Google Chrome is giving users more and more reasons to use an alternative browser. Chrome’s recent update with Manifest V3 earlier this year broke most ad blockers. But that’s not all – now an API named “getInstalledRelatedApps” has raised further concerns after Google indicated that it planned to support it in a future version of Chrome.
Github describes the API as one which “allows web apps to detect if related native apps are installed on the current device.” It’s not without user benefits – for example it would eliminate redundant notifications that can result from having both the native and web version of an app. But even Ryan Kanso, an engineer at Google has related that the API is primarily intended not for the benefit of users – but publishers.
Although this isn’t an API that would directly benefit users, it indirectly benefits them through improved web experiences. We received very positive OT [off-topic] feedback from partners using this API, and the alternative is them using hacks to figure whether their native app is installed.
Not everyone shares Kanso’s positivity about the API. Security Researcher Sean Wright told Forbes, “If done incorrectly, there’s a good chance of it being open to abuse–and with that come some pretty significant privacy and security related issues.”
What is the security risk?
So where is the major privacy concern? The API could possibly enable sites to view what apps a user has installed. And according to Wright, “Knowing which apps are installed can help attackers perform targeted phishing or to target apps with known vulnerabilities.”
According to Forbes:
This week, Google engineer Yoav Weiss expressed concerns, highlighting the API’s risks. He pointed out that “the collection of bits of answers” to “Is app X installed” could reveal enough about a user to uniquely identify them.
What to do
Thankfully, there are alternatives to Chrome for the concerned users among us. Firefox, for example, is a non-profit browser platform that doesn’t sacrifice user privacy and security to garner data for advertising. Another browser called Vivaldi won’t track your online activity. Oh, and don’t worry – these guys won’t break your ad blocker either. For more information, you can also read this complete list of alternatives to Chrome and their benefits.