- From: Silas <notifications@github.com>
- Date: Thu, 08 Feb 2024 13:07:55 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/issues/663/1934934479@github.com>
I do see a lot of potential for abuse with dynamically-updating icons, however. - Dynamically changing the app icon on a schedule has some good use cases and could be used to improve the user experience for some apps - It could also be used to cause a lot of confusion for the user if used improperly (like when each icon is drastically different from the last) - Even if the user opts-in once to the icon changing periodically, someone could still easily trick the user by changing the icon to a banking app at any point in time after gaining that consent - A PWA could gain consent initially, and then be sold to a malicious party that would suddenly change the icon to something else Unless we can figure out a simple way to avoid this, I don't think the tradeoffs would be worth it. The browser would need to be able to detect *how much* the icon has changed from the original, rejecting icon changes over a certain threshold—and that's probably not realistic. With a one-time icon change, we can prevent abuse by having the browser confirm the change with the user through a dialog or explicit action *each time* a PWA requests to change it. I think this is how Apple does it with their native apps. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/663#issuecomment-1934934479 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/issues/663/1934934479@github.com>
Received on Thursday, 8 February 2024 21:08:02 UTC