diff --git a/blog/posts/pwa-vs-iwa.md b/blog/posts/pwa-vs-iwa.md index e62b7df4..f480f032 100644 --- a/blog/posts/pwa-vs-iwa.md +++ b/blog/posts/pwa-vs-iwa.md @@ -23,7 +23,7 @@ So why isn't every Electron app shipping as a PWA? The answer is an age-old prob ## Improving Web Apps -A typical native app is downloaded onto your computer from some kind of trusted place like an app store and only updates when the developers push an update out, and there's usually a process of checks and verification before that happens, like Apple's [App Review](https://developer.apple.com/distribute/app-review/) and the Google Play [review process](https://support.google.com/googleplay/android-developer/answer/9859455?hl=en). Plus it's much more difficult to only target a specific person, like someone with access to the servers that serve the HTML, CSS, and Javascript could do. Trying to push a malicious update to all users is more likely to get caught than a highly targeted attack. +A typical native app is downloaded onto your computer from some kind of trusted place like an app store and only receives updates when the developers push them out. Additionally, there's usually a process of checks and verification before that happens, like Apple's [App Review](https://developer.apple.com/distribute/app-review) and the Google Play [App Review](https://support.google.com/googleplay/android-developer/answer/9859455) process. In contrast to PWAs, with which the threat of an attacker with server access constantly looms, it's much more difficult to target a particular person. In other words, a malicious app update is much less likely to escape scrutiny than a highly targeted attack via compromised servers. Isolated Web Apps (IWA) build on the work done on PWAs and [Web Packaging](https://github.com/WICG/webpackage). They are a specification that allows web content to be distributed offline outside of a browser, much like a traditional app. It can be signed just like a regular app too, allowing you to verify that it came from the proper place and hasn't been modified. You could install an IWA from your favorite app store just like any other app and have the same security assurances. This would be incredibly useful in allowing for cross-platform E2EE web apps that don't need to trust a server every time you use them.