As a side note, I personally HATE apps that opens links in an in-app web view (apps like Instagram, Facebook, etc). I really wish Apple could have a system wide preference where it could force in-app web views to open in the browser.
As a side note, I personally HATE apps that opens links in an in-app web view (apps like Instagram, Facebook, etc). I really wish Apple could have a system wide preference where it could force in-app web views to open in the browser.
It has frustrated me for a LONG time that we have all collectively seemingly decide to break links.
It used to be that you could click a link in an app, it opens in your web browser where you're already logged in to the relevant service, so you get to see the content the link points to.
These days, you click a link in an app, it opens in an in-app web view where you're not logged in, so you just see a login screen.
Not even the "open in Safari" button works, since by the time you have the opportunity to click it, you've already been redirected to the login page. You literally have to long-press on the link, copy it, switch to your browser, and paste it in to the omni-bar. I don't understand how this god forsaken industry's UX "experts" have all agreed that this should be the universal user experience.
It's especially bad in apps like Slack, where 99% of the links I'm ever interested in are links to our internal gitlab, some internal knowledge base article, some internal tool, or some other thing that requires being logged in to view any of the content. Links just plain do not work almost ever in Slack without the manual long-press -> copy -> switch to Safari -> paste dance.
This behavior (as far as I can tell) has broken the Expensify iOS app for us at work. We have a conditional access policy that requires a “compliant” device to succeed the SSO login. However, only the iOS Edge browser can prove compliance and Expensify refuses to hand over that login process to the Edge browser preferring to use its own built-in browser. So login fail and as far as I can tell there is nothing we can do about it except for exempt that app from the conditional access policies.
The reason Expensify does that is because they want/need access to the cookies from the login flow. The in app browser provides the hosting application access to those, but they can't access Safari's cookiejar. The modern way of doing it is to put the login in Safari (or iOS's dedicated "in app browser for logins") and then redirect to something like expensify://login_complete?token=xxxxxx, which pops back over to the app. This is mostly tech debt on Expensify's part, but it might not solve the Edge vs. Safari issue.
I wonder what iOS Edge does which iOS Safari doesn't do, considering both are just UIs over WebKit...
Not that it matters, it's still an excellent example of stuff not working because links don't work as links anymore.
> I wonder what iOS Edge does which iOS Safari doesn't do
Being a "Managed App" through MDM/Intune. Typically it's used when installing corporate apps in a BYOD scenario. The managed apps are isolated from information sharing with unmanaged apps, e.g. policies can be applied preventing copy/paste, access to Files.app, etc. It (and it's isolated storage) can also be remote wiped without nuking the whole device. Edge.app still uses the Safari rendering engine, etc. like is generally the case with 3rd party browsers on iOS.
You can't do this with Safari.app unless the whole device is managed, which doesn't work well for BYOD.
We have this policy at work and it’s infuriating. I had to install edge once to access some work resource and immediately uninstalled it. I can’t even access our GitHub without it, even through the official app.
Maybe what breaks that process is what Edge does not do and Safari does. There is more to a browser than the rendering engine. Furthermore, does Safari still uses an optimized JS engine that the other browsers cannot use?
> I wonder what iOS Edge does which iOS Safari doesn't do
I don’t know whether that’s right, but I read “We have a conditional access policy that requires a “compliant” device to succeed the SSO login. However, only the iOS Edge browser can prove compliance” as “our access policy does not allow logging in from Safari”. If that’s true, it’s not something Edge or Safari does or doesn’t do.
> I wonder what iOS Edge does which iOS Safari doesn't do, considering both are just UIs over WebKit...
"just" is not an appropriate word here. There's a ton of functionality in the native UI and non-WebKit code.
I hate in-app browsers, too, but there is a Slack setting that will let you open in Chrome or Safari (choosing Safari opens whatever your default iOS browser is).
You can change the Browser Application setting under Preferences after tapping on your Avatar in the Slack app.
> you click a link in an app, it opens in an in-app web view where you're not logged in
But you could be. You could log in from the in-app web view, and it would be remembered and compartmentalised in that app, so that next time you click a link you’re logged in.
Nowadays most providers (and IT teams managing SSO) log out stale sessions quickly, so by the time he clicked another link to it in Slack he'd probably be logged out, again.
It really is a bad user experience all around.
If it happened that fast, then logging in outside the in-app browser wouldn’t make much of a difference, you’d have to be constantly doing it anyway.
I could be, but I'm not. And I don't want to compartmentalize logins to Slack.
To be clear, what I meant is that the logins inside the in-app browser do not affect the other in-app browsers and the main browser. I understand this is not your preferred solution, but it is a way to make the situation suck less.
This sounds like a fantastic way to get phished.
That makes no sense. Are you getting phished from clicking a link someone you know posted in your internal company Slack? And use a password manager, those make sure the domain is correct.
Every app and their mom uses the webview bullshit - it's not just your work slack.
Now you're logging into the same thing in multiple different places. Obviously, the odds of you getting phished go up significantly.
I also love that app sizes get super bloated (several gigs per app) due to cached safari data from the in-app web view. Seems the only way to clear it is to go into settings and wipe the website data for safari entirely. I don't believe app developers can clear this themselves either, despite it appearing as their app taking up so much space when really it's just due to safari cache that seemingly doesn't clear on its own.
THAT is the source for the bloat? Oh dear. Absolutely shambolic. It is embarrassing that iOS gives no way to just completely nuke an app's cache, short of reinstalling the app.
Some apps have a setting to clear data and I swear I’ve seen cached data in that before but I could be mistaken
I know they do, but the effectiveness of these "clear data" settings varies wildly and it's mildly infuriating. For instance, in my experience Telegram's works pretty well, X's not at all.
I get more frustrated from when they go the other direction. Google Maps, for instance. When I go to the website, it asks if I'd like to use the app instead, with the usual dark pattern of having the "no" button greyed out. But after I tell it no, as soon as I touch the search bar, it automatically opens the app anyway. I wish there was a setting in Safari that disabled websites from opening apps.
Add to that list:
- showing focus-stealing modals when loading the page/app, which breaks the quick look functionality on iOS
- interrupting your workflow with tutorial popups (especially multi-step ones that point to different parts the screen) that demo or upsell a new feature, requiring you to dismiss them to continue
- not having an option saying "I'm a power user, stop explaining shit I already know"
To be honest, if the concept of growth hacking was erased from the universe, pretty much none of this crap would exist. Atlassian, Browserstack: I'm looking at you.
> I wish there was a setting in Safari that disabled websites from opening apps.
This has been one of my biggest iOS peeves for a long time—I really wish that installing an app wasn’t a commitment to letting it handle all of the links it wants to.
It’s particularly annoying because a lot of apps are terrible at actually handling the link: the app will show a login screen or some kind of interstitial and then just forget where you were going. That stupid behavior isn’t limited to web links either, it’s really great when it’s the app’s own push notification (thus irretrievable once tapped), but which the app will not even open properly 100% of the time.
There are a couple of imperfect workarounds (long pressing, incognito), but mostly I’d just rather have an option to limit or disable this behavior entirely—in the absence of that I’ve actually just uninstalled all of the worst offenders, I’m sick of having a million damn apps.
Not sure about iOS Firefox, but on Android you can disable that altogether. Turn off "open links in apps".
> letting it handle all of the links it wants to
It doesn’t. App developers have to verify that they own the corresponding domain names that they want to handle with their apps: https://developer.apple.com/documentation/xcode/supporting-a...
I understand that, what I was getting at is more that I, as a user, have little insight or control around when or where my phone will decide to open an app when I click a link, vs continue to work like a normal browser. The app developers declare their associations and url patterns and that's it.
I agree, it’s pretty obnoxious… But there is the same problem on Android, app handlers for verified domains cannot be disabled there, only the handlers for unverified domains (which are unticked by default, so opt-in).
From what I can tell, Kagi’s Orion browser will let you control app launching.
My favourite part is when it opens a form or something to fill out but if you navigate away from this in-app web view to another app and back (say to get a password) you lose the session. It’s incredibly frustrating
Yeah Gmail does this on Android. Super annoying. You basically have to remember to always click "open in chrome". It's not like it even does anything different because it's already open in chrome, just in a tab that it will throw away at the drop of a hat.
That's generally annoying though — web sites that can't preserve your session if you should click a link and then try to go back.
I couldn’t agree more.
I find gmail to be the absolute worst offender in this category.
1. They dark pattern you into downloading their browser (they give three options, two of which are chrome)
2. In not launching iOS, I’m not logged into the session I may already have open in safari. Which is incredibly painful for any product that sends notifications via email, which id like to action.
And if I do login, and it asks for an email verification code… fail. I can’t access it in gmail without closing the browser…
3. Their in app browser (or the way they re-write links?) doesn’t seem to play nice with opening the corresponding app. Never seems to work.
Incredibly user hostile.
Is there a better alternative mail client I can use with gsuite?
I use the Gmail app and just have it set to always use the default browser?
Gmail app -> hamburger menu (top left), scroll down to settings, Default apps, Browser = "Default browser app (Configure in iOS settings)".
I think I must be misreading your concern - if so, not intentional.
What does "better" mean to you? The native Apple Mail app works with Gsuite.
I’d think it was about tracking if I didn’t know that the ios api most apps use gives no access to what the user is doing. I feel like it must be some folk wisdom among app developers about “keeping people in the app”. It’s especially bad since the implementation always seems to struggle hard with self-links, eg if you open a web link in X then follow a link in the story to a tweet you get a broken result in most apps.
This small technical annoyance is one of the biggest issues… of modern society. They do that deliberately to keep users within their apps to drive up engagement. Which in turn drives down exposure to different opinions by keeping the user within the app driven by the same algorithm uninterrupted. If they to change default opening of web links as you would expect it, their revenue numbers would drop dramatically.
The lawmakers should be competent enough to recognise this problem and have laws against keeping people within the apps for no reason. (The only reason may be to use the web sign-in).
Imagine on desktop computer os, you click a link within WhatsApp app and it opens a window within that app and load the webpage there, without your login cookies, and makes you login if you need using mouse with on-screen keyboard only…
Gmail insists on doing this and always screws it up.
On iOS I have the chrome and gmail app installed and it always opens my links in chrome. Does it use the built-in browser if you don't have chrome?
Yes I don’t have Chrome just Safari and it used to still insist on doing this. So it had none of my passwords saved etc. and was some brain dead Gmail browser.
I just tried again and it opened Safari, so maybe at some point they enabled a way to tell it to not do that? I see in the Gmail settings I have a setting checked for use default browser app.
So if you fixed this Gmail or iOS people thank you!
Gmail is the worst for this
The main point of it is to force ads and tracking links. It's just anti-privacy. Any app that does it without a permanent way to disable it doesn't respect its users.
I wouldn’t mind if it didn’t break OAuth flows on _some_ webviews on _some_ operating systems. Miserable rabbit holes mitigating all the edge cases.
Same thing in Android... I'd just prefer to launch the default browser (Brave in my case).
Not the same thing.
Every link I click on my Android phone opens up and uses my preferred browser; Firefox.
What are you seeing different?
By default in X, Facebook and even Google News, you get an in-app browser by default.. you can change the behavior, but it's definitely the default. Just switched to a new phone and have been updating a lot of the settings as I notice them.