• After 15+ years, we've made a big change: Android Forums is now Early Bird Club. Learn more here.

The Only Newsworthy Thing From The WWDC

All GApps are proprietary right? That's why they're excluded from custom roms and installed separately... Because of exactly what you posted. (that they're not part of the AOSP repository) Seems like a lot of things are becoming proprietary... Like webview (there is still an AOSP/version but...)
WebView is now installed separately from the Play Store (Lollipop and beyond) because last year the press muckraked up (and repeated at the beginning of this year) that Android had a serious security hole that had always existed that only Android had and Google refused to address. Google replied that it had been fixed long ago, the press countered that Google wasn't updating all Android like Apple did and Google needed to become more like Apple.

How familiar does that sound?

Reality - it didn't always exist in Android, it wasn't an Android-only problem (Apple had it too), and that everyone potentially affected on Android actually suffered the problem was probably an exaggeration due to the fact that a number of browsers were already partially or completely insulated because they use their own private rendering engines - Chrome and Firefox being among them.

http://androidforums.com/threads/google-has-thrown-android-users-under-the-bus.895215/

Notwithstanding the truth, there are two probably greater truths -

Web-based attacks are the number one target for bad guys because the everyone does everything on the web and the potential payoffs for criminals can be quite high.

The geniuses in the press insisting that Google has to do things like Apple are fortunately not software engineers and if they were, they have no say in the Android architecture.

Google may be on its way to completely redacting WebView as part of the OS only, changed its api on the back end, and with Lollipop forward, Android users can get the most current WebView protection via a Play Store update, and not have to wait for an OS update to fix a component that ought not update slowly.
While the focus in the press is WebView it's important to note that one can kinda think of it as the Android way to get to the WebKit rendering engine. Multi platform support is complicated.

http://www.paulirish.com/2013/webkit-for-developers/

http://stackoverflow.com/questions/12528742/how-android-webview-uses-webkit

Especially given that we're running on a platform with a whole lot of Java going on.

http://www.wiseandroid.com/post/2010/09/24/Using-WebView-to-integrate-web-content-into-your-app.aspx

WebKit, as all long-term Linux users know, has its roots in an open source project, was forked by Apple into something private, then made open source and hosted by Apple, and despite the sanitized versions of what has gone in the press, the mail lists maintenance have been filled with hostility - Apple markets and sponsors open source when it suits them and strangles projects as necessary.

https://en.wikipedia.org/wiki/WebKit

So WebKit, of humble and noble beginnings, has probably spent most of its life as a political football.

On the one hand, standards are good and open source is great - and on the other, everyone has their own idea of the web and a browser ought to behave (hello Internet Explorer! :D), and a security-critical area ought not get sidetracked with politics.

I don't know what the answer is in this area, nor would I presume to guess.

But I will say that I think that having an independently updateable WebView is good idea for user security.
 
  • Like
Reactions: starkraving
Upvote 0

BEST TECH IN 2023

We've been tracking upcoming products and ranking the best tech since 2007. Thanks for trusting our opinion: we get rewarded through affiliate links that earn us a commission and we invite you to learn more about us.

Smartphones