Google shuts down Chrome Sync for third-party browsers on Android
If you are using a third-party web browser on your Android device and Google Sync, you may have noticed that syncing stopped working all of a sudden.
Quite a few browsers are based on Chromium, the open source part of Chrome. This is efficient for developers, as they don't have to concentrate on core features such as getting page rendering right or ensuring support for new web technologies, but can concentrate on other areas to distinguish the browser from Chrome, Chromium, and third-party browsers based on Chromium.
Android Police reports that Google has shut down access to Chrome Sync for third-party web browsers on Android. The change affects even Chromium itself, which Google sees as a third-party browser when it comes to Chrome's sync functionality.
Developers filed a bug on January 3, and a Google developer gave the following response on January 24:
We locked down access to chromesync scoped refresh tokens to address a security vulnerability. When we did so, we knew that this may break some 3P browsers which made use of chromesync scoped refresh tokens to leverage Chrome Sync for their users.
Chrome Sync has never officially been supported for 3P browsers. We do not intend to create a solution by which 3P browsers can whitelist themsleves or their users so that they can get chromesync scoped refresh tokens. Note that Chromium for Android is technically considered a 3P browser.
Marking as WontFix, accordingly.
The Google developer mentioned that access was locked down due to a security vulnerability, and that access to the Sync API was never supported officially.
Chrome Sync may still work on some devices, as refresh tokens may still be available. This will change eventually, and new users and those that set up a browser anew will notice that sync is no longer working
You can verify the state of Chrome Sync on your Android device by loading chrome://sync-internals in the mobile browser's address bar.
Check the credentials listing to see if a token has been received, and the server connection under local state. While you may still see a token -- if it was received before Google made the change -- new users will see n/a under received token and an auth error under server connection.
There is nothing that you can do about it. Google stated already that it won't enable sync access for third-party Android clients again, and that there won't be a whitelist as well. Clients may add their own sync functionality, or if available, third-party sync to their browsers.
Mercury Browser (chromium) +Mercury Extensions = sync without any problems.
I disabled Chrome sync on Google’s servers, for good reason. I have it on a tablet, smartphone, and several computers. It sure didn’t like something about my devices. When looking into why Chrome was so slow a couple of years ago, I discovered over 13,000 new tab bookmarks, and multiples of many others. it turns out that sync was buggy. Okay, fine. What a hassle deleting these things. I’ll never use Chrome sync again. It’s easier to make an HTML backup to setup bookmarks on a new device.
Scroogle. Use Firefox.
Firefox on Android is a mixed bag in terms of performance though. While it is nice that Firefox allows for the use of add-ons on the mobile side, the performance in comparison to Chromium-based browsers on Android can be quite noticeable. I have found that Brave is a nice middle-ground between Chrome and Firefox on Android. Offers the security of Firefox (HTTPS Everywhere, fingerprinting, ad block, tracking protection) with the performance of Chrome. While I recommend Firefox on the desktop side to lots of folks, on the mobile side I find the browser to be lacking.
Firefox’s Quantum project is going to turn tables completely next year with webRender, check out the demo.
But right now, at least with uBlock Origin on Firefox for Android, I have no performance issue whatsoever. My smartphone cost $50, using Android 5.1, screen is 5.5″ with HD 720p. So a lot of screen real estate and pixel density around 300ppi which means app performance matters, yet I experience no slowdown, instability or smoothness issue with Firefox for Android. I can use Facebook/Youtube/big apps just like on desktop, even with >10 tabs.
Your mileage may vary, I think if you have at least 768Mb RAM Firefox for Android should be good; at least with uBlock Origin. Below, I don’t know, since I didn’t try and since adblockers increase RAM consumption.
So I believe Firefox for Android is underestimated quite a bit.
Use Firefox.
See. That’s why local sync is better; also privacy. I wish browsers would let us do that.
It’s possible with Firefox but it’s a hell to setup the local server, not worth it unless you’re a company or something.
Sounds like a mission for Super Mozilla! Host everyone on Firefox sync ?
Or all Chromium browsers could group together to have one single sync for them.
Not buying it unless they show the link to the bug about the “vulnerability”. Some guy with proper access rights to security bugs can then confirm it’s real and serious enough to warrant such a heavy-handed approach. Hint: It’s unlikely that anything can be serious enough that they don’t even try to discuss of an alternative for Chromium-based browsers.
I’ve seen this often in the past and probability wise it is a lot more likely to be a political decision wrapped in a nice pretext in order to better get away with it. So given past experiences, I will default to considering this to be the anticompetitive behaviour of a monopoly until proven otherwise.
Anti competitive in what way? Monopoly in what way?
Google block 3P browsers to USE Google product (sync) freely. Google didn’t block 3P browsers to provide their own sync services. When 3P provide it and Google destroy it, then you may call that anti competitive.
You’re diverging on another issue. Getting into ethics is expanding the topic, which is monopoly and anticompetitive behaviour. You are arguing that it is fine that they behave this way, not that they don’t behave this way.
“Google is a private, for profit organization, like Microsoft, Apple, and so on. […] People will call them evil, dishonest, whatever, but its their game and they will play it however they want.”
If you want to get into ethics, this mentality is part of the problem. Companies follow a moral code and this moral code is the product of what is deemed acceptable in a society’s culture. If you happen to consider that the state of nature where anything goes is acceptable, that’s what you’ll get. But as I said, that’s expanding the topic beyond what’s necessary. Monopolies and governments without efficient checks do whatever they want because they have the leeway to do so and get away with it. That’s how it is but that doesn’t mean society as a whole must embrace this as a fact and move along, when it itself can be a counter power precisely if it does *not* embrace this as a fact. Even the most carefree of assholes don’t allow themselves to do some things, even if they could, when what they would do is heavily frowned upon and leads to people avoiding them.
So, just because a company’s behaviour stays right under the radar of the law (worth noting that Google is not under the radar any more, it is risking billions in the future due to anticompetitive practises), doesn’t mean its behaviour shouldn’t affect ours. Such as: Providing bad critics, not buying or using their products whenever possible (something that can be hard to achieve with almost-monopolies), etc. Same in politics.
Exactly. It’s their product. They can do whatever the hell they want with it. They are under no obligation to enable third parties to use their services.
Google is a private, for profit organization, like Microsoft, Apple, and so on. They dictate their policies much like the aforementioned companies. If they chose to close sync for third parties, it’s their prerogative. They don’t own anything to anyone that freely relied on their services, even if they benefited from third parties that relied on their services. People will call them evil, dishonest, whatever, but its their game and they will play it however they want. Google is actually quite a honest company in that they’re in it for the profit.
And on top of it all, they lie about the real reason. A security issue is most probably an excuse, because even if it is real and significant, Chromium or the protocol can be fixed to end it without suddenly removing the carpet from under all of the Chromium ecosystem’s base. The cost would be meaningless to Google so it’s not about money, it’s about the fact that they don’t give a shit, and they don’t give a shit because they reached a market position that allows them to.
– Chromium is the source code of Chrome, a project that is founded and owned by Google. Google works on most of the source code of Chrome with Chromium’s community, and offers its own branded compilation as Chrome (which is synchronized with Chromium releases).
– Google explicitly engaged people to use the Chromium source code. That gave them a strategic advantage in the browser landscape and likely contributed to making them dominant, as success came from leveraging Google’s power to push Chrome to people and Chromium to developers. It was a good thing for people wanting to create browsers and a good thing for Google. Chrome could only grow the more there was Chromium-based browsers, and it was guaranteed to be the first of them by far. Having tight control over the web browser market is a very juicy advantage for the mother company Google.
– Google included the sync client inside the Chromium base, spreading it to all Chromium-based browsers. It lasted for a long time. There’s documentation all around that tends to show this was not just Chromium-based browsers sneaking in, but was a welcome part of the Chromium ecosystem that made it more attractive. Again, it benefited Google because that meant more users and more developers were relying on Google’s ecosystem. Sync (with Drive) are big reasons people don’t leave Google products even when they grow dissatisfied.
– Google Chrome grows to about 60% market share. (Heavy growth this year thanks to IE’s demise)
– They unilaterally decide to switch policy, without discussion or any wish to provide an alternate “secure” way to keep accessing to Sync. Why is that, if not because they consider they don’t benefit from it any more, or not enough to bother with maintenance ? And why don’t they benefit from it any more, if not because they reached such a dominant position ? When you get big enough, at some point you don’t benefit from ties with other groups, and it makes logical sense (if not ethical sense) to cut them off.
– This puts Chromium-based browsers in a difficult position where the part of their user base that relies on Google Sync may actually move to Chrome, weakening them.
– If Google Chrome was not big enough that it doesn’t need its Chromium ecosystem any more, it would treat the situation with more care. That’s monopolistic.
– They are suddenly cutting off a bunch of browsers from one of their core features without significant delay. That’s anticompetitive.
Google is such a crappy company. “Won’t fix”… nice.