Harmful content modifications by native apps

[muodov]

This issue was initially raised in #36

WebViews currently provide some powerful APIs that allow native apps access the web content unrestricted by web security boundaries. This unlocks powerful integration features, and even allows creating full featured browsers (#41). But it can also be used for malicious purposes of stealing user data or user tracking.

This issue has been brought up several times in different places: e.g. this article, iOS Privacy: Instagram and Facebook can track anything you do on any website in their in-app browser and follow-up post iOS Privacy: Announcing InAppBrowser.com - see what JavaScript commands get injected through an in-app browser by @KrauseFx, or #31 (comment) by @rayankans

The powerful introspection APIs are generally available in full-fledged WebViews, and browser-like WebViews like SFSafariViewController and Chrome Custom Tabs are better protected from such app interventions (by being more opaque).

[muodov]

One approach to this problem is setting relations between apps and web origins. If we can somehow define which origins (domains) the app should / shouldn't have access to, that may be enough. But there are edge cases to this model.

In any case, it seems that platform privacy policies and manual app store reviews will play an important part. But we can think of technical tools to assist those reviews.

We could learn some lessons from WebExtensions - they solve similar issues with malicious browser extensions.