66
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
this post was submitted on 22 Aug 2024
66 points (82.4% liked)
Technology
59648 readers
1459 users here now
This is a most excellent place for technology news and articles.
Our Rules
- Follow the lemmy.world rules.
- Only tech related content.
- Be excellent to each another!
- Mod approved content bots can post up to 10 articles per day.
- Threads asking for personal tech support may be deleted.
- Politics threads may be removed.
- No memes allowed as posts, OK to post as comments.
- Only approved bots from the list below, to ask if your bot can be added please contact us.
- Check for duplicates before posting, duplicates may be removed
Approved Bots
founded 1 year ago
MODERATORS
Mobile dev here.
I’ll play devil’s advocate. Android streamlined the PWA install experience a few years ago. You no longer need to drill into a menu and select an add to Home Screen option.
On one hand, have more users using a better mobile experience, but on the other hand, I now have a lot of users that think they installed the native app.
I don’t think the end user should need to care about my tech stack, but I could see how a malicious actor could dupe people with this newer streamlined PWA install flow. These malicious actors probably caught a lot less people with the old menu > add to Home Screen flow.
That's not really playing devils advocate. You're correct. I was just highlighting the headline was disinformation. It's true that the average user isn't aware of the difference, but I would blame the OS for not making that explicit on install that this is a website and that authenticity should be triple checked. There's also nothing stopping them from "installing" PWA's via their app stores, except for their greed.
There's also nothing stopping a malicious actor from putting a malicious app in the store, whether that is a wrapper on JavaScript or native code. So I don't see the distinction at all from having pwa or native apps barriers because they're all weak.
I guess I’m saying that I didn’t think the headline was too bad. There is a new PWA install flow that’s widely available on Android now, and phishing via that new PWA install UX is potentially a new hot area. I’m not particularly offended by calling that novel. Just my 2¢