Intent to Implement and Ship: User-Agent Client Hints on Android WebView

784 views
Skip to first unread message

Victor Tan

unread,
Aug 15, 2023, 3:30:17 PM8/15/23
to blink-dev, Mike Taylor

Contact emails

vict...@chromium.org, mike...@chromium.org


Explainer

https://github.com/WICG/client-hints-infrastructure#readme

https://github.com/WICG/ua-client-hints#explainer-reducing-user-agent-granularity


Specification

https://wicg.github.io/ua-client-hints/


Summary

User-agent client hints (a set of `Sec-CH-UA-*`) aim to deprecate and replace the User-Agent header to reduce the passive fingerprinting surface we expose via HTTP requests. As we previously rolled-out user-agent client hints on Windows, Mac, Linux, Chrome OS and Android, we intend to proceed with shipping user-agent client hints on Android WebView. For overridden user-agent strings, we only populate user-agent client hints if the overridden user-agent contains the default user-agent. In this case, we will only generate low-entropy user-agent client hints If users also override the user-agent string through command-line.


Blink component

Blink>Network>ClientHints


TAG review

https://github.com/w3ctag/design-reviews/issues/320 


TAG review status

Closed.


Risks


Interoperability and Compatibility

Introducing User-Agent client hints in itself won't affect any page since it's purely opt-in features. It helps us to improve the interoperability between Chrome and WebView. 


Here is our proposed rollout plan in Chrome Stable channel (Canary/Dev/Beta has been enabled 50%), with the understanding that if we discover concerning breakage or regressions via health metrics or bug reports we will pause the rollout:


Stage

Duration

Date

Stable 1% (M116+)

M116 stable release is shipping to 100% (a best guess)

Aug 22, 2023

Stable 10% (M116+)

~2 weeks after previous stage

Sep 5, 2023

TOT Default (M117)

~2 weeks after previous stage

Sep 19, 2023

Stable 100% (M116=>M117)

~ Same business day as previous stage

Sep 19, 2023


Gecko: Non-harmful on User-Agent client hints (https://github.com/mozilla/standards-positions/issues/202).

WebKit: No signals (https://github.com/WebKit/standards-positions/issues/70).

Web developers: Mixed signals (https://crbug.com/1430051). We know at least one site that uses user-agent client hints on Android WebView..


Debuggability

No special DevTools support needed. The UA Client Hints headers will be as debuggable as other request headers, through DevTools’ network tab.


Will this feature be supported on all six Blink platforms (Windows, Mac, Linux, Chrome OS, Android, and Android WebView)?

Yes

Notes: The existing flag UserAgentClientHint was already enabled for other five platforms (Windows, Mac, Linux, Chrome OS and Android).


Is this feature fully tested by web-platform-tests?

https://wpt.fyi/results/client-hints


Flag name

UserAgentClientHint


Tracking bug

https://crbug.com/1430051 


Launch bug

https://launch.corp.google.com/launch/4261345 


Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5127746375647232

Bhanu Vattikonda

unread,
Aug 15, 2023, 5:14:28 PM8/15/23
to blink-dev, vict...@chromium.org, mike...@chromium.org
Is there a corresponding User-Agent reduction plan for Android WebView?

Victor Tan

unread,
Aug 15, 2023, 5:19:19 PM8/15/23
to Bhanu Vattikonda, blink-dev, mike...@chromium.org
Currently, we haven't confirmed the public plan for user-agent reduction on WeView. We won't do user-agent reduction before completing roll-out user-agent client hints. 

Victor

Chris Harrelson

unread,
Aug 16, 2023, 1:40:38 PM8/16/23
to Victor Tan, Bhanu Vattikonda, blink-dev, mike...@chromium.org
LGTM1

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAJh4P7Hs_mYf2XdSU8M-vTsVuapefb%3D-AOMSh-dmObk8s75X_g%40mail.gmail.com.

Victor Tan

unread,
Aug 23, 2023, 5:45:57 PM8/23/23
to blink-dev, Chris Harrelson, Bhanu Vattikonda, blink-dev, mike...@chromium.org, Victor Tan
can anyone take a look at this?   thanks.   :)

Peter Beverloo

unread,
Aug 24, 2023, 9:11:01 AM8/24/23
to Victor Tan, blink-dev, Chris Harrelson, Bhanu Vattikonda, mike...@chromium.org, Victor Tan
Non-API OWNER LGTM to proceed on WebView - thank you for all the diligence you've done on understanding and navigating the platform constraints!

Thanks,
Peter


To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e07fe0c5-959a-4ed3-b35e-dee0dd68a1cbn%40chromium.org.

Rick Byers

unread,
Aug 24, 2023, 11:34:04 AM8/24/23
to Peter Beverloo, Victor Tan, blink-dev, Chris Harrelson, Bhanu Vattikonda, mike...@chromium.org, Victor Tan
Sorry for the delay, LGTM2

I'm surprised you need a ramp-up for this. New APIs are generally safe so we usually don't finch them. But if you'd rather do a finch roll-out for extra safety, I have no objection.

Rick

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALt3x6mvxAjXNJ5aUez-ezfp2HUXLari0iALm5RiAyLun%2BN2oQ%40mail.gmail.com.

TAMURA, Kent

unread,
Aug 24, 2023, 7:39:59 PM8/24/23
to Victor Tan, Peter Beverloo, blink-dev, Chris Harrelson, Bhanu Vattikonda, mike...@chromium.org, Victor Tan, Rick Byers
LGTM3.


To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CAFUtAY8tdKTJ2BSPVFKDHq-rqvEObErJuviWRdeD4xWs%2BJyU2g%40mail.gmail.com.


--
TAMURA, Kent
Software Engineer, Google


Victor Tan

unread,
Aug 29, 2023, 2:13:52 PM8/29/23
to blink-dev, TAMURA, Kent, Peter Beverloo, blink-dev, Chris Harrelson, vbh...@google.com, Mike Taylor, Victor Tan, Rick Byers, Victor Tan
Hi blink-dev,

User-agent client hint is currently ramping up to 1% of the stable release population on Android WebView. 
New schedule timeline as follows:
1% ~ Aug 29, 2023
10% ~ Sep 12, 2023
TOT default ~ Sep 26, 2023

Thanks.

Best,
Victor

To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/e07fe0c5-959a-4ed3-b35e-dee0dd68a1cbn%40chromium.org.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

To view this discussion on the web visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/CALt3x6mvxAjXNJ5aUez-ezfp2HUXLari0iALm5RiAyLun%2BN2oQ%40mail.gmail.com.

--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+unsubscribe@chromium.org.

Victor Tan

unread,
Sep 12, 2023, 1:09:55 PM9/12/23
to blink-dev, Victor Tan, TAMURA, Kent, Peter Beverloo, blink-dev, Chris Harrelson, vbh...@google.com, Mike Taylor, Rick Byers
Hi blink-dev,

User-agent client hint is currently ramping up to 10% of the stable release population on Android WebView. 

Best,
Victor

Victor Tan

unread,
Sep 26, 2023, 2:58:00 PM9/26/23
to blink-dev, TAMURA, Kent, Peter Beverloo, blink-dev, Chris Harrelson, vbh...@google.com, Mike Taylor, Rick Byers

Hi blink-dev,

User-agent client hint is currently ramping up to 100% of the stable release population, enabling default TOT on Android WebView. 

Best,
Victor
Reply all
Reply to author
Forward
0 new messages