this post was submitted on 22 Aug 2024
66 points (82.4% liked)

Technology

58451 readers
6215 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
L3s@lemmy.world
enu@lemm.ee
L4s@lemmy.world
fry@fry.gs
L3s@fry.gs
enu@lemmy.world
L4s@fry.gs
66
Novel technique allows malicious apps to escape iOS and Android guardrails (arstechnica.com)
submitted 1 month ago by Xatolos@reddthat.com to c/technology@lemmy.world
13 comments fedilink hide all child comments
you are viewing a single comment's thread
view the rest of the comments
[–] Ghostalmedia@lemmy.world 6 points 1 month ago (1 children)

Mobile dev here.

I’ll play devil’s advocate. Android streamlined the PWA install experience a few years ago. You no longer need to drill into a menu and select an add to Home Screen option.

On one hand, have more users using a better mobile experience, but on the other hand, I now have a lot of users that think they installed the native app.

I don’t think the end user should need to care about my tech stack, but I could see how a malicious actor could dupe people with this newer streamlined PWA install flow. These malicious actors probably caught a lot less people with the old menu > add to Home Screen flow.

[–] WhatAmLemmy@lemmy.world 2 points 1 month ago* (last edited 1 month ago) (2 children)

That's not really playing devils advocate. You're correct. I was just highlighting the headline was disinformation. It's true that the average user isn't aware of the difference, but I would blame the OS for not making that explicit on install that this is a website and that authenticity should be triple checked. There's also nothing stopping them from "installing" PWA's via their app stores, except for their greed.

[–] trolololol@lemmy.world 1 points 1 month ago

There's also nothing stopping a malicious actor from putting a malicious app in the store, whether that is a wrapper on JavaScript or native code. So I don't see the distinction at all from having pwa or native apps barriers because they're all weak.

[–] Ghostalmedia@lemmy.world 1 points 1 month ago

I guess I’m saying that I didn’t think the headline was too bad. There is a new PWA install flow that’s widely available on Android now, and phishing via that new PWA install UX is potentially a new hot area. I’m not particularly offended by calling that novel. Just my 2¢