Jun 28, 2022 20:00:00

Apple points out that 'WebKit enforcement on browser developers' exacerbates security risks

Apple is the leading developer of

WebKit , the rendering engine for web browsers, and WebKit for iOS requires the adoption of WebKit. Although it has been pointed out that the situation where rendering engines other than WebKit cannot be used with browsers for iOS is ' depriving the future of web browsers ', Apple said, 'Required web browsers to adopt WebKit improves security. Because of that. ' A new open web promotion group, Open Web Advocacy , has made a claim on Twitter that 'Apple's WebKit enforcement is deteriorating security.'

Apple's claim is that it bans other browsers for security AND NOT because it's protecting its 70b of AppStore Revenue or 15b of Google Search Revenue in Safari.

The CMA says the ban not only doesn't protect security it could make it worse!

???? Lets dig in ... pic.twitter.com/LL9TZaVsQz

— Open Web Advocacy (@OpenWebAdvocacy) June 27, 2022

The situation where a rendering engine other than WebKit cannot be used with a browser for iOS has led to a decline in the functionality of the browser provided for iOS. For example, Firefox developed by Mozilla can add add-ons that extend the functions of the browser and use the cookie management function that enhances privacy performance in the Android version, but neither function is available in the iOS version. increase. Due to the problems mentioned above, Apple's stance of continuing to enforce WebKit has been accused of 'taking away the future of web browsers.'

Claims that 'Apple's WebKit enforcement on iOS deprives web browsers of the future'-GIGAZINE

Meanwhile, Apple has told the UK's Competition and Markets Authority (CMA) that 'WebKit offers a higher level of security than rendering engines such as Blink and Gecko .' Is to resolve security issues quickly. ' Open Web Advocacy argues against this Apple claim based on multiple data.

The pie chart below shows the number of web browser vulnerabilities reported between 2014 and 2021. Safari (65.5%) has the highest number of cases, and it can be seen that overwhelmingly many vulnerabilities have been reported compared to Firefox (26.2%) and Chrome (8.4%).

Below is a graph that lists the number of cases of the above vulnerability by year. Safari has been the most reportedly vulnerable in most years.

And the graph below shows the number of days it took each browser to publish a patch for the vulnerability. If you check the graph, you can see that Firefox (yellow) publishes the patch in 50 days at the latest, and Chrome (blue) also publishes the patch in 75 days at the latest. On the other hand, Apple (red) has released most patches 30 days after the vulnerability report, and it can be seen that there are cases where patches are not released even after 90 days. In addition, Safari updates are tied to OS updates and will not be patched until the user updates the OS. As a result, users may receive corrections even later than in the graph below.

Based on the graph above, Open Web Advocacy pointed out that 'the adoption of WebKit does not help improve security, but rather worsens it.' In addition, citing the analysis result that CMA showed that 'even if the web browser for iOS adopts a rendering engine other than WebKit, the security risk is unlikely to worsen', 'Apple is weakening the competitiveness of the browser by weakening the competitiveness of the browser. I'm getting financial benefits. '