If PWA is something like timechaincalendar, then I don’t think it’s as safe as the native app, unfortunately.
PWAs as Tools to Benefit Future Development of Nostr
In light of Apple's recent actions against Damus and the broader zap functionality, concerns are growing among the Nostr community and beyond (thank you, nostr:npub1sg6plzptd64u62a878hep2kev88swjh3tw00gjsfl8f237lmu63q0uf63m for highlighting this on the blue bird app).
As the pushback from traditional institutions - including tech companies, governments, and regulatory bodies - is likely to escalate, many are exploring viable alternatives. One of these, as recommended by nostr:npub1cmmswlckn82se7f2jeftl6ll4szlc6zzh8hrjyyfm9vm3t2afr7svqlr6f among others, is shifting towards Progressive Web Apps (PWAs). This strategy could help us break free from the limitations imposed by centralized app store authorities who dictate what can and cannot be incorporated into Nostr clients and other apps interacting with censorship-resistant protocols.
If you're new to the concept of PWAs, check out my brief overview: https://lnshort.it/pwa/
Discussion
What do you mean by safe?
PWA is simply a web app with special config for mobile browsers. Each PWA is as safe as the author creates it. Timechain Calendar is not the best reference for assessing “safety” of PWA’s as it is a purely client side data display site. There is no backend, no user accounts, nothing needing to be secured. There are plenty of other web apps that do all kinds of sensitive functionality and financial features quite securely.
Everything is fine with timechaincalendar! Great app and I use it all the time, thank you! I just gave it as an example as a PWA. It's fine for an app like this.
What I meant about security is that not all applications will be able to be implemented as PWAs from a security perspective. Especially those that work with users data and funds. Damus had a web version in the early days but it was shut down due to a vulnerability. That’s an example.
We've been talking about leaving Apple's app store for the last few days (I'm not in favor of that) and if PWA is presented as an alternative, then I don't agree with that statement. Maybe partly.
I still argue that a PWA does not mean worse security than a native app. There are all kinds of web apps that deal with fortunes of money and peoples most sensitive info. The security is a function of the engineers and software architects. Conversely native does not guarantee secure for the same exact reasons.