https://www.theregister.co.uk/2017/10/24/browsers_api_security_paper/ Also from same article: https://www.theregister.co.uk/2017/02/05/chrome_56_quietly_added_bluetooth_snitch_api/ And it's usefull to connect your browser to heart-rate monitor with few lines of JavaScript becauuuuse....? Sometimes it feels like web developers are living in somekind of la-la-land....
It's probably so you can watch yourself die on your phone... and click share with FaceBook of course. Oh and dont forget the selfie lol
@Stefan Froberg Hey Stefan did you ever try that AIDE IDE? I still never managed to get that NDK to install. I asked about it on a few forums but no one seems to know anything much about it.
Stefan, I think it's not mentioned in that article that one of the authors of that research paper offers the add-on WebAPI Manager (also available for Chrome) which tries to control access to those APIs. The github site is here. I've been using it for a while - not bad.
Yeah give it a try it's really kinda neat, especially as you don't need an emulator. I'll never understand why Google created Android Studio and it doesn't even run on the Android OS !! That just seems crazy to me. Anyway yeah AIDE has some paid components to it but that is mostly just for lessons.
Nice extension I tried with chromium and it worked as promised (had to disable incognition mode temporarily first before I could install the extension ) And after enabling logging from Advanced options I could see the actual stuff blocked: However, Firefox 52 did not play nicely with the extension. It does not show any blocked features Do I need the latest firefox version ?
Found also this older article of the same subject: "Pointless features add to browser bloat and insecurity 83 per cent of browser features are used by under one per cent of top websites" https://www.theregister.co.uk/2016/05/24/pointless_features_add_to_browser_bloat_and_insecurity/
Oh my god...I just realized... Because what that extension does is basically just block various JavaScript properties so that sites can't read them then I could do the same with my own CyberDragon 2 browser too ....
It actually works with even 41 APIs blocked There is a rule for Youtube in the add-on's wiki which you can import but it produced an error for me. The rule that works for me is: Code: [{"p":"*.youtube.com","s":[2,3,4,6,7,18,25,26,29,31,32,33,35,36,38,38,39,44,46,48,50,51,52,55,55,58,60,62,63,67,68,69,72,73,74,75,76,77,78,79,80],"f":[]}]
