Re: [w3c/manifest] Allowing only site-triggered install prompt (#627)

> To be clear, the reason we regulate access to the install prompt is less to do with the modality of the dialog, but the consequence to the user if they just accept it without thinking. (Note: Installation generally doesn't grant extra permissions, but it does put the app on the user's system, which provides future opportunities for spoofing as it will be launched without browser UI.)

If the user downloads a file without thinking, bad things can happen, or open an email, or any other number of things that the web exposes users to every day, many of which can establish permanent presence on various devices. As I've brought up before, the absence of a means for a web author to allow a user to easily trigger the installation flow does not stop bad actors from just creating the same installation dialogs every other PWA is shipping to teach their users how to install them. Requiring one of a specific set of User Gestures (specifically a click, tap, or the accessible alternatives) will cut the accidental installation ramifications drastically since sites won't be able to just show a prompt whenever they feel like it. Other possible solutions also exist, a new html element with limited styling options to avoid tricking the user that is purpose built to serve this function (triggering the installation path for the user, just as if they had manually hit the contextual icon the UA provides). Or providing a javascript API that allows a web author to register an element AS an instillation button. It is possible to give web authors the tools to make the installation process simple for their users without giving them the ability to just fire off a prompt whenever they want.

-- 
You are receiving this because you are subscribed to this thread.
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/627#issuecomment-693116611