- From: Jerry Green <notifications@github.com>
- Date: Fri, 09 Feb 2024 05:24:49 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
Received on Friday, 9 February 2024 13:24:56 UTC
@aetinx no it’s not. Imagine a user installs an app, forgets it, then tries to see his bank applications one day, opens it, enters login and password and viola – understands it’s not a bank application but a different application portrayed as bank application. In web, there are sometimes attempts to do the same. Only they have to register similar domains to the services they try to pretend to be. This is usually not really effective as users can see the url. But with the case of PWA apps, there’s no url, just icon and title, and it’s much harder to see such a fraud. I would still agree that this feature is still very much needed. Unfortunately, it would require much more groundwork to solve this security issue. I described the potential solution a comment above. -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/663#issuecomment-1935923304 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/issues/663/1935923304@github.com>
Received on Friday, 9 February 2024 13:24:56 UTC