Described on GitHub, the API lets developers determine if their native app is installed on your device.
Of course, there are benefits that will improve the experience when people have multiple apps from the same developer installed on their device. It will prevent potentially annoying consequences such as receiving the same notification twice.
So what’s the problem? As an article on highly-esteemed tech site The Register points out, the purpose of this API “isn’t really about users so much as web and app publishers.”
In fact, if it isn’t handled properly, it could be a major risk to people’s security and privacy. “If done incorrectly, there’s a good chance of it being open to abuse–and with that come some pretty significant privacy and security related issues,” says security researcher Sean Wright.
Google Chrome privacy: Identifying factors
The privacy issue stems from the fact that the API would allow sites to potentially see which apps you have installed on your device. “Seeing what you have installed allows them to form a picture of what you do,” says Wright.
At the same time, it could impact your security: “Knowing which apps are installed can help attackers perform targeted phishing or to target apps with known vulnerabilities,” Wright warns.
It looks like Google will officially support this API in a future version of Chrome, according to a statement of intent posted by Google engineer Rayan Kanso at the end of November. In the post, he conceded that it would not help Chrome users directly although said it “indirectly benefits them through improved web experiences.”
Google is aware that its new move could have consequences. This week, Google engineer Yoav Weiss expressed concerns, highlighting the API’s risks. He pointed out that “the collection of bits of answers” to “Is app X installed” could reveal enough about a user to uniquely identify them.
I have reached out to Google for further comment and will update this story when it arrives.
A risk to Google Chrome users’ security and privacy: What to do
As the Register’s Thomas Claburn states, it shows “how user concerns, like privacy, don’t necessarily drive how software gets made.”
Indeed, concerns such as security and privacy often take a back seat, right behind functionality. “There has to be a balance, but unfortunately this often seems tipped in favor of functionality,” says Wright. “It’s putting the company before users. This really frustrates me because without your users, there would be no company.”
Sound familiar? That’s because it is. Increasingly often, users are being overlooked when they really should be at the heart of every product.
But there is something you can do. The only way to fight back against changes that impact privacy is to look for alternatives that do not affect you in the same way.
Many companies are hitting back against the likes of Google and Facebook, by providing services that respect their users’ privacy and security. Firefox is currently the browser of choice for those who are concerned, and many Chrome users have already moved over.
At the same time, smaller browsers such as Brave are quickly gaining a strong reputation, so it might be a good time to try something new.
Follow me on Twitter.