iOS alternate browser privacy rules prohibit credential syncing #10
Description
Description
Apple's privacy requirements for alternate browser engines in the EU state that a browser using an alternative browser engine must:
Not sync cookies and state between the browser and any other apps, even other apps of the developer;
Without such state-syncing functionality it is impossible to implement a primary feature of nearly all modern browsers: a password manager. For example, a Chrome user must be able to share their passwords between Chrome running on their Windows laptop and Chrome running on their iPhone. Without this feature, users may resort to writing passwords down in insecure locations, or more likely just using another browser which does state sharing.
Outcome
To make a competitive web browser possible at all, browsers must be allowed to sync state to instances of that browser running on other devices. Credentials are the most obvious example, but it's also critical for browsers to be able to sync other state like bookmarks, history, payment instruments, saved addresses, open tabs, etc. It may be reasonable for Apple to require browsers to get explicit user consent to enable such syncing, and to be transparent in what information is being sync'd.