe Browsing service. And its concern for security appears to be limited to the mobile environment — Facebook has shown no signs of trying to change the way desktop users experience the social network. Also, WebViews had its own security issues. [PDF] in the old days.

In-app browsers (WebViews and others) have been the subject of debate in recent years, notably by Alex Russell, currently at Microsoft and formerly at Google, and Felix Krause, founder of fastlane.tools. These “Franken browsers” continue to exist because Apple and Google support them in their respective mobile operating systems.

Part of the reason may have to do with letting regulators know there is competition, in order to ward off antitrust litigation.

Indeed, in his comments [PDF] to the UK Competition and Markets Authority, Google specifically cites native apps, “which allow users to view web content on in-app browsers, which have heavy traffic”, as evidence that the company has competition.

Google acknowledges that the CMA interim report “raises concerns that in-app browsers are replacing the default browsers chosen by users.” However, the company supports the CMA’s observation that “the decision of whether a native app launches an in-app browser, and if so, which browser, rests with the developer of the respective app, not Google”.

The Facebook app made this choice, although it allows users to choose for themselves when loading the second page. ®

Comments are closed.