Google shuts off Chrome Sync API access on Android, cites security vulnerability

Google has shut off Chrome Sync API for third-party browsers on Android

  1. Techook
  2. News
  3. Google shuts off Chrome Sync API access on Android, cites security vulnerability

Highlights

    • Google shuts off Chrome Sync API on Android.
    • The access to Sync API is locked to address security vulnerability.
    • Developers won’t get whitelist solutions.

After several users reported the Android Chromium bug, Google has decided to shut off access to the Chrome Sync API on Android. The report revealed by Corbin Davenport on Android Police mentions that a bug report was filed on January 3 on the Chromium bug tracker. The report explains that while making attempts to sign-in with Chromium builds on Android it results in an ‘INVALID_SCOPE’ error. Corbin adds a post in his report which says, “We locked down access to chromesync scope refresh tokens to address a security vulnerability. When we did so, we knew that this may break some 3P browsers which made use of chromesync scoped refresh tokens to leverage Chrome Sync for their users.

Furthermore, it claims, “Chrome Sync has never been officially supported for 3P browsers. We do not intent to create a solution by which 3P browsers can whitelist themselves or their users so that they can get chromesync scoped refresh tokens. Note that Chromium for Android is technically considered a 3P browser.’

android-police-photo

Google Chrome comprises of two versions- the open-source Chromium project, and Google’s proprietary Chrome builds with added functionality for eg., a built-in Flash player. Several browsers on Android are based on Chromium, including the Snapdragon-optimised CAF browsers. Corbin Davenport on Android Police cited a report mentioning the Chrome Sync API access is shut off on Android.

For those who are not familiar with Code Aurora Forum (CAF), it is maintained by Linux Foundation, where Qualcomm releases the reference sources for their various platforms. Qualcomm provides the base kernel source for most of the OEMs. The Android Open Source Project (AOSP) on the other hand works off a fork of CAF for each Android software iteration and introduces new features for all Android devices. Over time, CAF then introduces its own optimisation intended specifically for Snapdragon devices.