W3C home > Mailing lists > Public > public-webapps@w3.org > January to March 2012

Re: Installing web apps

From: Boris Zbarsky <bzbarsky@MIT.EDU>
Date: Wed, 01 Feb 2012 15:03:43 -0500
Message-ID: <4F299A9F.3040208@mit.edu>
To: public-webapps@w3.org
On 2/1/12 2:41 PM, Paul Libbrecht wrote:
> Android goes somewhat in this direction with its app-security model...

With all due respect, the app-security model on Android is a joke. 
Everyone just clicks through the permissions grant without even reading 
what's being requested, because _every_ app asks for a bunch of 
permission grants up front and won't run until you grant them.  Any 
random game wants permission to do arbitrary internet access (as 
mentioned earlier on this thread, already a security hole if you happen 
to be behind a firewall when you run the game), listen to your phone 
conversations, read your addressbook, etc.  Perhaps they do have some 
sort of rarely-used features that require such access, but the model 
forces them to ask for all the permissions immediately... and the user 
is trained to just accept.

>>> - Access to RAM at runtime, to a limit
>
> I don't know how well such limits are handled by browsers, I've seen a lot of browser crashes for these reasons. Pointer?

Several JS engines have heap size limits and stack size limits and will 
throw exceptions when either is reached.

Any browser running web content in a separate process can impose global 
RAM limits on that process if desired (ulimit on Unix-like OSes, but 
Windows has similar functionality).

>>> - CPU time when in background, to a limit
>
> Same thing, the user-warning on slow script is not that limit!

Apart from timeout throttling UAs are not doing much here yet.  I expect 
they will do more.

>> There's plenty of things we can do to make the Web platform more
>> compelling and a better competitor to native apps, but adding "installing"
>> isn't one of them. That would in fact take one of the Web's current
>> significant advantages over native apps and kill it.
>
> when you consider the success of app-stores, I think that I do not share this view.

Indeed.

-Boris
Received on Wednesday, 1 February 2012 20:04:12 GMT

This archive was generated by hypermail 2.3.1 : Tuesday, 26 March 2013 18:49:50 GMT