back to article If you want an example of how user concerns do not drive software development, check out this Google-backed API

A nascent web API called getInstalledRelatedApps offers a glimpse of why online privacy remains such an uncertain proposition. In development since 2015, Google has been experimenting with the API since the release of Chrome 59 in 2017. As its name suggests, it is designed to let web apps and sites determine whether a …

  1. NetBlackOps Bronze badge

    Hey another reason, despite how hard it is on my tablets, Chrome is forcibly removed. How many ways can I fingerprint (montize) you? Let me count the ways!

    1. big_D Silver badge

      My first thought, on the first line of the story was - wohoo, yet another way to fingerprint users...

      When the first thing that somebody can see, when looking at the name of an API call is "oh, it is for fingerprinting", you know that you are onto a loser.

  2. Mephistro Silver badge
    Flame

    No Chrome,...

    ... no problem!

    1. yoganmahew

      Re: No Chrome,...

      Well, do note that Chromium have committed to enabling the feature...

    2. Claverhouse Silver badge

      Re: No Chrome,...

      Renouncing Chrome may be good, but there's an incredible dearth of desktop browsers.

      After 3 decades or so, when there should be dozens, if not hundreds, competition has whittled them down to 4 Majors, including Chrome and Firefox, and a handful of others based on Chrome or Firefox.

      .

      If the Majors just get less usable, actually declining; the other each have different faults and look as fugly as the Majors, all exactly indistinguishable in a repulsively 'CLEAN', minimalist, Fat Slab display.

      1. katrinab Silver badge
        Unhappy

        Re: No Chrome,...

        There's basically two now

        The Konqueror/Web Kit (Safari)/Chromium family

        The Geko family (Firefox)

        Microsoft is moving to Chromium. Opera already has.

      2. overunder Silver badge

        Re: No Chrome,...

        "... when there should be dozens, if not hundreds,"

        Can't agree with that. Is there hundreds or even dozens of any program?

        I can back your point another way by saying with so few, why do they care so little for doing the right thing (Google).

        1. JohnFen Silver badge

          Re: No Chrome,...

          "Is there hundreds or even dozens of any program?"

          For most types of programs, there are indeed dozens.

        2. Ian Johnston Silver badge

          Re: No Chrome,...

          Can't agree with that. Is there hundreds or even dozens of any program?

          Yeah - Linux distributions. And just look at how that's working out, for things with screens, anyway.

          Having hundreds of different browsers would mean there were hundreds of different usage patterns for browsers and that users would be able to determine which theirs was.

          1. katrinab Silver badge

            Re: No Chrome,...

            But how many kernels for example? Linux, Windows, a handful of BSDs and other Unices. Certainly not hundreds.

        3. Lomax
          Alert

          Re: No Chrome,...

          > Is there hundreds or even dozens of any program?

          Capitalism, as currently practiced, inevitably leads to monopolies. It is a natural instinct for all corporations to grow until they have consumed everything, much like a cancerous cell. Ultimately this never ends well for the host - which in this case is human society itself. There is legislation in place to counteract this, but it is rarely applied. Google urgently needs to be broken up, by separating its advertising side from the software side. The same can be said of many of the other giants of the Internet age, whose influence by far exceed their benefit.

      3. myhandler

        Re: No Chrome,...

        Sadly this is how things work on the www - one player comes to the top and everything else falls by the wayside. The web accelerates the creation of monopolies.

        Being able to operate with impunity across borders means the majors can evade much legislation.

        Without state interevention we, the public, are stuffed, done up like a kipper and hung out to dry.

    3. vtcodger Silver badge

      Re: No Chrome,...

      Sadly, the way things are headed, No Chrome isn't likely going to be an option for much longer -- at least if you want to do anything useful. The problem is that Google/Alphabet is a business that is selling merchandise to customers. The customers? Advertisers. The merchandise? That'd be you and I.

      Google is building/trying to build a perfect advertising platform. It'll be shiny, and elaborate, and it'll allow advertisers to control all aspects of layout and presentation. And it'll allow secure payments. Unfortunately, advertisers are mostly nutcases. Their perfect tool will be wildly insecure in all other respects, because the advertisers don't care about your security or mine. Why should they?

      But what about Firefox et. al? They'll still exist most likely. But they'll implement (most) all the Google APIs. They'll have to if people wish to do do banking or buy stuff.

      What are we users to do? Two obvious options. Regulation and/or build a parallel world wide network that focuses on user needs rather than advertiser needs. My guess, neither will be done until the situation becomes truly dire.

      1. JohnFen Silver badge

        Re: No Chrome,...

        "What are we users to do?"

        I'm already resigned to the fact that it's likely that the web will become unacceptable for me to use at all in the next several years.

        1. Anonymous Coward
          Anonymous Coward

          Re: the woeful way of the web :(

          "I'm already resigned to the fact that it's likely that the web will become unacceptable for me to use at all in the next several years."

          Well, it's been clear for a while now that the Web (as such) has no future as far as the global corporates are concerned. Proprietary apps with proprietary implementations and proprietary data formats and proprietary data interchange, that's what it's all about in the foreseeable future. Tim Berners Lee must be spinning in his cyclotron.

          So long as the app vendors cartel/oligopoly can make money for the app vendors. who carers whether "information wants to be free". (Well, TBL and a few others might, but Big Money outvotes them).

          https://webfoundation.org/2019/03/web-birthday-30/

  3. Anonymous Coward
    Anonymous Coward

    Why?

    it is designed to let web apps and sites determine whether a corresponding native app is installed on a user's device.

    The purpose of the API ... to distinguish between the ...two sets of notifications

    If users are using the app, then they are very unlikely to opening the webpage version at the same time. And even when they do, the webpages often point them to their app. In additional to the privacy issue and the fact it only works on android, this feature is pretty pointless right from the start.

    1. Halfmad Silver badge

      Re: Why?

      Sometimes I open up reddit links in browser rather than on an app, I do this on purpose (cos the app doesn't display it correctly etc) and will get a prompt about opening it in the app anyway.

      Thing is it's my choice to open it in browser, all they are doing here potentially is reducing that choice and tbh, I'd be more likely to uninstall the app than stop using browser occassionally.

      1. jospanner Bronze badge

        Re: Why?

        Oh I adore Reddit's user-hostile web interface on mobile.

  4. Fred Daggy

    Wrong, dead wrong. The software is for the users. The users are the advertisers. For them IT'S PERFECT!

    Vacuum up ever last detail of demographic information, each eyeball gaze, letter typed, click and scroll. Aggregate and SELL, SELL, SELL!

    The customers of Google/Alphabet are the advertisers. You are their product. Don't think a single piece of Google's ecosystem is built for your benefit.

    1. ElectricPics

      I thought everyone who was in the know, knew that harvesting our data to provide targeted advertising at a price was everything Google was about? In return we get a fantastic search engine that feeds the harvester, Maps that are great but record our every move, email that scans our words, calendars that track our days. All free. Not.

  5. iron Silver badge

    > users will have web apps and natives apps from the same source installed on the same device

    No. I do not have any "web apps" installed on my devices nor will I have any in future. Their usability is crap, their performance is crap and if they are being promoted by Google they must enable stalking. There is no need for this api, hopefully Mozilla will give it a pass.

    1. jonha

      > There is no need for this api, hopefully Mozilla will give it a pass.

      Perhaps it's wiser to implement the API but to deliver a random and ever changing collection of apps, some really existing (not on the user's machine, just some of those available in general) and some invented.

      1. Anonymous Coward
        Anonymous Coward

        "implement the API but to deliver a random and ever changing collection of [responses], some really existing (not [relevant to the user or] the user's machine, just some of those available in general) and some invented."

        Prior art also based on faking responses: e.g. trackmenot, from back in the days when a browser was something important and useful.

        https://trackmenot.io/

    2. JohnFen Silver badge

      "I do not have any "web apps" installed on my devices nor will I have any in future"

      Yes, I'm in this camp. Web apps are inferior and present far more difficult security problems.

      1. Terry 6 Silver badge

        Also web apps ( and Microsoft "store" crap) are usually cut down, inferior, producer controlled pieces of deviousness.

  6. Pascal Monett Silver badge

    "We received very positive [..] feedback from partners"

    And who are those partners exactly ? Users ? I don't think so.

    Google's partners are companies that advertise. If they are happy about this, then I'm not.

    1. bombastic bob Silver badge
      Unhappy

      Re: "We received very positive [..] feedback from partners"

      from the article:

      "this seems like a very clear privacy risk"

      that's kinda what I was thinking, too, while reading up to that point.

      obviously NOT the feedback Google was referring to

  7. Steve Graham

    Data-slurping is Facebook's core business, but by using a web browser with some useful extensions, I can use Facebook with the snooping at a level I'll accept.

    If you try to use Facebook Messenger with a mobile web browser, it refuses to open, and tells you to install the mobile app. (Changing the user agent string still makes it work though.) Facebook would just LOVE a means to get users off the browser and onto the mobile apps.

    (The Facebook and Messenger apps have less functionality than is provided by web access, as well as behaviour like hoovering up your contacts.)

    1. jospanner Bronze badge

      Do you use AdNauseum?

    2. Lomax
      Thumb Up

      > I can use Facebook with the snooping at a level I'll accept.

      You mean something like this?

      # nano /etc/dnsmasq.conf

      address=/facebook.com/127.0.0.1

      service dnsmasq restart

  8. hellwig

    Why would this be necessary?

    If a company wants to know if an app is installed, TRY to launch it. You know how many f*kn ads have launched the Google Play store (through ad-block-less Chrome) and hopped directly to their own app in the store? Android has a mechanism to associate an app with a specific URL type. And what happens if the app isn't installed? Maybe the device is instead re-directed to a website (in the original url) that either offers the same features, or provides a link to install the app. I'm fairly confident this can work, because when I click on such a link in an app, it asks if I want to open it in the designated app or one of my web browsers.

    That way, if someone wants to see which of their 30+ apps (companies WILL partner to trust each other to be able to build better fingerprints) I have installed, they're gonna have to launch each of them individually with 30 different hyperlinks I would have to click one by one.

    Nope, this doesn't benefit the consumer in any way, seeing as there are already mechanisms to do what Google et al. are claiming we need it for.

    1. JohnFen Silver badge

      Re: Why would this be necessary?

      "If a company wants to know if an app is installed, TRY to launch it."

      It is quite literally none of their goddamned business what apps I do or do not have installed.

    2. gnasher729 Silver badge

      Re: Why would this be necessary?

      On iOS, you can't launch any app (by using a URL that should launch it) unless you told Apple about it beforehand, explained to Apple why you need to launch the app, and Apple agreed with it. For example, my app needs to send e-mails in rare cases, and because we told Apple, we can launch the Mail app, fill out the e-mail, and the user can then read the email, change the address or contents, and press the "send" button. That's how it should work. If I want to check if some app is installed, no way.

  9. Claptrap314 Silver badge

    Baldface lying

    There is a trivial way for apps to be distinguished from web calls. The app can add a parameter (&app=true) to every call. Anyone who says otherwise either needs to repeat grade school or have their mouth washed out with soap.

    It's situations like this that REALLY tempt my dictatorial side.

  10. JohnFen Silver badge

    Just a reminder

    That's just a reminder that it's an excellent idea to avoid Google products.

  11. LDS Silver badge

    is not that Google doesn't care about privacy concerns

    Google is only concerned about the 'privacy' of data it collects - nobody else must be able to collect the same data , or access them, and monetize them. The example of a third party able to make money identifying apps for a fee is their worst nightmare.

    1. Terry 6 Silver badge

      Re: is not that Google doesn't care about privacy concerns

      They also benefit from the false virtue of protecting our privacy from everyone (except them selves of course).

  12. jospanner Bronze badge

    Let's all start using AdNauseum and screw up their advertising data/revenue.

    1. A.P. Veening Silver badge

      Using a Pi-Hole is easier.

      1. Michael H.F. Wilkinson Silver badge
        Thumb Up

        Interesting

        Had been using ad-blockers for a while now, might well install Pi-Hole or AdNauseam. I must say the idea of "reverse spamming" advertisers using AdNauseam is appealing, but Pi-Hole might be more generally useful in preserving bandwidth.

  13. Robert Grant Silver badge

    Logic 101

    If you want an example of how user concerns do not drive how software gets made, check out this Google-backed API

    I think you mean:

    If you want an example of when user concerns did not drive how software got made, check out this Google-backed API

    An example does not prove a generality.

  14. Version 1.0 Silver badge

    The web is like vapping

    It feels good but it's killing you slowly.

    1. John Brown (no body) Silver badge

      Re: The web is like vapping

      citation required.

      (I assume you meant vaping and not fapping)

      1. Anomalous Cowturd

        Re: The web is like vapping

        (I assume you meant vaping and not fapping)

        He might be German.

  15. ScrappyLaptop2

    ...in a future version if Chrome

    "notice of Google's intent to officially support the API in a future version of Chrome"

    Say, isn't Edge about to switch over to the Chrome engine next year?

  16. Stuart Halliday

    Add an extra field in the API, the domain of the asking site. The Developer previously had registers that domain with the play store.

    If the asking Web site isn't the registered domain, the request is denied.

    Problem solved.

    1. JohnFen Silver badge

      That doesn't solve the problem, though. (And, indeed, it looks like they're going to develop the call with this restriction in place anyway). It would still make it possible for a web site to determine if the corresponding app is installed. For me, that's very nearly as much of a problem as a site being able to determine if any arbitrary app is installed.

      My devices and browsers already disclose far more information than I'm comfortable with. This API takes an already terrible situation and makes it worse.

  17. Aussie Doc Bronze badge
    Holmes

    Well.

    "...Google isn't putting users first."

    You don't say.

POST COMMENT House rules

Not a member of The Register? Create a new account here.

  • Enter your comment

  • Add an icon

Anonymous cowards cannot choose their icon

Biting the hand that feeds IT © 1998–2020