Slashdot Mirror

← Back to Stories (view on slashdot.org)

Google Play Store Now Open For Progressive Web Apps (medium.com)

Posted by msmash on from the for-the-record dept.

Maximiliano Firtman: Chrome 72 for Android shipped the long-awaited Trusted Web Activity feature, which means we can now distribute PWAs in the Google Play Store! I played with the feature for a while, digging into the APIs and here you have a summary of what's going on, what to expect and how to use it today. Chrome 72 for Android is now shipping from the Play Store to all users and this version included Trusted Web Activity (TWA), that in a nutshell is a way to open Chrome in standalone mode (without any toolbar or Chrome UI) within the scope of our own native Android package. Let me start saying that the publishing process is not straightforward as it should be (such as "enter your URL" in the Play Console and it's done). It's also not a way to use the currently available WebAPK and publish it in the store. It's a Java API that communicates through services with Chrome and seem to be in the early stages, so there is a lot of manual work to do yet today.

22 of 49 comments (clear)

  1. More liberal bias by Anonymous Coward · · Score: 5, Funny

    What about the Conservative Web Apps?

    1. Re:More liberal bias by Merk42 · · Score: 1

      Those are the ones that use absolutely no JavaScript at all, just like all the best pages of the halcyon days of 90s Internet.

    2. Re:More liberal bias by RhettLivingston · · Score: 1

      Do you mean "books" or the more inclusive experience of "books + chair + lamp + reading glasses"?

  2. Google-free android? by Bradmont · · Score: 2

    Will these apps still run on de-googleled android distributions that don't include gapps? That is to say, will they work in other implementations of webviews, or will they be chrome-specific?

    1. Re:Google-free android? by Anonymous Coward · · Score: 1

      Will these apps still run on de-googleled android distributions that don't include gapps?

      Trusted Web Activity = Trusted by Google. By definition they will not be degoogled because <sarcasm> doing so would make Google distrust and block them. </sarcasm> the only reason that it's required in the first place is because Google decreed it so.

      There's no reason to require some trust anchor to load a predetermined web URL in a limited browser. Especially when said predetermined URL was installed by an app with a valid signature. This is just more security theater by the idiots at Google who think that they are doing everyone some favor by imposing even more useless restrictions on what Android can and cannot do.

      Case in point: The whole damn reason this exists is to allow for so called "web" apps (bookmarks with fancy labeling and custom input UIs) to be launched from the user's home screen without needing to ship a full browser with the APK. (I.e. It uses the device's built in browser in a special UI mode.) That makes said "app" take up MUCH less space in the device's storage, and removes the need for said "app" developers to keep the shipped browser updated. This is good for security all around. Much smaller attack surface, less maintenance required by the devs, less storage used up. Win - Win.

      But of course Google had to find some way to fuck this up, and fuck it up they did. Now to use the built in browser for this purpose and get your "app" on the Play Store, you have to include yet another useless trust anchor on top all of the other ones. It provides no extra security as the user has already installed the damn thing, which means there is absolutely nothing to prevent a malicious app from mimicking the "Trusted Web Activity" UI and luring the user into a false belief of safety. It creates extra headaches for developers as they have to make sure everything is "trusted." It gives Google yet another way to leverage app developers in the future, while simultaneously giving them political points with the clueless masses for "being tough on security." It also creates yet another way some clueless user can be taken advantage of should any exploits be found in the now larger attack surface. (More bureaucracy / code needed to support the additional trust anchors.) Also, can you say new DRM? $10.00 says such web apps will eventually find / get a way to use this for DRM purposes. (TLS client certs?)

      So, no this won't be degoogled. It exists because Google doesn't know what it's doing, and every other sane android distro despite supporting it for compatibility purposes, won't mandate such insane limits on their browsers.

    2. Re:Google-free android? by AmiMoJo · · Score: 1

      PWAs use a new "API" in Chrome, really just some basic hooks that tell it to open without the usual address bar and other controls. They are all published and available for other browsers to implement, which doesn't see to be a lot of work.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    3. Re:Google-free android? by doconnor · · Score: 1

      PWA has always worked in modern browers. This is just a new feature to allow users to find them in the Play Store. If you don't have the Play Store, it has no effect on you.

  3. In related news ... by fahrbot-bot · · Score: 1

    Flo is very pleased about this.

    --
    It must have been something you assimilated. . . .
  4. Dear Slashdot by 110010001000 · · Score: 4, Insightful

    You should probably mention what a "Progressive Web App" is in the summary.

    1. Re:Dear Slashdot by Aighearach · · Score: 1

      I'm hoping they were talking about Free Software or something.

      I get my apps from fdroid.

    2. Re:Dear Slashdot by Aighearach · · Score: 1

      My goodness, thanks but no thanks. Now that I know it is just the latest attempt at "push" apps, I'd like the 10 seconds I spent at wikipedia back.

      Ridiculing it without knowing what it was turns out to have been a good idea.

    3. Re:Dear Slashdot by Darinbob · · Score: 1

      I have been programming for a few decades, I work on software, firmware, hardware, and deal with many parts of the company. I fully read the summary, and had no clue what it was about. Didn't even sound like technology, sounded more like marketing.

    4. Re:Dear Slashdot by AmiMoJo · · Score: 4, Informative

      They are web sites for people who think they need an app.

      The rational is that users think they need an app, and go looking for one in the Play store. Rather than just go to Facebook.com, they think they have to have the Facebook app. So to save time and money, you can make a Facebook app that is just a wrapper for Facebook.com.

      Well, you could do that before, but now it's a bit more "native" and benefits from using the browser that is already loaded into memory etc.

      --
      const int one = 65536; (Silvermoon, Texture.cs)
      SJW, n: "Someone I don't like, and by the way I'm a fuckwit" - AC
    5. Re:Dear Slashdot by tepples · · Score: 1

      One difference is that ActiveX used native code, whereas Progressive Web Apps use JavaScript and/or WebAssembly with the Service Worker and IndexedDB APIs and the HTML DOM.

  5. Progressive != Liberal by Kunedog · · Score: 1

    It's the leftist bias in tech/media that's the problem.

    https://www.youtube.com/watch?...

    A liberal bias might actually be a good thing, as it would err on the side of free speech, and against totalitarianism.

  6. An app that's always on the web by AHuxley · · Score: 1

    and deep in the smart phone.
    Learn to code software for the smart phone.

    --
    Domestic spying is now "Benign Information Gathering"
    1. Re:An app that's always on the web by Aighearach · · Score: 1

      That's some smart code
      deep learning you on your phone
      always for the web

  7. A million monkeys coding by AndyKron · · Score: 1

    I'm reminded of the guy who had the obsession of using a calculator to add the number one to the total. He had boxes of calculator tape stashed all over his apartment and he knew where every one of them was.

  8. Re:Turn Off by phantomfive · · Score: 1

    How can WebAssembly be less secure than the actual ARM assembly that is allowed already in any app?

    --
    "First they came for the slanderers and i said nothing."
  9. Instruction sets differ by tepples · · Score: 1

    Good luck running native code when the instruction set of your device's CPU, such as ARM vs. MIPS vs. x86-64 (Atom) vs. RISC-V, differs from those of the devices in the app's developer's testing fleet.

  10. Re:Turn Off by doconnor · · Score: 1

    My PWA works without those things (although maps and a few other features don't work without Javascript.)

    https://www.transsee.ca/

  11. So why do these exists by DarkRookie2 · · Score: 1

    I like how Google is providing a solution that
    1. Is not needed.
    2. Is a fix for a problem they caused.
    You can write a simple HTML page without Googles help.
    Is this anything else except locking for displaying ads.

    --
    http://progressquest.com/spoltog.php?name=Son+Of+Son+Of+DarkRookie