Looks like a massive vulnerability has been discovered, basically affecting any apps with web browsing functionality. Was interested in seeing how this affects Sync (including the old Sync for Reddit app I guess too, which is still being used out there and won’t get any needed security patches).
It sounds like a fix should be in the Android OS security patch for October, but not sure if that protects individual apps at risk still
Android has its own media player APIs, you just have to tell it what to play and give it a place in the UI for the player canvas. You can even design your own controls for it.
When you open a webpage in Sync, that's an embedded web browser also provided by Android.
It's unlikely that Sync links to libwebp directly.
The Sync for Reddit app isn't usable anymore as it can no longer access the Reddit API. All you get are errors when you try to use it now.
There is a ReVanced patch to spoof the current client with a different oAuth token to work around tye API restrictions.
https://revanced.app/patches?pkg=com.laurencedawson.reddit_sync
Yeah most of the old reddit browsers for Android seem to have a patch like this. Obviously they're no longer intended for use by the developers, but for anyone using them it would probably be good to know whether they will be forever at risk to a vulnerability like this.
Thanks for the explanation! Hopefully that's the case here then with Sync. Still hoping @ljdawson@lemmy.world can confirm one way or another.