Growing belief for embedded media
Posted by the Android group
Android WebView is a strong and versatile API that Android builders can use to embed media of their apps, and regularly enhancing its security and privacy protections is a high precedence for our group. For instance, embedded media suppliers ought to have the ability to confirm that their media is enjoying in a trusted and secure atmosphere. Android app builders and SDK suppliers have already got options for this, together with attestation providers just like the Play Integrity API and Firebase App Check, which protect person privateness whereas enabling builders to confirm their apps’ server requests. In the present day, app builders are in a position to go data from these attestation providers to embedded content material suppliers; nevertheless, the present course of is neither easy nor scalable. That’s why we’re piloting an experimental Android WebView Media Integrity API with choose embedded media suppliers early subsequent yr.
How does this relate to the Internet Atmosphere Integrity API proposal?
We’ve heard your suggestions, and the Web Environment Integrity proposal is now not being thought of by the Chrome group. In distinction, the Android WebView Media Integrity API is narrowly scoped, and solely targets WebViews embedded in apps. It merely extends current performance on Android units which have Google Cellular Companies (GMS) and there aren’t any plans to supply it past embedded media, equivalent to streaming video and audio, or past Android WebViews.
What’s the problem with Android WebViews?
The Android WebView API lets app builders show net pages which embed media, with elevated management over the UI and superior configuration choices to permit a seamless integration within the app. This brings lots of flexibility, however it may be used as a method for fraud and abuse, as a result of it permits app builders to entry net content material, and intercept or modify person interactions with it. Whereas this has its advantages when apps embed their very own net content material, it doesn’t prohibit unhealthy actors from modifying content material and, by proxy, misrepresenting its supply.
What performance are we bringing to embedded Android WebView media?
The brand new Android WebView Media Integrity API will give embedded media suppliers entry to a tailor-made integrity response that comprises a tool and app integrity verdict in order that they’ll guarantee their streams are operating in a secure and trusted atmosphere, no matter which app retailer the embedding app was put in from. These verdicts are easy, low entropy metadata in regards to the app and machine and don’t include any person or machine identifiers. Not like apps and video games utilizing Play Integrity API, media suppliers won’t receive the app’s Play licensing standing and apps will even have the ability to exclude their bundle identify from the decision in the event that they select. Our objective for the API is to assist maintain a thriving and numerous ecosystem of media content material in Android apps, and we’re inviting media content material suppliers to express interest in becoming a member of an early entry program early subsequent yr.