PWA sucks. Forced updates, no decentralisation, reliant on a browser to use, just a patch for those who didn't create an APK.
Jumble is a great client, and indeed the PWA is very good, but it's not ideal. I prefer to use it on the PC rather than on my phone as a nice client, but not a definitive one.
What do you think nostr:npub1syjmjy0dp62dhccq3g97fr87tngvpvzey08llyt6ul58m2zqpzps9wf6wl ? PWA sucks?
There are plenty of choices, and everyone can pick what they like. I also mostly just use Jumble on desktop, haha.
But I donβt really see the points you listed as disadvantages of PWAs:
- Forced updates mean an early client can quickly fix bugs and ship features. You might be worried about βmaliciousβ updates, but does an APK really solve that? How many people actually review Amethystβs source code, and even if they do, how many compile it themselves?
- Jumble is a purely static site and could even be deployed directly on nostr via https://nsite.run/ . If needed, Iβm sure someone would mirror it, itβs open source after all. Isnβt that actually more decentralized than an APK?
- Depending on the browser means Jumble runs anywhere a browser exists. An APK, in contrast, depends on Android and doesnβt easily run elsewhere.
Zapstore signing is something thatβs better in apkβs. PWAs rely on SSL certs that live on CDN or server: easier to hack when the code itself is not signed.
It's easy to wrap browser apps with tauri btw. Iris is on Zapstore, and I might try my luck with play store and ios app store one day. Why not have both options. I've grown a bit weary of cloudflare.
The real security is in keeping your keys safe and not signing events blindly, haha. When I use Jumble, every event (except AUTH) asks for my consent before itβs signed. I know that with this configuration, many apps become almost unusable.
Yes, many apps assume that as soon they detect an extension the sign is immediate, and miserably fall with some sort of timeout if the user take some seconds to approve (or didn't approve at all).
