In the last paragraph of a previous piece, I wrote that one of my hopes for iOS 15 was for Apple to allow competing browsers on iOS to use their native rendering engines instead of WebKit. That unfortunately did not turn out to be the case, as Apple still requires all browsers on iOS to use the WebKit rendering engine. As such, I begrudgingly use Safari, since there is no ability to add ad-blocking extensions in Chrome for iOS at this time.
Fast forward to this morning, when I read about a particularly nasty security vulnerability in Safari. While Apple’s engineers are apparently working on a fix, absolutely every single iOS 15 user is vulnerable at the moment. From the article:
In Safari 15 on macOS, and in all browsers on iOS and iPadOS 15, the IndexedDB API is violating the same-origin policy. Every time a website interacts with a database, a new (empty) database with the same name is created in all other active frames, tabs, and windows within the same browser session. Windows and tabs usually share the same session, unless you switch to a different profile, in Chrome for example, or open a private window. For clarity, we will refer to the newly created databases as “cross-origin-duplicated databases” for the remainder of the article.
On the Mac, a mitigating control is to switch to a non-WebKit based browser such as Chrome or Firefox. However, iOS users do not have this option, since Apple forces all browsers on iOS to use WebKit. iOS users can potentially turn off JavaScript, but that leads to a lot of “broken” sites. Just turn off JavaScript (Settings —> Safari —> Advanced —> toggle JavaScript off), and try to access cnn.com, for example. No news articles load.
I really wish that Apple would allow the “true” versions of competing browsers on iOS. Would it be that detrimental to their browser market share on iOS? I don’t think it would, since Safari will always be the default on initial install. But it would go a long way in giving users more choice. This is a really good read, if you’re so inclined. Because of Apple's decisions here, if there is an issue with WebKit, ALL browsers on iOS are affected. There is nothing that Google or Mozilla can do to fix their respective browsers. If Apple allowed Google and Mozilla to use their own rendering engines, users would be able to change browsers in the event of a WebKit issue, and/or if there were issues with Google's or Mozilla's browsers, they could be patched quickly via the App Store.
In a LOT of ways, Google gets this stuff right with Android. I will say that this situation really has me contemplating a move back to Android once my iPhone 11 and Apple Watch Series 3 are the end of their useful lives. Android offers the ability to “truly” use a different browser (not just set another version of a browser that uses Blink as the default), and browser updates are not coupled with the OS. Apple really needs to get with the times here.
© 2022 Steve Best. All Rights Reserved. #Apple