If it's a webview based browser, I think it shouldn't be added. Sorry, that's just the price they pay for using a webview as a shortcut to providing a full browser.
> It seems to me that allowing even a single webview-based browser would go against what Google is trying to do.
I agree. Other than it being weird to ask/need the system to use a different browser than you are using, and possibly a different browser than what you've set as default if you've set it to one Google doesn't trust for auth, nothing prevents any webview browser from acting like any other webview, and outsourcing to Chrome or Firefox for the authentication to get a good token, as long as you can use a token for full Google account login (which I don't know if you can).
>If it's a webview based browser, I think it shouldn't be added. Sorry, that's just the price they pay for using a webview as a shortcut to providing a full browser.
Okay. So using a browser library for building a browser is a shortcut, and that disqualifies it from being a "full" browser. Of course one of the fundamental tenets of software is to not reuse other people's work. Silly me.
brb writing my own browser called Chremium and petitioning Google to allow it. Apart from that I'll also publish a library that uses the guts of Chremium, called the Chremium Ombodded Framework, which can be embedded in other applications.
Of course any application that uses the COF is indistinguishable from Chremium itself, but Google won't then distrust Chremium because it can't distinguish it from COF any more, right?
> Of course one of the fundamental tenets of software is to not reuse other people's work. Silly me.
Many properties of programs are composable. Security isn't one of them. Embedded browsers sniffing credentials is an observed threat to real users.
> Okay. So using a browser library for building a browser is a shortcut, and that disqualifies it from being a "full" browser.
Using an off-the-shelf library to provide core browser functionality disqualifies it from being on a list of browsers that do not use and off-the-shelf library to provide that functionality, yes.
I didn't say it wasn't a full, browser, so please to imply that I did, I said it was a shortcut to providing a full browser (which implies it is a full browser), and it is a shortcut compared to writing one from scratch.
Bottom line, if you write software utilizing libraries in a way that is extremely close or identical to a way that other software does and that method is being blacklisted for security, expect problems. It's the same for interpreted code and app stores. For security they don't want programs that can change how they function after review, so they often disallow interpreted code and downloading code to run, and in Apple's case, require their own webview library to view remote sites because of this. They don't even allow a set of other valid webview libraries, they just draw a line in the sand and say "ours only".
> Of course any application that uses the COF is indistinguishable from Chremium itself, but Google won't then distrust Chremium because it can't distinguish it from COF any more, right?
Probably. Seems like a bad business plan to follow in your snarky alternate reality. A better one might be to figure out how Google disambiguates Safari from the iOS webview, Chrome from the chromium webview, etc, and follow the same path. You might have had to trade some of the snarkiness in your example for reality, in that case.
> Using an off-the-shelf library to provide core browser functionality disqualifies it from being on a list of browsers that do not use and off-the-shelf library to provide that functionality, yes.
Epiphany uses Webkit-GTK. In a certain sense of the word, this is indeed an off-the-shelf library, but only in the same sense that Google Chrome uses off-the-shelf Blink. Epiphany a major contributor to Webkit-GTK, and one of its largest users.
Should Epiphany ban everyone else from using Webkit-GTK? I don't actually think they can, it's all open source after all.
> A better one might be to figure out how Google disambiguates Safari from the iOS webview, Chrome from the chromium webview, etc, and follow the same path.
Google is probably doing some kind of ridiculous obfuscated fingerprinting. I don't know that it's viable to work around something like that without cooperation from Google. It would be a constant cat-and-mouse game, with Google having the upper hand.
> Epiphany uses Webkit-GTK. In a certain sense of the word, this is indeed an off-the-shelf library, but only in the same sense that Google Chrome uses off-the-shelf Blink.
And yet nobody would accuse Google of this. The reason why is actually the same reason why that comparison doesn't make sense. Chrome and Blink are separate projects in name only, to allow for an easier separation of concerns so people can use Blink, but really they are part of the same thing.
> I don't know that it's viable to work around something like that without cooperation from Google. It would be a constant cat-and-mouse game, with Google having the upper hand.
I wasn't suggesting figuring out what they were doing so you could fool them, I was suggesting figuring out what they were doing so the same separations could be attempted and they could be petitioned for inclusion. Of course they're going to try to block a browser that tries to circumvent their detection of browsers to increase security, all anyone does by attempting to circumvent that is confirm they are the group Google are attempting to block, or at least aligned.
What this announcement really is is Google saying you need to use an authentication app to log in to their services, and that app happens to be Chrome, Safari, Edge or Firefox. People might already be using those and not notice, and other people might need to install those to authenticate. This doesn't even affect search. I'm having a hard time getting worked up about people not being able to use whatever random software they want to work as an authentication tool for Google's services. Don't use Google's services or just use one of those browsers to authenticate, problem solved.