> you can see that unless at an OS level you provide additional 'meta-security' features that allow apps that run in other apps to have fine grains access control that is managed by the OS, it's pretty much "security? Well, whatever...".
I don't think that's the only solution. A simple alternative is to declare that "apps that run in other apps don't get to do anything at all."
I.e. in this case, in response to a EU requirement to support alternative browser engines, Apple could — rather than disabling PWA integration altogether — drop all additional privileges that PWAs have that regular webpages don't.
Make installed PWAs in the EU market into just "webpages, but with a home-screen icon, a separate task-manager card, and no address bar." Which is 99% of the reason anyone installs a PWA anyway. No camera/microphone, no extra storage, etc. Not for Chrome PWAs, not for Safari PWAs; not for any PWAs (on these devices.) They're just webpages presented differently. No "meta-security" required!
That’s what I meant/said — they’d neuter the PWA framework itself, which would mean that any PWA (including Safari PWAs) would just become “regular webpages but standalone.”
But only in the EU, and only on iOS. They'd still get enhanced capabilities elsewhere. (On iOS on any other continent; on Android anywhere; on ChromiumOS anywhere, or just Chrome on desktop anywhere; etc.)
And the nice thing about PWAs, is that there's no way for a PWA to know or care that it's being run "installed", and change its expectations/requirements — as there's just no web API for that. Instead, a PWA must just attempt to talk to each of these permission-gated APIs it wants to use, and find that it's now being [prompted for and] given access to them, rather than silently refused them.
So, unlike tightening the security model around regular native apps, tightening the security sandbox around PWAs shouldn't actually fundamentally break them — they should be designed to gracefully degrade when refused these capabilities. Presuming these PWAs were already ordinary fully-functional web-apps, which have just been progressively enhanced with these features when and where available, they'll just act like they do "on the web" — which should still deliver on the app's use-case. That's what the "Progressive" in "Progressive Web Apps" is supposed to mean!
Of course, some PWAs 1. will have been designed from the ground up as PWAs, and 2. will have a purpose/use-case that's very specific to the use of these high-integrity web APIs, such that they're completely useless without these PWA-only permissions. A video-chat PWA, for example, won't do much without access to your camera + microphone. There's no point to using these webapps as webapps — and often they don't even let you do so (i.e. they attempt to access the specific API they need on launch; if they succeed, they render the app UI; if they fail, they render a prompt to install the PWA.)
I don't know if you'd really call these PWAs, since there's nothing progressive about them — there almost needs to be a different term for these apps that need the high-trust APIs to do anything-at-all. For the sake of discussion, I'll refer to these as "Elevated Web Apps" (EWAs), since they require elevated permissions to be useful.
It's only these Elevated Web Apps that would benefit from having what the GP called "meta-security": the ability to interact with the OS security on a per-webapp basis, through e.g. an Android-like install-time gate where the app presents a capabilities manifest (displayed to the user as a set of permissions it wants) and the user makes a decision of whether to accept that.
And, if Apple simply neutered PWAs rather than removing them, it's only these Elevated Web Apps that people would "miss out on."
As cool as PWAs are as a technology, these Elevated Web Apps are a true minority or them — maybe 1% or so.
And — at least as far as I know — almost all Elevated Web apps only exist for one of two reasons:
1. to serve use-cases that users with access to native apps from an app store, just have no reason to care about. (Specifically, they were developed to allow users to accomplish native-app-equivalent things on OSes that don't support any kind of native apps — like FirefoxOS nee KaiOS, or early ChromiumOS.)
2. to benefit the developer at the user's expense, by forcing the user to give the developer permissions that allow the developer to spy on the user more effectively, before the app will work — but where the app doesn't actually do anything with these permissions to serve the use-case. (I've seen a few scammy Chinese dating sites demand to be installed as a PWA for this reason.)
In other words: on iOS, at least, you probably won't miss them! (Especially with the third-party App Store ruling also in place in the EU! Things like emulators don't need to be relegated to "WASM running in a PWA" any more; in the EU, they can just be third-party-store apps!)
I don't think that's the only solution. A simple alternative is to declare that "apps that run in other apps don't get to do anything at all."
I.e. in this case, in response to a EU requirement to support alternative browser engines, Apple could — rather than disabling PWA integration altogether — drop all additional privileges that PWAs have that regular webpages don't.
Make installed PWAs in the EU market into just "webpages, but with a home-screen icon, a separate task-manager card, and no address bar." Which is 99% of the reason anyone installs a PWA anyway. No camera/microphone, no extra storage, etc. Not for Chrome PWAs, not for Safari PWAs; not for any PWAs (on these devices.) They're just webpages presented differently. No "meta-security" required!