[olliej]

[edit: I re-read the text, this is literally saying "if an app has/is a browser then it can record what sites you go to", which is something that any browser could do]

Safari supports extensions, extension are deployed as apps. It goes without saying that a browser extension can see what pages you visit (and so build up your browsing history).

It's also not "any app", this is where the App Store does its thing: to be able to do certain actions (like connecting to safari) the binary has to be provisioned with the correct sandbox entitlement - this is enforced by the code signing logic built into the kernel: the set of entitlements is part of the signed data, so any entitlements an app tries to get have to be approved (and so signed) by the App Store.

[wtaf-people]

"this is literally saying “if an app has/is a browser then it can record what sites you go to"”

Except it literally doesn’t say that literally

Think about the fact that if you are wrong, it would say exactly what it says, and (as seen in this thread) everyone will assume it means webview

[olliej]

Ok, I need to be clear here: this is absolutely not saying an app can access the browsing history in safari, nor can it access the browsing history of any app.

It can very obviously record your browsing history in that app. If it sends that data to its home servers, then the app would have to declare that it collected "browsing history".

"Information about the content you have viewed that is not part of the app, such as websites."

that is it can record things other than you interacting with buttons in the app, or what type of music you're listening to, etc. Browsing history gets called at explicitly here because people using non-chrome browsers expect browsing history to be private.

[wtaf-people]

You solved the puzzle I think. The wording was designed specifically for browser apps. They didn’t anticipate non-browsing apps to be using webview. Also I was exaggerating when I said hundreds of apps. Seeing it on PayPal is what threw me off