web apps are fine if you use them in a sandboxed environment https://f-droid.org/en/packages/com.tobykurien.webapps/

and when encrypted at rest (when you switch to another app even if it can be made that way)

What is not so much okay, is when you're executing in the same environment as this: https://www.cvedetails.com/vulnerability-list/vendor_id-1224/product_id-15031/opec-1/Google-Chrome.html

I'd prefer even if you didn't use the same device as something that has spyware such as this: https://www.shopify.com/enterprise/cross-device-ad-targeting

but I know there's only so much you can ask of the normie. Best practice in my view, would be to have a channel with a more secure device that funds the less secure device (in person, not automatically) when you're ready to spend.

But android with all the google spyware can do a decent job of sandboxing (even if you have to create a work profile for your sandboxed app), I don't know much about Apple though.

According to the CVE page for safari, very little has been found: https://www.cvedetails.com/vulnerability-list/vendor_id-49/product_id-2935/year-2023/Apple-Safari.html

Sometimes that just means there aren't many security researchers looking at the code though.

No it is not safe to let a browser touch your private keys! Ever!

The good news is that they don't need to. They can simply send a message to be signed.

For Nostr this is defined in NIP-46 and a number of signing apps are in development. Your Nostr PWA just needs a 'sign in' button, you can then choose (using a trusted app) which acount to log in with, and what permissions to grant.

Main argument against is that it's a lot harder to do well.

Interact is kind of vague. Generally the browser is a less secure environment than a mobile app, e.g. xss is real and very difficult to 100% mitigate.

the map isn't as accurate as native apps.

No.

But for the vast majority of apps that simply process generic data on the cloud, for example something like Uber, WhatsApp, etc, there's basically no difference between PWA and a native app. Actually many natives apps are simply a web view on a native wrapper. Note that you can even use a PWA offline after the initial download, if coded correctly.

But, if you start doing more interesting things like accessing the sensors, video processing, etc, then a PWA is more limited compared to a native app. The web view is just an extra layer that makes things a bit slower, and also there is some security added that doesn't allow access to some stuff.

For like 1% of the apps, you require it to be native for good results.

The problem is quite simple: you lose access to a huge audience.

All iPhone owners go directly to the App Store to search for an application. All Android owners go directly to the Google Play Store to search for an application. Open application stores have never been able to reach a sufficient level to represent a viable alternative to the Play Store on Android.

By only using a Progressive Web App, or by distributing your application outside the centralized Apple and Google circuits, you keep the power, but you'll have to do a huge amount of promotional work to hope for a similar audience.

However, you have to start sometime, just as Bitcoin started sometime and saw its market cap grow over time.

We need to start pulling apps out of these centralized stores to take all this power out of the hands of Google and Apple.

That's what decentralization is all about, but I think a lot of players will refuse to make the necessary initial efforts.

Why do I say this? Every time people from the cryptocurrency world are banned by YouTube, they cry foul and ask for help. They criticize Google for decentralization and start looking for alternative solutions. And then, as soon as Google gives them back access to their YouTube channel, these people start feeding YouTube again and become addicted.

When you tell these people that they need to move towards decentralized solutions, they tell you it's impossible, because these solutions are not financially sustainable... That's how Google and Apple keep baiting them.

At some point, you have to make an effort. Otherwise, these centralized giants will always retain their power!

It is as easy for Apple to censor PWAs on their platforms as it is for them to censor native apps. If any particular PWA gets popular on iOS because it could not get into the App Store, I will not be surprised if users end up seeing a message like this on their device the next time they try to open it:

I’m not convinced everyone even knows what a progressive web app is. I suggest folks do some research to get a better grasp (just like every topic related to Bitcoin :) )

𝐇𝗼𝐰𝐝𝐲 𝐝𝗼 ? 🤠 👋

Apps may be better for circumstances where an app may need to store sensitive info securely. For example, the hardware-backed keystore manages the decryption keys for encrypted app data. A PWA cannot interface to it and cannot store data there. I wouldn't trust putting any private keys in a web browser because of the reliance of servers.

Individual apps can also control permissions better than PWA's, as the permissions for the PWAs are given in browser while an app is OS-wide and independent.