Google Chrome's Web Environment Integrity feature has been cancelled

Technology@beehaw.org – 380 points – 11 months ago

Chrome not proceeding with Web Integrity API deemed by many to be DRM

While WEI is thankfully cancelled, it's not entirely cancelled... They're planning on making it available still in WebViews with the intention that websites can check if a malicious Android app is trying to do a phishing scheme.

Seems like such a niche "security" feature... what are they really trying to accomplish here? Something seems fishy to me

You are viewing a single comment

View all comments

@dean @rysiek For now... they'll bring it back with a new coat of paint and a new name within the next year.

@macleod @dean @rysiek they already started, they want to put it in android now: https://android-developers.googleblog.com/2023/11/increasing-trust-for-embedded-media.html?m=1

@4censord @dean @rysiek I can see where they could integrate and feature creep to what they really likely want, but in terms of webviews this would likely be beneficial for security.

They want to put it on the default webview in android, which doesn't seem like a huge deal to me. It would basically let apps that use webview for things like logging in beef up their security.

It's not like the entire concept of this API was bad, it's just that with Google's proposed implementation companies would abuse the fuck out of it to do bad things. Not having it in browsers pretty much eliminates that while still letting things like banking apps enjoy some of the benefits.