Member Login
menu

Piggybacking Without Approval, Non-Google Browsers Cannot Use Private Chrome APIs

Chrome error

Because Chromium is a free and open-source software project sponsored by Google, things should at least work according to Google.

Google Chrome is also powered by Chromium. Despite that there are many other browsers that compete with Chrome are powered by Chromium, Google Chrome is still having an advantage.

And Google is trying to keep things that way.

This time during "a recent audit," Google said that it caught other Chromium-based browsers piggybacking on its infrastructure and abusing the Chrome Sync service to store their users' data, bookmarks, and browsing history on Google's servers.

All that without asking for its approval.

To prevent future abuse, starting March 15, 2021, Google said that it plans to limit the access to some private Chrome APIs (features) that it includes inside Chromium, so they cannot be used by any other browsers developed using the Chromium codebase.

What this means, Google is shutting off non-Google browsers access to not only Chrome Sync, but also to features like Chrome Spelling API, Contacts API, Chrome Translate Element and more.

Companies that build their browsers using the Chromium code are urged to remove some private Chrome APIs and build their own similar systems.

That so they can have more control over their products.

However, Google realized that "some third-party Chromium based browsers" have added their own API keys to these Chrome specific features, and integrated them inside their browser products. As a result, the companies were abusing Google's servers to store their users' data.

In a developers' perspective, this is an advantage, considering that Google's servers are reliable and fast. This allowed them to also effectively cut down the development costs.

But for Google, the tech giant is getting nothing in return.

With Google finally realizing what has been happening behind its back, Google is giving those companies two months to remove the Chrome-specific APIs and features from their browsers, before Google cuts off their access permanently.

The Chromium Project, home page

In a blog post, Google said that:

"During a recent audit, we discovered that some third-party Chromium based browsers were able to integrate Google features, such as Chrome sync and Click to Call, that are only intended for Google’s use. This meant that a small fraction of users could sign into their Google Account and store their personal Chrome sync data, such as bookmarks, not just with Google Chrome, but also with some third-party Chromium based browsers. We are limiting access to our private Chrome APIs starting on March 15, 2021."

After that said date, all Chromium-based browsers beside Chrome will have their access restricted.

No user data will be lost, since data is stored in the cloud.

But with Google restricting the access to its Chrome APIs and features, the data may not longer synchronize with Chromium-based browsers beside Chrome.

Google plans to restrict their access by making a change in Chrome's code, in order to block non-Google browsers from generating the required tokens.

Published: 
18/01/2021