Feature #1050
closed[SECURITY] Why not use Chrome render engine instead of WebView?
0%
Description
The #DivestOS is badmouthing your browser here:
"you are likely using the Google/Chrome WebView with extra telemetry"
"browser is largely not recommended as they are inherently limited due to the WebView merely being a widget for adding web content to an app and are not intended to create a full browser experience."
https://divestos.org/pages/browsers.html#webview
Personally I use Bromite but since it's outdated - I would try this browser if only it uses Chrome engine not webview.
Updated by divest os over 1 year ago
And that page ranked FOSS browser higher than Privacy browser
because Privacy browser's "Fingerprinting Protection" is "No."??
Updated by divest os over 1 year ago
`vulnerability potential can be used to gain access to shared preference files using the file:/// command or can utilize smsJSInterface.launchSMSActivity to send unwanted SMS messages from the phone`
Another topic: does your browser block access to file:* because it is important?
Updated by Soren Stoutner over 1 year ago
- Status changed from New to Closed
I have discovered that most websites that pretend to understand security either don't or have ulterior motives. Hence, I don't pay much attention when they get things wrong. Rather, I just focus on building the best browser I can and assume that the internet's understanding will eventually catch up.
Regarding the general idea, Android's WebView is build from a subset of the codebase that builds Chromium. The full Chromium code has a lot more privacy-invading problems than WebView does, although neither is perfect, which is why I am going to release Privacy WebView in the 4.x series.
There is some further information on a tangential subject at https://www.stoutner.com/geckoview/.
Updated by Soren Stoutner over 1 year ago
Regarding the file access question, it is highly antiquated and not applicable as the entire ecosystem has move on (notice how it is talking about Android 4.2). But the short answer is yes, and the slightly longer answer is that, with the change to the Storage Access Framework, all access to files outside of Privacy Browser's private directory are handled by content:// URLs.
There is more information at https://www.stoutner.com/privacy-browser-3-7/.