• ForgotAboutDre@lemmy.world
    link
    fedilink
    arrow-up
    0
    ·
    10 months ago

    PWAs only need a browser exploit. If alternative browsers are allowed apple no longer controls this mechanism.

    It’s also easier to slip a PWA by a user, making it confusing for uniformed users who would be targeted.

    • FooBarrington@lemmy.world
      link
      fedilink
      arrow-up
      0
      ·
      10 months ago

      No, they don’t only need a browser exploit, because the browser itself is sandboxed too. Otherwise the danger exists for literally every webpage - no need to install a PWA to break out if you have a browser exploit! You understand that a PWA is just a website and nothing more, right?

      • mnrockclimber@lemmy.sdf.org
        link
        fedilink
        English
        arrow-up
        0
        ·
        10 months ago

        You understand that a PWA is just a website and nothing more, right?

        This is sort of reductive. Yes, and no. It’s more than just a link on your home screen. More than just a set of html pages saved locally. It downloads the entire javascript app, the manifest, the icons, all that stuff and packages it up. When you run one of these you’d have no indication that you’re in a website. There is no browser URL bar or any of that. Only the controls in the app. It’s not really “just a website and nothing more”. It’s a javascript program running on a phones javascript engine (which is currently webkit and locked down). An app in just about every sense of the word. https://app.starbucks.com is a great example. Even works offline once you save it.

        • FooBarrington@lemmy.world
          link
          fedilink
          arrow-up
          0
          ·
          edit-2
          10 months ago

          This is sort of reductive. Yes, and no. It’s more than just a link on your home screen. More than just a set of html pages saved locally. It downloads the entire javascript app, the manifest, the icons, all that stuff and packages it up. When you run one of these you’d have no indication that you’re in a website. There is no browser URL bar or any of that. Only the controls in the app. It’s not really “just a website and nothing more”.

          No, it really is just a website and nothing more. Just because the browser UI is different doesn’t mean it’s a different thing. All of the technology itself is available to all websites, which is what is relevant for PWAs being “a massive vector for malware”, as initially claimed.

          It’s a javascript program running on a phones javascript engine (which is currently webkit and locked down).

          Yes, just like with any other website that uses Javascript. And Apple will have to allow other Javascript engines - so what’s the difference with PWAs specifically?

          An app in just about every sense of the word. https://app.starbucks.com is a great example. Even works offline once you save it.

          Yes, and the same APIs are available to other websites. Look up service workers.