I am wondering why browsers don't provide a definitive way to determine if an app is running as a PWA or a website. What are the security risks behind this decision?
I know there are some unreliable workarounds like the ones below:
window.matchMedia('(display-mode: standalone)').matches – This method will break if you enable full screen on the PWA.
window.navigator.standalone || document.referrer.includes('android-app://') – These are for mobile and won't work on PC.
Can someone explain why this is the case and what the security risks, if any, are? Or is it simply that PWAs are not mature enough?
I read through Mozilla’s interpretation of “Progressive web apps” and I don’t really see what the fuss is all about because the rest of the world just calls them “web-apps”.
One may want to differentiate between Desktop web-apps and Internet web-apps but they’re still web-apps and I don’t see the point of adding “progressive” to their description.
But anyway, those of us who jumped early on the Node-Webkit bus were probably among the first; if not the first in the world, to release desktop web-apps thanks to the NW authors.
I don’t recall any other competing package at the time until Electron came out some time later.
As for how to tell them apart you can use:
and/or
…where you’ll find they always return something along the lines of...
…for Chromium based apps, and assuming the author has done the right thing and set their domain name to reflect the apps name to replace the randomly generated monstrosity.
Btw, is Mozilla and Google now trying to take ownership of something that was invented by others (NW is an IBM project) so they’ve invented a new name for it? :)
It wouldn’t be the first time just as they tried to take ownership of single file web pages that were invented by Microsoft (Web archives) decades ago, with the stupid name “Web Bundles”! :)