The tokens are "generated" on the client, and the server just gives the client enough information to make that locally generated token become "valid", without being able to link that token to a specific validation attempt
looking at it from a high level, it doesn't appear the final token ever leaves the client till it's being redeemed. There's a middle step that does get signed, but this part is not what is sent.
DMA requires that the interoperability be at the same level of encryption than normal chats. In whatsapp's case, that means all interoperability must be E2E
There is a whitelisted set of apps in the OS. Samsung's messenger also is allowed on Samsung devices. They talked about opening the API many years ago and then suddenly stopped talking about it.
For most people, Google Messenger app now uses Google's RCS gateway anyway, so the carrier does not need to support RCS.
I do not know of anyone trying to get carrier-based RCS working with a non Google app using a custom rom with a different whitelisted set of apps, but it sounds to like maybe that would be possible
Additionally, only Google’s is capable of encrypted RCS as far as I’m aware (as the standard does not include that), so using other clients means giving up encryption.
Can confirm. I have an android device that was given to me by my company and PWAs work just fine in Firefox. It's not a matter of technical limitations, it's just the poor multitrillion dollar company is gonna screw over their customers while scary government bureaucrats won't let them have their cake and eat it as well.
They don't say it's a technical limitation, they say it was too much work to do for a relatively underused feature?
> Addressing the complex security and privacy concerns associated with web apps using alternative browser engines would require building an entirely new integration architecture that does not currently exist in iOS and was not practical to undertake given the other demands of the DMA and the very low user adoption of Home Screen web apps.
Indeed, and the icon has a Firefox badge on it so I know it is Firefox running the show. If things go south I know who to blame: Firefox. The same goes for Cromite (which used to be Bromite, which is a de-fanged de-Googled version of Chromium) or any other browser which offers this functionality.
See, Apple? This is how you can implement PWAs so that users do not accuse you of other browser's problems. Then again I assume this is already known in Cupertino but not implemented because it would break down that wall around the garden, brick by brick.
This is quite easier said than done. Simply copying a feature from competitor is not neccessarily easy especially if they challenge deep architectural decisions that have been made in the past.
Kiwi has historically faked the version number to prevent websites from telling you to update your browser. I would assume that number is not legitimate.
It was not sold. It was transferred to a the contributor of a Safari port. Only the GitHub repository though, not the extension store page. That has always remained with gorhill. So, no one's install was compromised
