And what Android developers will do next...
Google will stop developing an API to maintain the integrity of the web environment (Web Environment Integrity API), a project that has caused a lot of controversy among cybersecurity experts and fighters for the rights of Internet users. The initiative, introduced in May of this year, was conceived as a means of combating fraud. It provided a mechanism for authenticating web clients through cryptographic tokens.
The WEI API would allow servers to automatically authenticate devices and software. However, according to experts, the risk of abuse of this function is extremely high: it could significantly restrict the freedom of users on the Internet.
Cybersecurity experts point out that the technology is similar to "Digital Rights Management" (DRM) systems, which help administrators of web resources control access to their content. The WEI API can be used to block clients with certain browser settings, for example, with installed advertising filters or programs for downloading videos.
Google has two similar services with a narrower scope: the Play Integrity API for protecting apps on Google Play and Firebase App Check, which supports security in the Firebase ecosystem. Google-owned YouTube has recently been checking browsers for ad-blocking extensions. This is also a form of attestation, only here the verification concerns non-cryptographic tokens.
The company planned to develop a prototype of the WEI API in the framework of Chromium-the open source code that runs Chrome, as well as Edge, Brave, Vivaldi and a number of other browsers, with the exception of Firefox and Safari.
However, after the publication of technical details in July, the developers faced a wave of criticism. Negative reviews filled both discussions on professional platforms and social networks. Google was forced to restrict comments in the project repository, and soon public development was stopped.
We listened to your feedback, so the proposal to create a Web Environment Integrity API is no longer being considered by the Chrome team," the Android development team announced on November 2.
Instead, the company will focus on developing a media integrity API for Android WebView, which provides a similar authentication mechanism, but only for Android applications.
This API will be integrated exclusively into devices with Google Mobile Services (GMS). Google does not plan to roll it out to other systems.
Media providers who want to evaluate the capabilities of the new technology will be able to join the early access program. The launch is scheduled for next year.
Google will stop developing an API to maintain the integrity of the web environment (Web Environment Integrity API), a project that has caused a lot of controversy among cybersecurity experts and fighters for the rights of Internet users. The initiative, introduced in May of this year, was conceived as a means of combating fraud. It provided a mechanism for authenticating web clients through cryptographic tokens.
The WEI API would allow servers to automatically authenticate devices and software. However, according to experts, the risk of abuse of this function is extremely high: it could significantly restrict the freedom of users on the Internet.
Cybersecurity experts point out that the technology is similar to "Digital Rights Management" (DRM) systems, which help administrators of web resources control access to their content. The WEI API can be used to block clients with certain browser settings, for example, with installed advertising filters or programs for downloading videos.
Google has two similar services with a narrower scope: the Play Integrity API for protecting apps on Google Play and Firebase App Check, which supports security in the Firebase ecosystem. Google-owned YouTube has recently been checking browsers for ad-blocking extensions. This is also a form of attestation, only here the verification concerns non-cryptographic tokens.
The company planned to develop a prototype of the WEI API in the framework of Chromium-the open source code that runs Chrome, as well as Edge, Brave, Vivaldi and a number of other browsers, with the exception of Firefox and Safari.
However, after the publication of technical details in July, the developers faced a wave of criticism. Negative reviews filled both discussions on professional platforms and social networks. Google was forced to restrict comments in the project repository, and soon public development was stopped.
We listened to your feedback, so the proposal to create a Web Environment Integrity API is no longer being considered by the Chrome team," the Android development team announced on November 2.
Instead, the company will focus on developing a media integrity API for Android WebView, which provides a similar authentication mechanism, but only for Android applications.
This API will be integrated exclusively into devices with Google Mobile Services (GMS). Google does not plan to roll it out to other systems.
Media providers who want to evaluate the capabilities of the new technology will be able to join the early access program. The launch is scheduled for next year.
