It’s disappointing to see that Apple’s spin job is apparently working (based on some of the comments here). While it sounds superficially plausible, it’s actually quite deceitful.
For example, the argument that one web app could steal the permissions of another web app is predicated on the assumption that a non-Apple browser engine will fail to sandbox the apps. But *the exact same* threat vector will exist for non-Home Screen web apps accessed through third party browsers. That’s because ordinary websites ALSO have the ability to request access to microphones and cameras, and it will be up to the developers of the browser engines to ensure that these permissions are properly sandboxed. Apple won’t be able to eliminate this risk without breaking vast numbers of sites that people use every day.
In truth, a PWA is no different from a website. It’s built using the same technologies and APIs. The main difference is that it can run in full-screen mode like an app, and it has its local storage cleared less often. These are nice extras that benefit users who choose to “install” such apps, and they carry no special security risks.
For example, the argument that one web app could steal the permissions of another web app is predicated on the assumption that a non-Apple browser engine will fail to sandbox the apps. But *the exact same* threat vector will exist for non-Home Screen web apps accessed through third party browsers. That’s because ordinary websites ALSO have the ability to request access to microphones and cameras, and it will be up to the developers of the browser engines to ensure that these permissions are properly sandboxed. Apple won’t be able to eliminate this risk without breaking vast numbers of sites that people use every day.
In truth, a PWA is no different from a website. It’s built using the same technologies and APIs. The main difference is that it can run in full-screen mode like an app, and it has its local storage cleared less often. These are nice extras that benefit users who choose to “install” such apps, and they carry no special security risks.