Re: [w3c/manifest] Ability to dynamically change app icon (#663)

I do see a lot of potential for abuse with dynamically-updating icons, however.
- Dynamically changing the app icon on a schedule has some good use cases and could be used to improve the user experience for some apps
- It could also be used to cause a lot of confusion for the user if used improperly (like when each icon is drastically different from the last)
- Even if the user opts-in once to the icon changing periodically, someone could still easily trick the user by changing the icon to a banking app at any point in time after gaining that consent
- A PWA could gain consent initially, and then be sold to a malicious party that would suddenly change the icon to something else

Unless we can figure out a simple way to avoid this, I don't think the tradeoffs would be worth it. The browser would need to be able to detect *how much* the icon has changed from the original, rejecting icon changes over a certain threshold—and that's probably not realistic.

With a one-time icon change, we can prevent abuse by having the browser confirm the change with the user through a dialog or explicit action *each time* a PWA requests to change it. I think this is how Apple does it with their native apps.

-- 
Reply to this email directly or view it on GitHub:
https://github.com/w3c/manifest/issues/663#issuecomment-1934934479
You are receiving this because you are subscribed to this thread.

Message ID: <w3c/manifest/issues/663/1934934479@github.com>

Received on Thursday, 8 February 2024 21:08:02 UTC