Chrome 79 started rolling out on desktop and mobile platforms a few days ago. Unfortunately, a bug has cropped up that wipes data in certain apps that use Android’s built-in WebView, which has riled up both developers and regular users.
You might be wondering, “how the heck can a Chrome bug erase data in other apps?” Well, on most recent versions of Android, Chrome acts as the system’s WebView — the component that renders web pages inside of apps. When you log in with a web page inside an app, or use browsers like DuckDuckGo that lack their own internal rendering engine, Chrome is responsible for loading that content. Some Android apps actually run entirely inside WebView, such as applications built with Apache Cordova (PhoneGap) or packaged web apps like Twitter Lite.
One of the changes in Chrome 79 is that the location where web data is stored was updated. However, as one comment on a Chromium bug page pointed out, data from localStorage and WebSQL — two types of storage commonly used by web apps and packaged apps — wasn’t migrated properly.
Long story short, when devices were updated to Chrome 79, web apps and WebView applications had some (or all) local data deleted. While the data is still technically intact, since Chrome didn’t delete old data after the migration, there’s no way to access it right now.
One-star reviews are pouring in for apps that are affected by the bug, and app developers are railing against Chromium developers. Google confirmed that it has paused Chrome 79’s rollout on Android at 50%, and is currently considering a fix:
We are currently discussing the correct strategy for resolving this issue which will be one of:
a) continue the migration, moving the missed files into their new locations.
b) revert the change by moving migrated files to their old locations.
We will let you know which of these two options have been chosen soon. In the meantime it would be good to collect a list of affected packages, and details of whether any mitigations have been released to users, and in what versions so that we can test that the respin doesn’t interact badly with the mitigation.
Unfortunately, it’s hard to get a full picture of the apps affected, since applications rarely advertise how they are built. Data stored in accounts online is safe, at least.