Does this intent deprecate or change behavior of existing APIs, such that it has potentially high risk for Android WebView-based applications?
No, but implementing Finch feature flag just in case.Open questions about a feature may be a source of future web compat or interop issues. Please list open issues (e.g. links to known github issues in the project for the feature specification) whose resolution may introduce web compat/interop risk (e.g., changing to naming or structure of the API in a non-backward-compatible way).
The fingerprinting mitigation for AccentColor and AccentColorText do not have widely agreed upon resolution: https://github.com/w3c/csswg-drafts/issues/10372 Depending on the results of that conversation, it's possible we might be able to un-scope this feature in the future.--
You received this message because you are subscribed to the Google Groups "blink-dev" group.
To unsubscribe from this group and stop receiving emails from it, send an email to blink-dev+...@chromium.org.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/01a0f425-0740-4b13-b0f9-a552b2b247a5n%40chromium.org.
The core fingerprinting concern is that exposing system accent color on the open web gives every site access to a stable, user‑specific signal that can be collected passively and reused across origins, which increases fingerprinting surface.
Installed web apps are different because installation is an explicit, user‑mediated action and creates a more trusted, origin-scoped context. That significantly narrows the threat model, since access is no longer available to arbitrary pages and the signal is only exposed where users expect deeper OS integration (an installed app). So while installation doesn’t eliminate fingerprinting risk entirely, it meaningfully reduces scale and abuse potential.
To view this discussion visit https://groups.google.com/a/chromium.org/d/msgid/blink-dev/d49729a5-c9f8-464f-b59e-ff2a6c31ac85n%40chromium.org.
