Progresive Web Apps as replacement of frontends apps

I have been reading about PWA lately, they appear to be good.
My question is that if they are better than apps like Fritter, Infinity for reddit, etc.
What are your thoughs on this “apps” (From what I read they are not real apps).

2 Likes

Websites in a browser are less privileged than native apps and having lots of apps installed on your phone (including apps for YouTube, Twitter, and other websites that can be accessed in a browser) heavily increases your attack surface, so it’s advised to use your browser for most of your activities including frontends, email, and reading PDFs.

So my answer is yes, PWAs are a better replacement for apps like Infinity for reddit.

3 Likes

Websites in a browser are less privileged than native apps and having lots of apps installed on your phone (including apps for YouTube, Twitter, and other websites that can be accessed in a browser) heavily increases your attack surface, so it’s advised to use your browser for most of your activities including frontends, email, and reading PDFs.

So my answer is yes, PWAs are a better replacement for apps like Infinity for reddit.

While I generally agree, I would say that this is not absolute.

There are cases in which it may desirable to use an app instead of a PWA, especially if encryption is involved.

We have a note on web E2EE here:

In practice, the effectiveness of different E2EE implementations varies. Applications, such as Signal, run natively on your device, and every copy of the application is the same across different installations. If the service provider were to introduce a backdoor in their application—in an attempt to steal your private keys—it could later be detected with reverse engineering.

On the other hand, web-based E2EE implementations, such as Proton Mail’s webmail or Bitwarden’s Web Vault, rely on the server dynamically serving JavaScript code to the browser to handle cryptography. A malicious server can target you and send you malicious JavaScript code to steal your encryption key (and it would be extremely hard to notice). Because the server can choose to serve different web clients to different people—even if you noticed the attack—it would be incredibly hard to prove the provider’s guilt.

Therefore, you should use native applications over web clients whenever possible.

5 Likes

my question would be, how is the PWA handled by browser. Is it like using regular tab instead of private one, when all cookies and caches are required not to be cleared for me to stay logged in? I’m not sure how Vanadium sandboxes its tabs…