Re: [w3c/manifest] Ability to dynamically change app icon (#663)

> If it’s a security hole, why native applications on Android & iOS can do change their icons dynamically?

The Web platform (including the installable apps side of it) generally holds itself to a higher security standard than native apps on Android or iOS. There are a lot of APIs that are missing or neutered on the web compared to the native Android or iOS counterparts, not because we don't want them, but because of the high security bar.

A big reason for this is that on Android or iOS, apps are installed through a store, and can be remotely taken down by the store owner if they do bad things. On the Web, apps are installed by a private decision between the user and the site operator. The browser manufacturer does not act in a policing role (other than maybe safe browsing protections for automated detection of egregious spoofing - but we don't rely on that due to defense-in-depth). So we need to have a higher degree of security built in to the platform, which in many cases means limiting the capabilities of the platform.

It's all about what is the utility of the capability (what new types of experiences does it unlock) versus the potential for harm. In the case of an API that lets you dynamically change your icon, there is a great potential for harm (install a harmless-looking app, which then changes its icon without you noticing to your bank icon, you click it, and it spoofs your bank), versus a fairly minimal benefit (Calendar and Clock apps can show the correct date/time - it doesn't unlock any new experiences).

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/663#issuecomment-1414813416

You are receiving this because you are subscribed to this thread.

Message ID: <w3c/manifest/issues/663/1414813416@github.com>

Received on Friday, 3 February 2023 03:39:16 UTC