Comment by danaris
5 years ago
Creating these APIs doesn't just grant access to them to well-thought-out PWAs with a clear use case.
It grants access to every shady malware ad that wants to siphon your data and that of everyone around you.
5 years ago
Creating these APIs doesn't just grant access to them to well-thought-out PWAs with a clear use case.
It grants access to every shady malware ad that wants to siphon your data and that of everyone around you.
To what degree is this true for App store apps too though? What with the Facebook (sign-in) SDK and all? Honest question.
With app store apps I am told what permissions they need and I usually opt to not install them, but it's hard to get by without a web browser these days.
That's a good point.
> It grants access to every shady malware ad that wants to siphon your data and that of everyone around you.
Can't native apps do so as well?
Well, first of all, there's a massive difference of threat scale between "the apps I have personally chosen to download and install" and "every website that I visit, even if only for a moment."
Second of all, there's no App Store review process for malicious websites. An app that wants to harvest your data will at least have to have some vaguely plausible useful purpose in order to even have a chance to try.
So I don't know about you, but personally, if you were to ask me, "Do you think a restriction that reduces the number of people able to harvest your data in this particular way by about 90%, or is it totally useless if it's not 100%?", I'd say go for the 90% solution rather than just throwing up my hands and saying it's hopeless.
Forcing someone to install a native app not only lets the maker of the app siphon the users web browsing data, it also allows them to siphon all data from their machine, including bank details, passwords etc, and often opens security vulnerabilities that allow people who aren’t the app maker to do the same.
At least on an iPhone, it's nearly impossible to get bank details and passwords with a native app unless you're using some incredibly sophisticated techniques.
Forcing them to install a native app also massively reduces the number of people who are going to actually let you in.