Get the latest tech news

Apple: Using alternative browser engines in the European Union

OS 17.4 and later, include capabilities that let iOS apps use alternative browser engines — browser engines other than WebKit — for dedicated browser apps and apps providing in-app browsing experiences in the EU. To use an alternative browser engine in your app, you’ll need to request the Web Browser Engine Entitlement (for browser apps that want to use alternative browser engines) or the Embedded Browser Engine Entitlement (for apps that provide in-app browsing experiences that want to use alternative browser engines).

However, as browser engines are constantly exposed to untrusted and potentially malicious content and have visibility of sensitive user data, they are one of the most common attack vectors for bad actors. Block cross-site cookies (i.e., third-party cookies) by default unless the user expressly opts to allow such cookies with informed consent, or as required for compatibility in the case of popup windows that interact with frames in their opening window; Partition any storage or state observable by websites per top level website, or block such storage or state from cross-site usage and observability; Not share device identifiers with websites without informed consent and user activation; Label network connections using the APIs provided to generate an App Privacy Report on iOS and/or iPadOS (i.e., wherever Your Alternative Web Browser Engine App (EU) is distributed); and Follow commonly adopted web standards on when to require informed user activation and/or user consent, as appropriate for Web APIs (e.g., clipboard or full screen access), including those that provide access to PII. Therefore, it is vital that you have the processes in place to allow you to respond when a vulnerability is discovered either internally through testing and security and privacy assurance efforts, within your software supply chain, or disclosed to you by another party.

Get the Android app