While I agree in principle, wouldn’t it be true that cookies from e.g. Safari aren’t going to be readable by an external app, the way they could be from an iframe or whatever the cross-site tracking tricks are today?