• kbal@fedia.io
    link
    fedilink
    arrow-up
    13
    ·
    edit-2
    1 year ago

    If you are Spotify or YouTube, you could already block modified devices at the app level before the embedded WebView even boots up, via the Play Integrity API.

    That’s a pretty serious misconception. Regardless of whatever they do with the Play Integrity API, YouTube cannot currently stop me from installing ReVanced or some other app from F-Droid on my LineageOS phone. The idea of this new API is to prevent anything not Google-approved from playing Youtube videos, in a cryptographically secure way.

    Nothing that isn’t Chrome will be allowed to use Youtube without implementing this API, nothing that isn’t Google-approved will be allowed to do so, and if it doesn’t make it into Chrome that just means they have other plans for dealing with the problem in Chrome.

    • kbal@fedia.io
      link
      fedilink
      arrow-up
      5
      ·
      edit-2
      1 year ago

      … and come to think of it, if this does make it into Chrome (and why wouldn’t it, really? WebView is just another brand name for Android Chrome) it’s going to be difficult to stop any random website using it to refuse service for things that have nothing to do with the intended use case of preventing “media playback” simply by adding some otherwise irrelevant embedded media to any web page and refusing to operate if it doesn’t load. Any site that wants to will be able to verify that you don’t have unauthorized browser extensions, just like the original “Web Environment Integrity.”

      They have simply taken “Web Environment Integrity”, changed its name to “Webview Media Integrity”, and launched a massive press campaign to fool half the world into thinking it’s not exactly the same damn thing.