For the best experience on desktop, install the Chrome extension to track your reading on news.ycombinator.com
Hacker Newsnew | past | comments | ask | show | jobs | submit | history | wtaf-people's commentsregister

Upon further thought, without arguing what the words mean, it would make sense that PayPal would be using a browser since the entire UI is basically the mobile site


"this is literally saying “if an app has/is a browser then it can record what sites you go to"”

Except it literally doesn’t say that literally

Think about the fact that if you are wrong, it would say exactly what it says, and (as seen in this thread) everyone will assume it means webview


Ok, I need to be clear here: this is absolutely not saying an app can access the browsing history in safari, nor can it access the browsing history of any app.

It can very obviously record your browsing history in that app. If it sends that data to its home servers, then the app would have to declare that it collected "browsing history".

"Information about the content you have viewed that is not part of the app, such as websites."

that is it can record things other than you interacting with buttons in the app, or what type of music you're listening to, etc. Browsing history gets called at explicitly here because people using non-chrome browsers expect browsing history to be private.


You solved the puzzle I think. The wording was designed specifically for browser apps. They didn’t anticipate non-browsing apps to be using webview. Also I was exaggerating when I said hundreds of apps. Seeing it on PayPal is what threw me off


That was my original assumption but how can you be so sure? I think you’re being too hopeful here.

Also calling webview “outside the app” is a bit of a stretch


Not a stretch at all, it is perfectly reasonable to consider an app and an website embedded by the app as two completely different things. First there is no guarantee the WebView will open to a website owned/operated by the same entity that owns/operates the app, so it is definitely "outside the app". From the user's privacy perspective, you also want to communicate that just because the website might be branded "Facebook" and be run by Facebook and maybe you trust FB with your messages, but if it's an embedded browser opened via a WebView then the app can technically snoop on the private message you are typing into the WebView


I think you’re right but they really need to update the description for this


It doesn’t say “outside of the app”. It says “information about the content you have viewed, which is not part of the app, such as websites”, which is completely different.

This category exists for apps that embed a webview.

Safari is sandboxed. There is no way to get to its data like history.


I suppose “not part of the app” could mean webview, but I doubt it. It seems pretty clear here. You’d think they would have a strong interest in specifying otherwise, if this isn’t the case.

Also has anyone ever had the OS ask for permission on this?


There is no permission or api to ask for this. It is not possible.


Consider applying for YC's Summer 2026 batch! Applications are open till May 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search:

HN For You