Interest Group joined at Chrome was not available for Auction executed on WebView

[roistaboola]

Protected Audience API is available at both webView & chrome. that had been verified using https://developers.google.com/privacy-sandbox/relevance/protected-audience-api#detect_feature_support

However, with an Interest Group joined from Chrome browser, that IG was not available at the Protected Audience Auction triggered within WebView.

This is essential to resolve since our business has Ads displayed on WebView where Auctions are required to run.

[MattMenke2]

I'm not an expert, but WebView typically uses the app's own storage for everything (separate disk cache, separate cookie store, etc) rather than using Chrome's. Even two different apps using WebView won't share any storage.

[MattMenke2]

Backing up a bit - is there some way in the current Android ecosystem you have access to information in Chrome from an Android WebView, or vice versa?

[roistaboola]

privacy sandbox Attribution API has chrome handing the trigger endpoint to android so it can associate the source & trigger. reference: https://developer.android.com/design-for-safety/privacy-sandbox/attribution-app-to-web

Similarly, please hand the Interest Groups created on chrome to the Android OS, making them available for the WebView Auction.

[michaelkleber]

Similarly, please hand the Interest Groups created on chrome to the Android OS, making them available for the WebView Auction.

Unfortunately this is not possible. Android WebViews don't have any way to isolate their information from the surrounding app. Without some new protection, letting a WebView run a Protected Audience auction would be tantamount to telling any app about all of your Interest Groups, violating the fundamental privacy goal of the API.

[omriariav]

@michaelkleber, eventually, the Privacy Sandbox vision will allow cross-platform functionality in a privacy-first approach. What are the plans for having Chrome IGs available in the Android Privacy Sandbox and vice versa? Running ads in webview is a common practice. Can we ask for a new webview feature that can securely contain those IGs, maybe via the new Android SDK runtime approach?

We can already register a source in ARA via a webview and have it available in the Chrome browser.

[michaelkleber]

We do want to support these use cases, once sufficient privacy infrastructure is available. We don't have any further announcement to make at this time.

[omriariav]

Thank you @michaelkleber We will be more than happy to collaborate with the Android/Chrome privacy sandbox on this matter.