I’ve recently seen several posts claiming how awesome PWAs would be for so called crypto-native apps, especially in regard to circumventing app store restrictions. However, as a dev currently building a cross-platform app with some crypto (i.e. blockchain based) features, I strongly disagree.
This mainly comes down to three reasons:
Data Persistency
Especially on iOS (not aware of the situation on Android), browsers storage (say localStorage but also IndexdDB) are not guaranteed to be persistent (often gets when device storage is low or when not used for x amount of time). Even if it is (as it seems in the case of IndexdDB+Safari+PWA added to home screen), there are numerous posts floating around the net complaining how unreliable such solutions are.
(Note that this situation currently seems to be improving)-
Limited Access to on-device (security) features
This could actually be separated further into security and UX. As for UX, Safari for example limits data storage to 50mb. This severely reduces the usefulness for apps handling big-ish amounts of data, especially as there is also no way to smoothly access the local filesystem from inside a browser (which is a good thing security wise).As for security, this really depends on your use case. In my case, I’m relying on on-device private keys. Storing such sensitive data unencrypted is highly irresponsible, requiring users to enter a long and secure password every time before opening the app is horrible UX. Maybe it would be possible to use the browsers password manager systems to store/retrieve the password more easily, but this really only is some very weak security by obscurity.
Using system lock screens (and thus FaceID/TouchID on iOS) for encryption on the other hand provides a pretty awesome UX while also providing pretty decent security. The caveat? As you could probably guess, this is only available to installed apps.
-
UX
This might seem obvious to some, but tapping the share-button and then searching for the "Add to Home Screen" to then choose a name for the icon to finally getting it installed is hardly a great UX for installing an app. And don’t forget that all the privacy reporting (as seen on GooglePlay/AppleAppStore) are gone as well.Furthermore, and as much as I disagree with some of (especially apples) store policies, PWAs simply don’t have ANY moderation at all. This makes it stupidly easy to trick unexperienced users into using apps that, in the end, are only designed to steal e.g. deposited funds.
Also it’s not possible (at least for now) to integrate into the system share sheet (on iOS, don’t know about android).
From a developer standpoint
Developing PWAs is also not that great. Have you ever tried to build a PWA from scratch and then add a locally hosted instance of your app to your own phone? - Not that amazing of an experience. I truly hope that the tooling will one day reach some kind of parity with tools for native development but we’re not there yet.
Summarizing
Most of these issues can and probably will be improved in the future. But I don’t think that things like the system lock screen stuff will be exposed to all of the web in the foreseeable future. Using PWAs in their current state for apps that are required to handle things like wallet private keys is an awful idea for the reasons mentioned above. Custodial services on the other hand may use PWAs to provide a more familiar interface for users - but that isn’t really aligned with true crypto/cypherpunk mindsets, is it?
Top comments (0)