The Register is reporting on a new feature in an upcoming version of Google Chrome that has privacy-conscious users worried. A recent API called getInstalledRelatedApps
may allow websites to determine what apps are installed on a user’s device.
At first glance, the API seems to have an admirable purpose. If users have both web and native applications installed, they could be bombarded by duplicate sets of notifications. If a website can determine that its native app is installed, it would then prioritize notifications for the native app. Unfortunately, the API doesn’t really seem to be aimed at improving the experience—not for the user at least.
In response to a question from Opera developer Daniel Bratell, expressing concern about how this API would help users, Google engineer Rayan Kanso wrote:
“Although this isn’t an API that would directly benefit users, it indirectly benefits them through improved web experiences,” Kanso wrote. “We received very positive OT [off-topic] feedback from partners using this API, and the alternative is them using hacks to figure whether their native app is installed.”
In other words, this API is more about making it easier for web and app developers’ marketing needs than it is truly making users’ lives easier.
The privacy implications are clear: If websites can determine what apps are installed on a person’s phone or tablet, it can provide a relatively complete picture, otherwise known as a fingerprint, about that person’s habits.
As The Register points out, Peter Snyder, a privacy researcher at browser maker Brave, voiced his own concerns:
“I don’t follow the claim about non-fingerprint-ability. If I’m a company with a large number of apps (e.g. google), with 16-32 apps registered in app stores, the subset of which apps any user has installed is likely to be a very strong semi-identifier, no, and so be extremely risky for the user / valuable for the fingerprinter, no?
“Apologies if I’m misunderstanding, but this seems like a very clear privacy risk.
Put differently, if this isn’t a privacy risk, whats the rational behind disallowing this in private browsing mode?”
With browsers like Firefox and Safari placing an emphasis on privacy and security, it’s a safe bet this is yet another move that will drive users away from Chrome.