Extensions require user permission
Since the extensions can take a far-reaching insight into web content, the use of an extension first requires the consent of the user – for every website on which it is to be used, such as Apple announced at the developer conference WWDC. Consent can be limited to one day or given long-term. In addition, Safari will display a small note in the address bar as soon as an extension can access the content of the website that has already been approved. This protective function makes typical extensions such as advertising or script blockers impractical. For this type of extension, Apple continues to use the long-standing content blocker path.
Apple notes that no user consent is required for simpler browser extensions that cannot read sensitive data. These then only work for the accessed website in the currently active tab. If this is closed or a different URL is accessed, the extension loses its access authorization – the user must then reactivate it if necessary.
Standardization of the cross-browser WebExtensions
Apple has supported the WebExtensions standard in the macOS version of Safari since last year. Apple offers a “Web Extension Converter” with which extension providers can adapt an existing extension for Safari for other browsers. In Xcode 13, an extension for macOS and iOS is automatically created, according to Apple.
The new Safari extensions have not yet come to life because they can only be sold on the Mac via Apple’s App Store. With the opening of Safari on iPhone and iPad, the company is now creating significantly more incentives to offer extensions for Safari. On iOS, developers are inevitably used to this way of distributing software.
Together with Google, Mozilla and Microsoft, Apple has recently merged to form the WebExtensions Community Groupin order to advance the standard: They want to standardize interfaces, functionality and approvals for the browser extensions in order to make it easier for developers to offer them for all browsers. At the same time, the APIs should ensure that performance losses and misuse by extensions are excluded as far as possible.