Our in-app browser for Fb on Android has traditionally relied on an Android System WebView primarily based on Chromium, the open supply undertaking that powers many browsers on Android and different working programs. On different cellular working programs, the System WebView part can’t be up to date with out updating your entire working system. On Android, this works in another way, permitting the System WebView part and the Chrome app to be up to date by way of Google Play as an alternative of with working system updates, which is preferable to make sure that customers are in a position to entry essential safety updates. Regardless of this, over the previous few years, we’ve noticed that many Android customers are updating their Fb app however not updating their Chrome and WebView apps, which can lead to safety dangers and a unfavourable person expertise.
For instance, folks with outdated variations of the Chrome and WebView apps could also be extra inclined to zero day exploits and different safety holes that may have been mounted in newer variations of Chromium. As well as, we additionally noticed that, because of the means Android masses the System WebView, when customers had been updating the System WebView app, they had been experiencing a Fb app crash.
To assist remedy these points – and following the precedent of browser distributors equivalent to Microsoft Edge, Samsung Web, and Mozilla Firefox who all ship customized browser engines on Android – we now have been constructing and testing a separate Chromium-Based mostly WebView for a couple of years. This can act instead for the System WebView for the in-app browser for Fb on Android. This WebView can replace in sync with Fb app updates, and performance as a drop-in substitute for the System WebView contained in the Fb app with out compromising or altering the person expertise in any means.
We have now been conducting early checks on this Chromium-Based mostly WebView, and we are going to start rolling out this model to extra Fb app customers which have suitable gadgets.
Extra safety, stability, and higher efficiency
As a result of we are actually in a position to bundle updates to our WebView alongside our app, we will be sure that people who find themselves utilizing our Chromium-Based mostly WebView obtain the newest Chromium safety patches, which instantly helps mitigate safety dangers. Moreover, our WebView runs in the identical method because the System WebView.
Holding according to greatest business practices, we carry out rebases of our WebView onto the newest variations of Chromium at common intervals. This helps us be sure that our WebView has the newest Chromium safety patches.
Android masses the System WebView code into an app’s reminiscence when the part is in use. As soon as the code is loaded, the app can use the WebView API to work together with the WebView part code within the app’s reminiscence. This has tangible person advantages because it signifies that one app’s use of the WebView part won’t affect or decelerate one other. It additionally has safety advantages as a result of, with this sort of isolation, apps are unable to see what individuals are doing within WebView elements in different apps.
When the WebView app will get up to date, Android wants to make sure that all cases of the WebView are stopped, in any other case an utility may need an outdated model of the WebView that’s incompatible with code that was downloaded throughout the System WebView app’s replace. With a view to remedy this subject, Android will trigger apps which have used the System WebView to crash when the System WebView is up to date. On Android there isn’t a approach to cleanly unload such elements from an app’s reminiscence, so which means that if an app used any WebView API at any level it will crash even when the person just isn’t at present a WebView, which creates a unfavourable person expertise.
Our WebView fixes this by permitting us to depend on Chromium that’s loaded from our app’s storage as an alternative of the System WebView app’s storage. Thus, Android not must load the System WebView code into the Fb app’s reminiscence, which signifies that Android not must crash the app so as to enable the System WebView to totally replace.
Our Webview additionally improves on rendering efficiency. Trendy browser engines have a part referred to as a compositor, which is the a part of a browser engine that’s used to determine show a web page. Usually on trendy browser engines the compositor runs in a separate GPU course of and is ready to run asynchronously from different components of the browser. Nonetheless, the System WebView compositor must account for the assorted methods Android permits apps to show it. Due to this, it must run synchronously with the Android widget structure, which signifies that it’s unable to run in a separate GPU course of.
As a result of we’re in a position to constrain how the WebView will get displayed inside our apps, we will allow the GPU course of for our WebView. This improves rendering efficiency and stability of internet pages and Immediate Video games.
Our open supply dedication
Not a developer? Key issues to know
- We’re making a backend replace to enhance the person expertise of loading internet content material in Fb’s in-app browser on Android gadgets.
- This alteration will enhance safety and efficiency and scale back app crashes when folks view web sites in our Fb app.
- Different firms like Mozilla, Microsoft and Samsung have already got customized browser engines on Android.
- This replace doesn’t affect folks’s present privateness selections on Meta companies.
Be taught extra about our in-app browsers in our Assist Middle.