Nice docs by @fugueish on service worker security considerations: https://sites.google.com/a/chromium.org/dev/Home/chromium-security/security-faq/service-worker-security-faq …
-
-
Replying to @fugueish @slightlylate and
Why? Not interested in helping Chromium development based on bad interactions with Chromium developers, unlike Android.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @fugueish and
Just trying to understand reasoning and what was or wasn't considered. Quite aware it's not going to get removed or crippled from how it is.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @fugueish and
Consider Android: do users believe they're giving up the ability for an app to ping servers when they allow notifications?
2 replies 0 retweets 0 likes -
Replying to @slightlylate @CopperheadOS and
And recall here that Android allows silent push notifications (which we do not).
1 reply 0 retweets 0 likes -
Replying to @slightlylate @fugueish and
Android has code signing and users explicitly install the apps.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @slightlylate and
And sure, understand the goal with these standards is to compete with native apps. Except the consent and signing model is not present...
2 replies 0 retweets 0 likes -
Replying to @CopperheadOS @slightlylate and
Users have expectations about what a web page is and it's not persistent code that can run without the site open.
1 reply 0 retweets 0 likes -
Replying to @CopperheadOS @slightlylate and
"Allow notifications" or "Allow push" definitely doesn't imply or communicate that, and there's another big difference from Android and iOS.
1 reply 0 retweets 1 like -
Replying to @CopperheadOS @slightlylate and
Android and iOS directly present the installed apps to the user. It's front and centre. They explicitly install, and see which are there.
2 replies 0 retweets 0 likes
...and in our model users are always presented with UI when work happens on behalf of an origin, giving them control.
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.
& Web Standards TL; Blink API OWNER
Named PWAs w/
DMs open. Tweets my own; press@google.com for official comms.