- From: Silas <notifications@github.com>
- Date: Thu, 15 Feb 2024 14:18:16 -0800
- To: w3c/manifest <manifest@noreply.github.com>
- Cc: Subscribed <subscribed@noreply.github.com>
- Message-ID: <w3c/manifest/issues/663/1947429701@github.com>
Yeah, off the top of my head for iOS apps: 1. All possible app icons must be registered beforehand in (basically) their version of a manifest 2. An icon change request must be from an explicit user action, it must be an icon registered beforehand, and it is always approved by the user through an iOS-native dialog. Google/Android might be more relaxed with it, but both app stores require all possible icons to be approved before being released if I'm not mistaken. For web apps I'm thinking: 1. We require all possible app icons to be listed in the manifest beforehand 2. Then, when the user installs the web app, the browser could cache/store all icons *at the time of installation*. This would prevent any images from being fetched at runtime when changing the icon, reducing the chances of someone else injecting their own icons if the web app is compromised. If the web app wants to add more icon options to change dynamically at runtime, they could push a web app manifest update. 3. When the web app requests an icon change, (1) it must be triggered by a user action/gesture, (2) it must be an icon listed in the manifest, and (3) the browser or OS must gain confirmation from the user directly with a preview of the new icon displayed -- Reply to this email directly or view it on GitHub: https://github.com/w3c/manifest/issues/663#issuecomment-1947429701 You are receiving this because you are subscribed to this thread. Message ID: <w3c/manifest/issues/663/1947429701@github.com>
Received on Thursday, 15 February 2024 22:18:20 UTC