Google shuts off Chrome Sync API for third-party browsers on Android, citing a security vulnerability

If you aren't familiar, Chrome has two versions: the open-source Chromium project, and Google's proprietary Chrome builds with added functionality (like a built-in Flash player). Numerous browsers on Android are based on Chromium, including the popular Snapdragon-optimized CAF browser. Unfortunately, Google has now shut off access to the Chrome Sync API on Android for anything but Chrome itself, including vanilla builds of Chromium.
A bug report was filed on January 3 on the Chromium bug tracker, explaining that attempting to sign-in with Chromium builds on Android resulted in an 'INVALID_SCOPE' error. After many reported the same issue, the likely cause was found - a recent change to how scoped refresh tokens were handled. This meant that only official Chrome builds could request tokens, and it only affects Android (Chromium builds on the desktop continue to work normally).


The last comment on the bug report.
The report was closed yesterday by a Chrome developer, explaining that access to the Sync API was locked down "to address a security vulnerability." The developer went on to say that Chrome Sync was never officially supported for third party browsers, and that Google does not intend to create a whitelist solution where users/developers can request refresh tokens.

Comments

Popular posts from this blog

Linktree’s free workaround lets you add multiple links to your Instagram bio

EVERYTHING WE KNOW ABOUT THE PIXEL 4, THE MOST-LEAKED PHONE EVER

Stable Android 10 starts hitting the Galaxy Note10 and Note10+ (Update: Canada)