Add android.permission.GET_ACCOUNTS to allow Kerberos Authentication

We currently use Chrome in a managed device environment and use a product called Hypergate Authenticator to get native Kerberos Support on Android. However as we are focused on privacy, we would love to use Brave instead of Chrome.

All the managed configuration fields are there and can be configured properly, unfortunately it looks like the required runtime permission has not been declared in the manifest. In order to get the property AuthAndroidNegotiateAccountType to do it’s work, it’s required to declare and grant the following permission:

This single change would allow us to switch to brave instead of chrome.

Unlike maybe assumed this permission is crucial for the SPNEGO authentication mechanism built into chromium (you can read more about it here

By removing the GET_ACCOUNTS permission you are breaking the compatibility. Breaking compatibility breaks support for products like Hypergate, which in turn makes brave not usable in enterprise setups.

1 Like