Open pdg137 opened 2 years ago
Seems like an upstream issue as its repro'd on Chrome as well.
cc: @samartnik
This is still an issue on Brave 1.39.115, Chromium 102.0.5005.78, Android 12. Surely we don't want links to open arbitrary apps without permission!
Description
Brave supports "intents", an obscure* feature of Android that can automatically launch arbitrary apps. The issue is that this is done without the user's explicit permission, and there is no way to limit or disable the feature. Even though this is a standard feature of Android, and Chrome has marked their corresponding issue WontFix, this is a security and privacy risk, and it subverts the user's intentions. There's not even any way to figure out what feature of Brave caused the app to launch, and it's easy to confuse with other features like App Links and Instant Apps. (Actually I'm not even sure if these are different.) Brave should provide more control over intents.
* It's hard to find even an example intent URL anywhere, and the
intent:
URI scheme is not listed among the hundreds registered with the IANA.Steps to reproduce
intent://TeVbYCIFVa8/#Intent;scheme=vnd.youtube;package=com.google.android.youtube;end;
, but GitHub does not support the intent URL scheme.)Actual result
The YouTube app launches automatically and starts playing a video.
Problems with this result:
Expected result
A prompt should appear asking something like "A website wants to open the app: YouTube. Proceed?"
Issue reproduces how often
One very common place this occurs is in Google search results for YouTube videos. In another instance, Facebook.com seems to use intents to redirect users to Facebook Messenger.
Version/Channel Information:
Device details
Brave version
Brave 1.34.80, Chromium 97.0.4692.71
Website problems only
No
No
Yes
Additional information
I originally filed this as #13310 but didn't understand what feature of Brave was triggering the problem, and the issue was closed.