The source clarifies that this only applies to websites run within the Safari browser.[1] PWAs added to the home screen aren't affected.
> As mentioned, the seven-day cap on script-writable storage is gated on "after seven days of Safari use without user interaction on the site." That is the case in Safari. Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer. We do not expect the first-party in such a web application to have its website data deleted.
If your web application does experience website data deletion, please let us know since we would consider it a serious bug. It is not the intention of Intelligent Tracking Prevention to delete website data for first parties in web applications.
It's not 7 days of non-use, it's seven days of application use without visiting the site.
Safari is one application, the homescreen app is a separate application. Presumably, all the alt browsers or WebView apps are separate applications as well.
Since you can't use a homescreen app without visiting the site, the 7 days of not visiting the site can't happen.
What if you visit a link within the home screen app that takes you to another domain? Presumably if you kept using it with ever returning to the original domain the clock would be ticking.
For "regular websites" (visited through Safari) it's 7 days where you use Safari, but don't visit the site. So if you go on vacation for a month and don't touch your computer, or if you switch completely to using Firefox for a month, localStorage will remain untouched.
I fail to see why you need to see a mention of "regular websites". The comment clarifies the situation of what occurs if a user goes on vacation or switches to another browser: nothing will be deleted, as Safari is not being used.
It’s a requirement that some time within the next seven days of app usage, the user interacts with the web app.
This might cause trouble if the web app is simply a list of timers which the user interacts with passively (map of earth showing day/night zones), but if there is any interaction at all the timer resets.
I'm not getting the semantics clear but wonder whether having the icon on the homescreen counts as "visiting" or whether suspending the app first day and reopening it the next day counts app-subjectively as "continuing day one" or "reopening immediately"
From their description, nothing. Seven days of use without visiting triggers deletion. Failing to satisfy either of those conditions (either by disuse of Safari, or by visiting the site within seven days) doesn't.
It sounds like there's a time bomb in safari web views just waiting to happen. The timer is supposed to be reset every time you open the app, so there won't ever be seven days of opening the app and not using it. But it sounds like the code path is just there, they just don't ever expect it to be hit because the timer _should_ reset every time the user opens the app.
I can't _wait_ to deploy an application where there is literally an "rm -rf" pointed at my users data, with a complex conditional blocking it. That makes it far to easy for a webview bug to nuke my users data.
This is shoddy engineering. Could you imagine a filesystem being implemented the same way? You would never include a code path in your "mount" logic the says "if ( some condition ) delete everything;" that would rightfully be viewed as a terrible idea and a disaster just waiting to happen.
I actually suspect the reason the codepath is still enabled is probably to do with third parties running in a PWA context. That said I don’t see how this is actually all that flimsy of a mechanism, it avoids needing a special case. As it is you can’t really count on browser local storage alone for long-term storage; the same is actually true for Android and iOS apps too, who lose all of their local data when they are deleted. (It is possible for at least Android apps to write data to other places like the SD card, but that is a totally different story imo.)
Honestly, if my data really matters, I don’t want it to be stored only in a single place. I can get the argument of wanting to have federated syncing, that would give the user freedom to choose where data syncs or doesn’t. But in my opinion you either care about the data or you don’t. Any data stored locally anywhere should be considered lost until proven otherwise. Like, drop your phone in a sewer, leave it in the wash accidentally, have it stolen, or even just have a different software bug obliterate your data and it’s gone. That’s the definition of fragility.
This mechanism failing is mostly theoretical, but having ones phone break is not; I would guess those of us who have been using smartphones for 10+ years have, by and large, all experienced data loss when storing data with no backup.
To relate to your statement, can you imagine if your data on Dropbox was stored on one harddrive, in one server, in one datacenter? Servers fail constantly. You can of course do whatever you want to improve reliability but without redundancy you are very much pissing in the wind.
On the note of “localStorage is temporary,” nothing in the spec defines how long localStorage persists, just that it is not bound to the session. In fact though, Safari already deletes localStorage when disk space is running low.
I am very much an advocate for folks being able to control their own data. I personally self host a lot and use a Synology NAS as my own backup for most things. But I think Safari would be wasting time to disable the counter entirely for PWAs. It doesn’t meaningfully change the likelihood that users will lose data. I think users often do want strong durability and privacy, and an API that n apps from needing to implement many remotes would be way more impactful. I’d love to tell an arbitrary notes app, “Go backup to this Synology NAS” without it needing to specifically support Synology NASes or for example, WebDAV. Put the provider on the clientside and you have a place to implement end-to-end encryption.
(Of course, Apple has iCloud backup, but I don’t think that covers your localStorage content anyways.)
> Honestly, if my data really matters, I don’t want it to be stored only in a single place.
That's all well and good except when you lose your emails that your wrote on the plane and didn't get a chance to send yet.
I'm not arguing that you should _never_ synchronize the data off the phone, but where I store data on my phone should be as robust as possible. So far I have never had my phone delete an application I had installed, but my browser loses local storage, cache, cookies, all the time. It is just not a robust storage location, and this new safari behaviour makes me trust it even less.
As a result, the web is continuously behind native apps for offline or semi-offline operation. There's no reason for that other than the shoddy engineering going in to web browsers, such as this recent addition to safari.
Web apps are unreliable for sure, but I think that is where PWAs should come in. The problem is there’s just not a ton of them today, and parity just isn’t there. That having been said, I’ve never lost local storage on a PWA in any OS so far...
Also I am not saying programs and browsers should not make a best effort to reliably persist data locally... just that robust local storage only really needs to be so robust, because any more robust and you might be fooled into relying on it.
I've lost localStorage on PWAs before. But that was a number of years ago when I was still bothering to develop them. I also lost data in appcache repeatedly, then service workers came along to fix that, because the browser vendors' strategy for broken implementations is to deprecate them with an even more complex standard that they will never finish. Then they can close your bugs against the old standard that they never finished implementing as WONTFIX and everyone gets a promotion for shipping.
Home screen web app data will be deleted onlY be deleted after 7 days of active use of that web app without any user interaction, which is nearly impossible. So the whole premise of the OP is false.
Suffice to say that the author of this blog post should have spent less time congratulating themselves and more time clearly explaining the impact of this change, to avoid scaring off developers and users.
Ok but OTOH Apple is not helping PWAs by hiding the "Add to home screen" in submenus and not having an official API to show a banner like Chrome has on Android.
Not having a way for web apps to communicate a call to action dramatically reduces engagement with this feature, no doubt. The only way I can see this from Apple's side is they see it as a feature for Safari users, not from the platform side for the web.
From Apple's standpoint, when you put yourself on the user's homescreen, that is a deep connection between that app and the user. Apple spends billions in each finding new ways to enhance and enrich that connection. IMO, their _belief_ is that building a native app to take advantage of all these rich and engaging ways is the best way to build deep connections with your (developer's) users.
Being an icon on the user's home screen is where deep connection begins, not ends. You might add a today widget, you might want to send notifications, you might want to add AR experiences. You might want a Tablet experience and allow hand off between these devices. Apple is invested in becoming a deep level of importance in a user's life. They want to share as large of surface area with 3rd party developers as they can. It would be irresponsible to promote an API that made developers have to start from scratch when they decide they want to go deeper.
"Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer."
But said timer... does nothing? Why does it exist?
Presumably because WebView is available to other applications besides Safari and pinned sites, and they want to offer the same privacy guarantees to users for WebViews in apps as for Safari. Adding an exception for pinned apps is unnecessary because it's impossible to meet the criteria for deletion.
Good luck getting your app added to the home screen. It only works through safari, so chrome or firefox users are ruled out, and it's hidden under some "bookmark" or "share" menu that is too difficult to discover.
The issue is that if you're using the Firefox or Chrome apps (which are the same rendering engine underneath), they aren't allowed to implement the "add to home screen" action in their UI.
That's a relief. We've built our business on our PWA, which also has an offline mode. It would be annoying if we had to adjust it for (yet another) Safari quirk.
I hope not. Apple has had substandard support for modern web technologies in Safari for a long time, to the point where it is often referred to in the industry as the new IE. We've had enough of browsers breaking things that used to work in the name of false progress. Time for the grown-ups to take a careful look and see this for what it is.
You realize that custom, new, cutting-edge APIs (can you imagine the web without xhr?) was what made IE into the IE we talk about. Some they got right, some they got wrong, some were way too tied into IE’s parent’s ecosystem (sound familiar, AMP?). It’s once it stopped getting updated that it became a problem, as no one else had or planned to have some of its stuff, resulting in it being an oddball. Chrome fits the first half of that profile far more than any other browser these days, it’s just that WHATWG being a “living standard” has enabled it to “standardize” any new idea that comes along (other browsers do this too, but not nearly as much as Chrome).
The point is that slowness to adopt new standards wasn’t exactly what made IE into the the IE we all hated; it was going off on tangents without consulting anybody too often that left it out on an island with custom versions of so many things. Fortunately it doesn’t seem like Google is going to lose interest on Chrome anytime soon.
It's not only custom cutting-edge APIs, there's a lot of common stuff which is broken in Safari, that's also why it's referred as the new IE. I personally had issues with forms, clicks, svgs, selects... It's really broken in many ways.
Chrome is the new IE in the embrace-and-extend sense (the early IE that won the browser war).
Safari is the new IE in the stagnating, not supporting new functionality, not fixing long-standing bugs sense (that same early IE several years later).
Neither of these is a good thing or to be encouraged.
Please don't get me started on the oxymoron that is "living standards". I think that idea is responsible for a great deal of what has gone wrong with the web ecosystem in recent years.
Would you also take gradually losing access to other modern web standards apps rely on as time goes on until the only realistic option we have for building, deploying, and consuming apps are the walled gardens controlled by 2 corporations who have arbitrary rules on who can and can't participate, freely stifling innovation/competition as their interests dictate, and taking a more and more outrageous cut of all economic activity on the platform?
That's where this is going.
> "first they came for localStorage and I did nothing"
How does something like allowing data to be stored by a web app that isn't even being used for more than a week cause your laptop to lose 30 minutes of battery life?
It doesn't as the two have no connections whatsoever. The point was that Safari is the most battery efficient browser overall on MacOS, so they're willing to put up with sub-standard support for web standards if their battery lasts longer.
I'm sure it will be a great comfort of them to not be able to use their computer for useful things for a bit longer before they have to plug it in. :-)
As an end user, I love it. I regret that it's making some things harder for legitimate developers, but love that it's making it harder for the assholes who keep trying to ruin the web.
If there is, as they say, a dedicated counter on those home screen applications, what is the threshold? Will home page PWA apps not used often (say, for infrequent uses like travel) have first party data deleted after the icon isn’t clicked for some time? This is highly unclear and confusing.
How about pinned sites that have not been accessed for > 7 days? I neither use the app nor visited the site for e.g. 2 weeks.. what will happen to e data for e pinned site? Apple is being vague here.
One of the criteria for deletion is accessing the app for 7 days. If you don't access the app for 7 days, it doesn't meet the criteria and won't trigger deletion. It's poorly worded, but it's not vague.
> "Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer."
What exactly does that mean? So you use the app for seven (perhaps non-consecutive) days, and now all third parties that haven't been, uh, interacted with, get their data wiped - but not the the first party, because that has been interacted with, by virtue of the PWA being launched in the first place?
As the article has been updated to say, "installing" a PWA to the home screen is an optional step that many people prefer not to do in favor of bookmarks or the address bar or the new tab page or whatever.
But it's no surprise that Apple would want to impose an "install" step on the web to prevent it from looking more attractive than the App Store.
> But it's no surprise that Apple would want to impose an "install" step on the web
The FUD here is getting out of control. "PWAs", that Google pioneered, are all about having an ‘install step’ to put the "web apps" on your home screen. https://web.dev/customize-install/
No, they are about safely adding capabilities to the web that native apps have. Home screen icons are only one of those capabilities, and not the most important.
PWA is in fact a corporate born, bred and sponsored definition created to push and promote an _arbitrary_ set of Chrome features. It was an attempt to build momentum towards a vision for the web where browsers can run "open" apps. Unfortunately visions don't die, and thus the term lives on. Sigh.
It is no surprise because the whole point of keeping storage around is because you intend to come back. Pinning a website to a homescreen is clear intent. Having a tab or a bookmark does not make that clear. I have tabs and bookmarks open that I haven't visited in years. Thankfully Safari now kills tabs that haven't been touched within X time frame.
"impose" is the wrong word. I think you mean they are "trying to understand you and do the best thing"
It's kind of a nightmare due to both Google and Apple messing things up.
PWAs could be an amazing platform but both companies are really messing it up.
Apple is trying to kill them by giving plausible explanations as to why they can't have PWAs. Security this, blah blah blah. There's no reason they can't have PWAs work well in Safari other than they want you to port your app to the App Store and get locked into their native APIs.
Google's problem is, well, they're Google. Meaning things are somewhat incoherent, docs are all over the place, they start new initiatives then abandon them half way, etc.
Consumers are another problem. They have no understanding of PWAs and they go to the app store, don't find us, and then complain we don't have an app..
The plan now is to use Google TWAs and port our PWA to Android.
We're going to do the same thing to Apple after we do the Android release BUT I think there's a 50% chance that apple will just flat out block us.
I think we might have a chance of getting around it if we use mobile gestures properly, use platform specific APIs like the camera, audio, and GPS that aren't on web and try to really integrate into the platform properly.
For example, they have an API to detect dark mode now. IF that's on we're just going to magically enable our dark mode in our app.
I tried using your app on an iPhone (with Add to Home Screen).
- If I press the settings gear, the text on the settings page is about twice as wide as the screen, requiring horizontal scrolling.
- On the front page, if I open the color picker, it's partially offscreen.
- On all pages, if I do a scroll gesture in the wrong direction, it scrolls the entire UI rather than just the scrollable part. Admittedly, iOS has long made this hard to avoid without hacky JavaScript, but it's been doable, and it's much easier now [1].
- The hamburger button on the left opens a modal view that covers all of the screen but a small margin on the right, making it unreasonably hard to exit.
- If I try to create a tag or folder, the name prompt appears under the other modal view and is improperly sized.
- Oh, and the UI looks thoroughly non-native, e.g. Google-style floating action button, UI not covering the status bar, bottom tab buttons too short, etc. The animations are also haphazard.
My point is not just to nitpick. It's just that while I sympathize with the idea of PWAs in principle, almost every single time I see someone talk about theirs, the PWA in question has immediately obvious glaring UI defects that have nothing to do with browser limitations, and leave it far below the standard of a good native app, or even a bad one. I honestly don't know why this is, but experiencing it over and over makes it hard for me to care about PWAs.
There are some fantastic PWAs out there. Twitter is the one I use most regularly.
I think one of the reasons we see a lot of less-polished PWAs is that the idea of the PWA appeals to businesses at certain stages. Larger shops can afford to ship native binaries to more than one platform, but a smaller operation can't. PWAs are presumably tempting to those types of product teams: you get multi-platform reach while truly only writing for the web. The fact that their UIs have rough edges are probably a result of having an MVP-stage product.
Is Twitter really a PWA or just a nicely done responsive website? At this point the boundary is a unclear.
Beside Twitter rely on server side storage and pretty much only store session token in the PWA "local storage" (largely speaking).
And as a user I rather installed iOS native App to keep finer grained control on permissions. (I also use multi accounts not sure the PWA Handel that?)
It is absolutely a PWA, and an excellent one at that. You can add it to your home screen on the desktop and mobile platforms that support it; they have all the trappings of a native application including notifications support, background refresh, etc.
This highlights a longstanding issue of PWA definition and how to position it against modern web practices and features. What is a PWA? Why is it even a thing?
Why enclose PWA in quotes? Just curious. I use Twitter's PWA weekly on more than one platform and it works great for me, but that's just one person's opinion. I prefer it over their native clients for a lot of reasons, but the main value-add is that I don't have to give Twitter access to detailed information about my system while still using a full-featured, first-party client.
It's twitter's mobile site that they extended to cover both desktop and PWA. As a result, it's quite bad on all fronts and judging by the number of bugs that are lingering with no fixes, abandoned. At least they managed to almost fix the epileptic scroll position [1]
> I don't have to give Twitter access to detailed information about my system while still using a full-featured, first-party client.
Yes, this is, without a doubt, the best value-proposition of PWAs.
Are you sure that's not a catch-22? The reason you've not seen any good PWAs is because the ecosystem doesn't exist for making good PWAs, which doesn't exist because there aren't any good PWAs. Any sane technologist is going to look at the shortcomings of PWAs, and choose a different technology to build their app. Choose boring technology[0], and unless your product is a PWA toolkit, the app UI library isn't the place to get creative.
The single issue with PWAs, on iOS, is how do I add a PWA app to the home screen? I go to the app store and search... and your app isn't there. As developers we innately understand why that's so, but our users don't and shouldn't need to understand the difference.
Hi there, I'm the product manager for PWAs on the Chrome team.
Very interested in hearing about pain points you've had building out PWAs, especially if there's features you were keen on that haven't been released. Easiest way to reach me is on Twitter: https://twitter.com/b1tr0t
Fully agree with you that docs are all over the place. We've started to consolidate docs under web.dev, and the PWA section launched recently (https://web.dev/progressive-web-apps). Consolidating and adding docs is an active area of investment, and our goal is to create a well lit path for developers to succeed with PWAs.
was way too complicated as a first example, if all I wanted to know was how to make my app installable and is also broken as it uses some outdated tools. (don't remember the details)
Also, it could have been mentioned somewhere, that when you serve from localhost, you do not need SSL to install it. Knowing that, would have saved me the trouble of messing with apaches config and certificates.
So that was very frustrating as a start.
Much more helpful was a very simple hello world pwa which was barely installable. But it worked. And from there it was easy.
Thanks for the feedback! This is now the reference "first PWA" example: https://web.dev/codelab-make-installable. Let me know if you find it easier for new devs to get started with. The other codelab and a lot of other scattered content will be removed once we finish the migration to web.dev.
Please consider contributing to MDN. It's the best source for web development and it would be great to keep everything there, properly cross-referenced, etc.
The statement from b1tr0t directly refute that Google is contributing to MDN, as they put it: "Fully agree with you that docs are all over the place. We've started to consolidate docs under web.dev". As far as I know, web.dev is not MDN and has nothing to do with MDN.
As another user mentioned, we do contribute to MDN. MDN is where we point devs for reference documentation. web.dev is for guides, how to's and other support docs.
Heh, you're asking a googler who's basically responsible for some of the actions Google is taking with Chrome, trying to make the web only browseable via Chrome and centralizing information under their own Google brand, to contribute to a cross-company/community effort (Mozilla + Microsoft + open source hackers)? While noble, I can only wish you good luck.
I think the sail has long sailed for asking Chrome/Google to help out with the openness/sharing on the web/internet. It's time we just start ignoring them instead.
Just want to note that you specifically mentioned Microsoft working with open source hackers in this comment saying that the ship has long since sailed on Chrome/Google contributing to the open web.
I don't know, never say never I guess. I'm certainly not going to defend Google's track record on openness and privacy -- there have been, under even the most generous of interpretations, huge missteps, and I don't think they deserve the benefit of the doubt -- but they do contribute. Edge backed by Chromium?
Reading that announcement makes b1tr0t's statement "We've started to consolidate docs under web.dev" even worse, as they previously said they are gonna contribute to MDN, but now they have turned and use their own shit anyways.
Just so understand correctly, you're contributing reference documentation to MDN but then everything else goes into web.dev? Why not contribute the "guides and other supporting documentation" to MDN as well?
As I understand, the Product Advisory Board for MDN was created with Mozilla + others in order to combat the fragmentation of information, but your actions seems to do the opposite.
More background services would be very nice even though it's a bit of a security nightmare. A request was opened almost 5 years ago for background geolocation services.
I don't want Google or central authorities to decide which PWAs are "trustworthy" directly to ask for certain permissions but there could be a way or compromise. I don't remember which feature it was but it required yes from Google.
I really want the first screen after installing PWAs to be their privacy policy or detailing which permissions/how they use them. It should be mandatory and important or may show a default screen with permissions and few dangerous ways they can be used for.
Background geo, including geofencing is challenging, but there may be a way forward. We're exploring this conceptually, but it's not in the plan for 2020. I'd certainly like to be able to improve the capabilities of web based ride sharing and similar apps that have a need for this.
Bluetooth discovery is an especially thorny area from a privacy perspective. What use cases did you have in mind?
Asking for permissions upfront has been found to be an anti-pattern in systems UXR. Research has found that users make better decisions and find the experience less interruptive when permissions are requested in context at runtime. For example, in a video chat app, it's better to ask for the camera/mic permission at the start of the first chat session, not when the app first starts. Mac OS, Android etc. and other platforms have all been moving in this direction over the past few years.
When the permission is requested, we're investigating ways that we can do more to communicate permission risks to the user. Nothing publicly shareable yet, but do expect experiments to be showing up in dev channels over the next few months while we try new things.
Regarding your point on consumers, we put our PWA/TWA into the app store (for the reason you outlined) - and now get a raft of negative reviews that the TWA is the same as the mobile site... Which is frustrating, because that's the point.
Making it clear why a TWA is in the app store is hard in itself. Trying to explain why it's better for consumers over a native app + mobile site is even harder.
As an iOS and Android developer myself, this doesn't effect me but I still think Apple and Google making things harder for PWA is bad because Apple and Google are the gate keepers for what goes on their native app stores. I can cut some slack for Google as they at least allow third party app stores but Apple doesn't.
Either Apple should stop being the gate keeper or stop making life harder for web devs.
Maybe Apple could offer a compromise and allow users to sideload apps, but restrict non-App Store apps from accessing the file system or any kind of personal identification (like location etc.)
And improve their documentation to lower the barriers to native development.
I wouldn't attribute it to laziness. Quality can really suffer when you need to maintain so many code bases. Not all teams have those kinds of resources.
Perhaps Electron/PWA should be seen as a last resort, not the norm, reserved for exactly such a situation: when you don’t have the resources to build native for all platforms.
Hiring aside, it’s probably simpler than attempting to reconcile souped up document viewers with contemporary expectations of “apps”, iOS and Android being purposefully built for the task and all.
Having done native Android/iOS and web dev, web dev is much easier than Android and at least on par/if not easier than iOS.
There's a bunch of very complex web/electron apps that disprove the idea that the web is only for static documentation and web-inspired ideas are coming to mobile (React --> Jetpack Compose/Swift UI).
More importantly, hiring can't be put aside, and it's much easier to adapt your web app to work for mobile (since websites should be screen size agnostic anyway) than it is to build a fully native app from scratch.
Makes sense, they want you to create native apps so they can collect their rent, and also dictate what is in, what is out, and control searching of apps.
> There's no reason they can't have PWAs work well in Safari other than they want you to port your app to the App Store and get locked into their native APIs.
Is it possible they also want you to port your app to the App Store to prevent an explosion of garbage and malware that could happen if PWAs really took off?
There is absolutely no reason that PWAs can't be sandboxed like native apps, or even more aggressively. In fact, native apps are more likely to be spyware, as they can collect much more information from the user than a browser-based app can.
Native apps ostensibly go through review so that Apple can flag malfeasant behavior that is nonetheless allowed by the sandbox. Think things like a $999 purchase request that pops up on app launch (Yes, I know Apple isn’t that great at this. But that’s the argument that they use for review.)
Yes, they are[1]. The GPL is incompatible with the App Store terms and if Apple is aware that an app uses GPL software, they will reject or remove it from the App Store.
That link is from 2011, and the referenced verbiage is nowhere to be found in the App Store terms. I believe that the current terms leave the App Store open to GPL software. Also, Apple will only remove software if you notify them of copyright infringement; it's not their job to preemptively perform licensing enforcement.
> Also, Apple will only remove software if you notify them of copyright infringement; it's not their job to preemptively perform licensing enforcement.
Developers of GPL software have had different experiences with Apple than what you're asserting. There is a direct incentive for Apple to police licensing incompatibilities if they are profiting from illegal distribution of GPL software on their platform.
I tend to think of this as reaction to GPL FUD; I know some people who have these so they never have to actually figure out the answer to this question.
I seriously doubt that. It's a lot more difficult to do horrible things with PWAs than it is with native apps. Apple has a history of doing everything they can to keep people inside their walled garden and this is just another instance of that.
I really appreciate this link. I would have never seen this otherwise. It's kind of a disappointment for us on the enterprise side. Our main offering is an offline app where people are disconnected from the internet for weeks and we use localStorage to validate who they are. It's a bit vague about how this affects apps that don't use safari. Nevertheless, we might have to start to really think about the user experience here now that this update is out.
To be honest, HTML5 LocalStorage was always different on iOS when compared to other platforms. The iOS browser localstorage is stored in /caches so it is cleaned when the device goes low on disk space. I found out the hard way, had a cordova app which ran on Android and iOS (and web) and saved an account token in LocalStorage. Some iOS users kept on getting logged out, mostly users with smaller size iPhones!
Now we store the account token in iOS keyring and that works.
Sure! In a PWA, storing login tokens in the keyring would not be possible. So as I said, on iOS the localstorage (and cookies) would be cleared in low disk space conditions anyway. So the PWA experience was already not good!
You want all your important apps to migrate to a platform where their data is all tucked away in inscrutable filesystem locations that don't expire ever?
With all due respect, this comes off as apologizing for Apple's disagreeable design choice.
If anything, it should be on Apple and the browser vendors to make local storage more useful by default, not less useful. Your suggestions might as well be aimed at browser vendors, who could conceivably offer user friendly controls for local storage (e.g. import/export without the dev panel). But as is usually the case each of the browser vendors has these little annoying ways that they cripple the browser to protect their business models. Apple is no exception to this. Look at how they've hampered the WebGPU process. Look at the history of their PWA support.
I strongly oppose Apple's anti-consumer practices in their App Store policy, PWA policy (non-existent) and similar places. I just believe this (localStorage policy) is not one of those cases.
Agreeing with Apple's disagreeable design choices isn't an apology, it's an honest opinion. If these choices are disagreeable, which I believe they are, they must be also agreeable by definition.
There's one simple thing that Apple could do. Do not delete local data if user bookmarked page from that website (or pinned it to home screen for mobile devices). Now bookmarked website treated like an "app" with slightly less restrictions and some random website data will be eventually purged (although I believe that 7 days should be extended to few months).
I don't think that web tracking must be fought at expense of user UI. It's fine to fight web tracking by introducing measures that don't break honest websites. It's not fine to fight web tracking or anything by crippling user experience with honest websites.
But most apps cannot be used offline at all, and instead they use localstorage as another place that can store tracking cookie.
So as a user, I fully support this change, because there should not be a loophole like this.
Localstorage is limited to a domain, a common security model in the browser also used by cookies, and prevents cross-origin leaks... (unless a developer volunteers to expose the data via postmessage whose destination can also be limited to specific origins).
This is also why it is important to load your apps JS on your domain or same-origin and not offloaded to a 3rd party server which you might not control (libraries like jQuery CDNs and whatnot are still a minor risk, particularly from a privacy perspective, but not as bad, although I never saw the point with the large variety of versions).
This is also about IndexedDB. Imagine native apps had all their data wiped if you don't open them (with an active internet connection) every 7 days. Not just on an iPhone, but also on macOS.
Apple is actively refusing to implement the standard for installable webapps (PWA). So, Apple is intentionally crippling a feature on the grounds of privacy with no possible remedy.
This decision comes from an actor that is protecting their business interests. It might have some positive side-effect for some users, and of course Apple will spin it that way. But in the end Apple is very agressively hampering the web's progress to get their sweet 30% cut.
Note that Apple does support PWA to some degree. My understanding is that they don't support onbeforeinstallprompt, which means you can't create an ergonomic, in-browser installation flow. You have to manually go in the browser menu to find an "Add to Homescreen" button, or something along those lines.
Installation of web app performed by bookmarking it or by pinning it to home screen. That's performed by explicit user decision and must be honored by browser if it wants to make a distinction between random website and useful website.
Not sure about pinning, but bookmarking should not grant any extra rights. Even the useful websites should not be able to track me forever.
Look, we already have lots of website prompts, like camera and location. The best thing, privacy-wise, would be an explicit prompt: "this website wants to store information, possibly including tracking identifiers, forever. Allow?"
This impacts an app I've built for reading academic papers but I imagine the work around here is to write to a file periodically and then load the file in if you don't detect indexedDB having the data you think it should. Obviously this has error cases all its own and makes it more difficult to manage but it doesn't seem like Apple is killing it to me, just making us jump through hoops and add extra complexity. Don't mistake me though this seems like an anti-competitive move from them to prevent people from circumventing the app store.
I apologise for being rude, but IMO you didn't build an app, you built a web page. Web pages are things people look at one time or maybe many times, but they are just web pages that exist in a web browser for the lifetime of the tab they're in, and then they're gone. They shouldn't expect to have any persistent storage from the browser, and if the browser does make small affordances for storage, it's not reasonable to have that persist indefinitely.
Apps are bundles of code/assets that people choose to install on a computer because they want to use them over time to do something. They have a clear lifecycle of installation and deletion that the user has complete control over.
I know the web app, PWA, offline app, etc. stuff is very popular, but it will never be as good as native apps, and it creates an expectation that every browser will expand its functionality until it is effectively a full operating system.
I think the only reasonable case for the web-as-app model, is things that get installed to the home screen, in the sense that the user is then again given control of the lifecycle, but I would still honestly prefer that people just write a native application.
I really liked the web when it was just documents.
> you didn't build an app, you built a web page
"Progressive web apps use modern web APIs"
The word application is there twice. I don't have to like it.
> they are just web pages that exist in a web browser for the lifetime of the tab they're in
Evidently not. My opinion doesn't matter.
> They shouldn't expect to have any persistent storage
2016 "With Chrome 52, we're introducing the ability to make storage persistent"
> ...a clear lifecycle of installation and deletion that the user has complete control over.
I've never asked for 7 days
> it will never be as good as native apps
I don't develop anything for walled gardens. I cant wait for my linux phone.
> it creates an expectation that every browser will expand its functionality until it is effectively a full operating system.
This already happened. Again, I don't have to like it.
> I think the only reasonable case for the web-as-app model, is things that get installed to the home screen, in the sense that the user is then again given control of the lifecycle
But the user isn't given control over the life cycle. It's 7 days. No one asked for 7 days. It's just about short enough to be completely worthless?
I propose an interface where the pwa provides a picture of a cartoon animal, have fire at the bottom of the screen and each creature tumbling down at its chosen speed. Some 1 day, some 30, some 6 months. The user can opt to drag it up to save it. Notify the user with a soft screaming sound.
> have the user export to / import from a local file.
Exporting to local files does not work on iOS if the app has been saved to the home screen (it does work if it's loaded as a normal web page). This is likely a bug, but that's the way it is right now.
Cool, so now my movie library app has to host terabytes worth of movies and deal with copyright laws, just because Apple assumes that anyone using IndexedDB must have malicious intent.
Would make our app non functional for users who have limited internet and also a huge burden of responsibility to store their data securely. We’ve always avoided hosting data as that’s a completely different ballgame.
The original comment referenced an app where the users are offline for weeks at a time. Storing data on a server is not really possible in this use case.
Yeah I've got a lot of users with very shaky internet and intermittent involvement with a given application (not using it for a month, more). This presents some serious challenges / impossibilities for those user's use of a web app when they're not online.
I hope they come up with some good options as this news settles. It's hard to see this as anything but even just a accidental push ('well you should always have written an app for the app store') to force folks to write a native app / participate in the app store.
If you're using Cordova or Capacitor this is why, at Ionic, we recommend never using localStorage for storing important data. Better to use an explicit filesystem storage solution like SQLite.
Yeah, as far as I understand, cookies is the only storage method that will be left to use for long-term storage of user data. If I'm wrong, someone please correct me.
Edit: getting downvoted without any reasoning provided, so I assume I'm incorrect, there are more/less ways of storing data in the future for Safari users?
Cookies can either be set in HTTP responses or through the document.cookie API, the latter sometimes referred to as client-side cookies. With ITP 2.1, all persistent client-side cookies, i.e. persistent cookies created through document.cookie, are capped to a seven day expiry.
Indexed DB, LocalStorage, Media keys, SessionStorage, Service Worker registrations
Since cookies are not mentioned, I'm assuming it's NOT affected by the 7 day cap but will instead continue to work as normal (except for the fact that 3rd party cookies will stop working, which is a Good Thing)
Does this mean I'll soon be setting up an dummy "cookie maker" endpoint on my server that turns XHR body data into HTTPS cookie data as a workaround? :/
Technically, when you update it via js you're overwriting the existing cookie with a new one. And, from my understanding, it's then subject to the same restrictions as any other cookie set client side.
So in order to have a long-lived cookie, you essentially need to treat them as read-only client side, and push any and all update/write logic to the server such that it'll return a set-cookie header with any changes you require.
great, sounds like we‘ll get to consent to storing cookies more frequently - everybody loves these banners. there’s even more fun to be had, thanks to GDPR dialogs with 73 nested toggles.
Users are using other than macOS/iOS devices too. Most of them are not willing to pay extra for native app that runs on only one of the platforms used.
The issue is elsewhere: you need to pay your developers to develop the second app. You would most probably need to bring in one more team, for each native platform.
Will you get new users from that? If yes, they will pay for that (in principle). If not, just some existing users would migrate? Then you just increased your cost without increasing your revenues. So you would need to gain enough new users to make it worthwhile.
* * *
In a nutshell, it is the same reason why Adobe won't port their apps to Linux. They already have all the users that need their software, and while it would be nice for some of their users to migrate, it won't bring anything to Adobe.
You don't need a dedicated developer to ship a WebView app. That's the whole selling point behind tech like Cordova. Most of your code can stay the same and most likely all of it will stay Javascript (or whatever you are transpiling to it).
Again, if you are actually affected by this issue right now, you have a web app that is more or less trivially ported to a web view app. Your user don't have to migrate, they already have accounts, they just need to download the app again, this time from the App Store.
> In a nutshell, it is the same reason why Adobe won't port their apps to Linux.
Linux is a non-market for Adobe apps. On the other hand, if you have an offline PWA right now, you most likely already have iOS users that you would probably lose if you start confronting them with this "7 days and your data is gone" bullshit.
Why is nobody mentioning that distribution of apps is behind apple's doors and they can stop you from distributing anything they don't like or want for any reason?
On android, you can side load apps. On iOS, you can't.
You have to pay 30% cut if you are doing payments.
You have to adhere to their reviews and design guidelines. Which is OK but not ok if you are a small team and your users are fine with somewhat lacking app.
This is really in response to the irresponsible use of APIs for trackers. Evercookie is a stunning example of how far it can go... From their repo:
- Standard HTTP Cookies
- Flash Local Shared Objects
- Silverlight Isolated Storage
- CSS History Knocking
- Storing cookies in HTTP ETags (Backend server required)
- Storing cookies in Web cache (Backend server required)
- HTTP Strict Transport Security (HSTS) Pinning (works in Incognito mode)
- window.name caching
- Internet Explorer userData storage
- HTML5 Session Storage
- HTML5 Local Storage
- HTML5 Global Storage
- HTML5 Database Storage via SQLite
- HTML5 Canvas - Cookie values stored in RGB data of auto-generated, force-cached PNG images (Backend server required)
- HTML5 IndexedDB
- Java JNLP PersistenceService
- Java exploit CVE-2013-0422 - Attempts to escape the applet sandbox and write cookie data directly to the user's hard drive.
In short, everything and more can be used for tracking, and that has really killed the party for the many people who have created responsible, useful applications of these browser APIs.
It's really in response to a confused, ad-hoc web privacy model that has never been designed and is simply incrementally patched over time in response to complaints from an equally confused, directionless and visionless 'privacy warrior' subculture.
Mobile apps suffer these kinds of problems far less, partly because it's understood that actually mobile users don't install apps then get upset about "tracking", in fact, the vast majority of apps will want you to sign in to some sort of account and those that don't will be using ad networks to fund themselves, that users understand and accept this and that throwing up permissions screens doesn't achieve much because users will typically grant the permissions. Privacy on mobile platforms is more about stopping activity the average user would recognise as illegitimate spying - turning on cameras and microphones to feed conversations to angry ex-girlfriends, that sort of thing.
If the web's architecture had some sort of coherent view on how the tension between users, content providers and advertisers should work, then we wouldn't see this steady endless churn of app-breaking API changes. Everyone would know the rules of the road and there'd be way less tension as a result. Mobile platforms aren't quite there because they were designed with security architectures that were then pressed into service as ad-hoc privacy architectures, but they're still far more coherent on the topic than the web.
“... abusing over a dozen technologies...” is this a proof-of-concept or a real thing
? It just seems too horrendous to be real.
I think your comment really hits the nail on the head, IMHO the frustration shouldn’t be directed toward Apple but more toward the groups who have pushed the tracking practice so far to necessitate such draconian measures.
This is 100% correct. Being upset at Apple here is exactly like publishers whining about ad blockers when they should direct their frustration and anger directly at the ad creators (or themselves) for foolishly abusing their audience.
No, the two are different. Ads are only used for ads. localStorage has lots of uses, tracking users being only one of them. Apple is throwing out the baby with the bath water. Ad blockers merely throw out bath water with varying levels of dirtiness.
This is real, but also not new (as you can tell from the name check on Flash, Silverlight and IE). They used to be called "supercookies", but that term has come to mean something else in the last few years.
You could permissionwall that stuff, just like iOS asks for permissions to ask your location. If a random website wants to mess with Local Storage I know that I need to turn around.
I’m guessing that Apple will start hindering web apps because the new mouse support in iPadOS is going to be such a boon to web apps. Because of sandboxing, web apps are the only cross-platform apps that can run in their full versions on iPadOS. I wrote a quick summary of the situation[0].
Therefore, since native apps are more of a platform differentiator than web apps, moving forward we can expect Apple to start systemically hindering web apps, especially on ones that are good on iPadOS, in order to boost native apps.
(I’m not saying this necessarily the start of this, but I am saying I'm not surprised. This is exactly the type change, targeting the exact type of app I’d expect to be targeted.)
> I’m guessing that Apple will start hindering web apps because the new mouse support in iPadOS is going to be such a boon to web apps.
As a web developer, I've never believed Apple has hindered web development on their platform, purposefully or not. They just don't spend their resources adding in WebBluetooth or whatever new API-of-the-day Google has decided to come up with.
As I see it, their focus is on the user, which is why they've been slow to adopt APIs that are privacy concerns, or drain battery, or have other negative implications.
That’s a very rosy way of looking at it. iOS has had bugs with its “add to home screen” webapps that kicked around literally for years. If they were being “user first” they’d support it fully or not support it at all. Instead they implemented then neglected it.
The bugs in Apple's software, whether in web or native or in documentation are not part of some nefarious plot, its just a part of Apple's mismanagement and relatively minimal resources.
Uh, they're the most well capitalized corporation in the world (or hovering in the top 3 plus or minus a few quarters). They have the resources to make it work if they wanted. There are undoubtedly thousands of engineers, hundreds of managers, and at least a handful of execs, working for Apple, lurking in this HN thread today, not because they're unaware of their ongoing sabotage of web standards on iOS, but because they're completely aware of it and want to take the temperature on how their latest kick to the shins of PWAs is going over.
I’m fully aware of how much cash Apple has, but they’re known for having very relatively small software teams looking after whatever app needs updating that release.
I wouldn’t be surprised if Safari/WebKit was one of the larger teams within Apple dedicated to a single app.
Probably because Apple giving a crap about web apps was depreciated with the release of iPhone OS 2.0 and the App Store over a decade ago. I'd bet few users even use the "add to home screen" button outside of corporate environments that want to add a shortcut to internal sites.
Until a recent iOS release they had a number of undesirable features that made them a bit inconvenient to use: they used UIWebView (instead of the faster WKWebView), they "restarted" if you ever left them, and generally had a number of other quirks.
How is that relevant to the conversation? If it is so little-used as to be irrelevant then the user-first thing to do would be to remove the functionality but Apple haven’t.
I can speak from personal experience that users do use it when you include specific instructions on how to use it. And it’s used in a number of corporate settings for installing webapps on an iPad.
As a web developer, I've never believed Apple has hindered web development on their platform, purposefully or not. [...] As I see it, their focus is on the user, which is why they've been slow to adopt APIs that are privacy concerns, or drain battery, or have other negative implications.
As another web developer, I find this entirely unrealistic. Apple's QoI even for popular new features like the HTML5 media elements was a bug-ridden mess for years before they fixed even basic problems. Conveniently, having managed to break the de facto standard for serving video on the web that had been working for years up to that point (Flash players), that left native apps as the only reliable way to do a lot of even quite simple things you might want to do with multimedia content. There is a deep irony that some of the breakage was because they were playing those media elements through effectively a separate plugin of their own that wasn't properly integrated into Safari and consequently broke other basic web behaviours like cookies.
At this point, the idea that Apple's motivations for the constant breakage and even severe regression of web functionality on iOS devices are entirely altruistic and for the benefit of their users is about as credible as Google and Facebook lobbying for privacy regulations because they want to decrease tracking on the Internet.
Just to be clear, Apple didn't kill Flash, mobile killed Flash.
I don't think that generalisation is warranted.
Apple refused to support Flash at all, meaning everyone who wanted to provide (among other things) audio/video content had to switch to the nascent HTML5 functionality, which was at that time and for some years afterwards inferior to Flash in almost every way except availability.
In that situation, it made little sense to invest in better Flash support on Android as it was presumably seen as a dying technology. However, there was no inherent reason why Flash couldn't have been improved to use less battery in the same way that the browsers themselves were, or that Flash could not have taken advantage of better hardware support on mobile devices for computationally expensive tasks like video decoding as this became available with newer devices.
This revisionist history, of seeing people wanting the proprietary Flash to come back, is crazy.
There's nothing revisionist in saying that people wanted A/V content on their sites, that Flash player had been by far the dominant way of providing that content up to that point, or that the then-new HTML5 alternatives were also very poor in quality and performance on mobile for several years afterwards.
Remember how for several years everyone with iPhones couldn't watch the videos on a lot of websites, and how excited people were when the big video hosting sites started adding HTML5 players and, in time, support for better codecs? Probably many of those people had no idea what Flash or HTML5 even were, so I don't suppose they did "want Flash to come back", but they certainly weren't happy that they couldn't watch videos on websites like everyone else.
Be careful what you wish for! I don't for an instant believe that Apple's motivations here are purely for their users' benefit, but their actions do at least tend to have some beneficial effect on privacy. Letting them suffocate so Google's spyware-laden ecosystem becomes the only viable way to access the web on mobile devices would not be an improvement.
In my opinion only we ourselves can save ourselves from Google. By using things like AdNauseam and educating everyone and their dog about ad blockers.
I don't think the way to fix ad bullshit is to close down everything, I do think it's in opening everything and educating everyone. That way people actually win, not corps, as it should be.
moving forward we can expect Apple to start systemically hindering web apps
They have been doing this for quite some time now. Always ostensibly to protect users but always also conveniently putting webapps at a permanent disadvantage to native apps.
For my part I'm not interested in being a user of a platform so hostile to the web that it disallows any third party browsers.
> Always ostensibly to protect users but always also conveniently putting webapps at a permanent disadvantage to native apps.
This isn't always a bad thing though. For example, Safari has prohibited some obnoxious behavior that Chrome has allowed: Autoplaying videos, tab suspension, push notifications. These hog CPU and destroy battery life, worsening the user experience.
Remember, making everything a web app is Google's agenda because they benefit most from it.
I would just point out there are very valid use cases for these things, i.e. push notifications are very useful to me (from certain apps). The problem is one of consent.
Interesting. I can tell Safari to not autoplay videos on YouTube in its preferences, but that doesn't seem to do anything. Seems more like a bug on Safari's part and/or workaround on Google's part than anything deliberate.
Safari uses some sort of algorithm to determine whether you actually want the autoplay to happen.
For example I've noticed that if you play a video on a website during that session, it will allow autoplay from scripts on that page (not 3rd party) for the rest of that session. Same for unmuting an autoplaying video.
This is all undocumented though and through personal observations, as Apple seemed to stop posting Safari documentation years ago.
Technically they could blacklist certain behaviors from certain sites. They and all other major browsers already do this in a privacy-preserving way for Safe Browsing, certificate revocation, etc.
Blacklisting is a losing game, especially from the malicious sites most likely to abuse this. Notice how those malware and fake Chrome extension ads have a new URL every day.
So it's not about what's best for the user but what's best for Apple? I wouldn't call that "understandable". All this is doing is contributing to webkit monoculture.
There's some irony that Apple forcing the use of Safari on iOS is creating a monoculture when, were the restriction lifted, everyone would be using Chrome.
I'd be amazed if there were more than a tiny fraction of iOS/iPadOS users (of which there are hundreds of millions) who weren't perfectly ok with Mobile Safari for their everyday usage.
[I'm probably the "target market" for Chrome (backend, occasionally frontend developer) and there's no way I'd have it on my phone. I only suffer the GMail app because they've made IMAP usage of gmail unreliable.]
It doesn’t matter what users choose, devs would badger users into using Chrome for their own convenience. It’d be the return of the “viewed best in” badges from the late 90s and early 00s.
I believe that OP is saying it would be preferable to have blink-everywhere than to have a deliberately-crippled Apple web browser with all other choices banned.
Agreed. There is no choice with IOS: you choose the same WebKit that they've chosen, or Safari. One engine and version, or one browser using that one engine.
You can install any browser you want from playstore or outside of playstore. There are no restrictions on what you can and cannot have on your phone on android.
Yet non-default browsers on Android are non-existent. So in practice Android has the same web-engine mono-culture as iPhone. Given how successfully Google was able to ensure Blink domination on desktop and even more so on Android it is very understandable what Apple has done. And for me having at least 2 web engines on mobile is better than 1.
In what reality-distortioned world is that worse than 0%? Also, several of those Blink-based browsers include additional non-Google-approved features, like Mozilla's own Firefox Focus, Samsung Browser, Edge, and Brave. I'd hardly call that a monoculture just because they share the same lineage.
If this were true, how would you explain the recent improvements to Safari on the iPad that make it as capable as desktop Safari. Until last year Google Docs did not work in Safari on the iPad. Now it works very well indeed. The same is true of most web apps.
This particular move takes something that is possible in web applications today and makes it not possible in the future (offline capable frontend-only applications), making the gap between native applications and browser applications further, so developers who need to build apps that works offline on iPhone, will only be able to use Apples own technologies for doing so, in a non-cross-platform way. Which in general, is what Apple always been favoring.
Google Docs doesn't really work offline, so it's not impacted by this change. Could also be a change of heart from Apple, since their stance on web applications have changed before.
People who want to track users will always find a way to do so, it's a endless cat-and-mouse game. Now they will just use cookies instead... The only way to win this is to legislate away the freedom to track users by using privacy-invasive methods. That's the only way that will work long-term. But that'll make half of the internet industry disappear, along with it's shareholders, so it's unlikely to happen.
Now I'm not a native English speaker, but seems "arbitrary" means "determined by chance, whim, or impulse, and not by necessity, reason, or principle". Introducing a law to protect peoples privacy would not be arbitrary, especially since most countries have a due process for introducing laws.
They could restrict these APIs to "installed" web apps via the web app manifest file, if they were to adopt that. Maybe they will in the future, but for now they've just made web apps far less powerful.
This is a great point with a simple explanation: How good Safari was on iPad was irrelevant before mouse support. Before mouse support, we had apps made with UIKit, which is a touch-first app framework, competing with web apps, which are keyboard-and-mouse first. So UIKit apps won, because UIKit apps are better for touch. With mouse support, that situation becomes exactly inverted: In UIKit apps, the keyboard and mouse are secondary, so web apps have the advantage in being keyboard-and-mouse first.
So now that web apps have the advantage, at least when a keyboard and mouse are attached to the iPad, Apple is going to be seeking to tip the scales back in native apps favor.
We’re all speculating about Apple’s motivation, but none of us really knows why Apple made its decision. Perhaps it’s best to focus on the trade-offs—privacy vs. functionality—and not the speculative Kremlinology.
Respectfully, no. Learning software is a big investment in time and effort. Since I'm on Apple's platforms, because I think they're the best compromise for running the software I want to run, I am going to continue to speculate their reasoning to try to predict which software will be successful on their platforms in the future, because that's how I choose where to invest my time and effort.
I respect you have some other motivations here, but I'm not doing this for fun. I'm doing this because it's important to how I spend my most important resources: my time and effort. So no, I'm not going to stop speculating, the mere idea is laughable. Like buying an individual stock while having no opinion of what direction the company might take in the future.
Of course you are free to speculate, but my point was that we lack evidence of Apple’s motivations that would help us to make predictions of any value. All we can do is tell a plausible story, and without evidence your story is no more likely to be true than mine.
The people who work on making websites function better on iPad are literally a 20 second walk away from the people who work in Intelligent Tracking Prevention–do you really think that they'd seek to undermine each other in this way?
Absolutely, do you have evidence they are talking and consulting with each other? Obviously lack of evidence isn't evidence either, but departments do things all the time that are at odds with each other in companies like Apple.
Which is strange, because they're already under scrutiny for being anti-competitive WRT their app ecosystem. Having good support for web apps could've softened that case a little bit.
I have nothing against hybrid apps. In many use cases, they are the best approach, and I have often declined business, in recommending them to others, as opposed to what I can do.
My post was not an attack on anyone or anything, and it was not being snarky. All I said was that I develop native apps, and that this policy does not affect me.
I like developing native apps. I've been writing native Apple software for 34 years. It's not really difficult; just different. I have also been developing "Internet" software, of all kinds (full stack), since before the WWW. Using Apple stuff. It certainly can be done.
Better title: Apple restricts tracking by limiting browser storage, which hurts my particular app.
Browsers need to be severely limited due to them running arbitrary code from the web. Doesn't matter if it's an offline web app. If you want more access, make a native app (with or without web technologies).
Wouldn't it be possible to retain the data with privacy by:
- Asking the user client side for a password
- Encrypt data as a blob using some symmetric encryption (AES)
- Push encrypted blob to the server with login attached
If you're using SSO the client authenticates and then can pull down the encrypted blob based on the SSO auth being valid. You can tie 2FA in however you wish. At that point the user is prompted for a "data" password for that particular site. Or would there be an easy way to build a pki/pin cert type of encryption to eliminate the password prompt? (I feel like this is essentially what Keyring!? would do but maybe not?)
Outside of implementation weaknesses which I feel could be mitigated by created standard libs to do this, what am I missing?
Bonus points for pushing the data diffs only or even a version controlled blob (data stored in a git repo where only the diffs are pushed in encrypted form).
Edit: Or how about a local hardware appliance for your network that stores all data like this encrypted and pulls from there.
It's very hard to verify that the data is indeed encrypted, whereas with local storage you can just monitor your network usage and see that no requests are going out. Hell, you could airgap your machine and have no problems with localstorage.
You can implement end-to-end encrypted applications e.g. with the subtle crypto API, though there’s always a debate of whether this really provides good privacy as the website owner or an adversary who can inject code can still change the JS and steal the data. Personally I think it’s still much better as the data at rest is encrypted and only the user can decrypt it. Now the problem is of course that if the user forgets his/her password the data is gone. To alleviate that you can again think up some schemes like encrypting the encryption key with an asymmetric scheme where the private key is kept secure by the website owner, but that then requires a process for securely using this key... So it’s possible but not trivial I would say!
No, Apple offers anonymous user credential technology. Server gets unique identifier and ability to authenticate with no actual user info. Server gets an anonymous redirected email for sending info to the user. Apple is the intermediary. Of course, you can choose not to trust Apple, but Apple already has my info and their business model is not predicated on tracking and advertising. I'd rather continue to trust them than spread my data across more orgs, but that's my choice. You might choose differently.
I choose differently, but my choice may matter to you if I throw up my hands and say "Too much effort; if the user visits my site in Safari, I'm just going to toss up a banner page that says "this site does not work in your browser."
It's a power-play on Apple's part to intermediate themselves where their inter-mediation isn't necessary. And all kinds of customers (enterprise in particular) won't appreciate Apple getting a free "hi hello" signal on how much their company uses some service that leverages this scheme. Especially if Apple is a potential competitor to them.
Same. We momentarily considered adding Apple Login to our app when they changed the rules a couple weeks back, but instead we are removing all social login and migrating all accounts to (email/username)/password. Why?
Because a) it's even more code we now have to support, both in our apps even on android and on web -- a huge investment we are not prepared to make, and b) because for what we do, we actually do need to know the user is who they say they are (we offer the ability to contract a service between third parties, which means anonymity is NOT desired). I was never really comfortable using social login at all, for that second reason, but was pressed to by my peers; after Apple's shenanigans we came to the mutual decision that it was time to cut the cord. The login screen is already busy enough, we don't need yet another button. So we'll simplify.
For this latest change, it won't affect us much because I have always made it a policy neither to trust, nor to rely on, the data in Local Storage, and only to use it for performance boosting via caching. If data isn't there, it isn't there, and we go get it. This is largely due to historical reasons where browsers have always borked the LS implementation in one way or another, but it's beneficial now in that it won't really change anything for us.
I do feel for folks that are using it for genuine storage though, I know some apps that use it in order to AVOID storing private data on their servers, which will now have problems and be forced to reduce privacy in order to adapt.
This is definitely a power play on Apple's part to further weaken the web ecosystem. Device sales have been falling for years, they know their cash cow is their 30% cut on app purchases and IAP, and they aren't going to let the browser cut into that. Any "privacy" benefit in this case is purely incidental (and as noted above I believe it will do the opposite in many cases).
But that's a solution for a single OS, for a web page that should be cross platform by default. And it's not really a solution, just additional complexity to what was a solved problem.
Thank you. I think this is very often overlooked. "Consent" gets thrown around alot but most of the time people basically have no choice if they want to, you know, participate in modern society. That's one of the reasons why an open web is so so so important and why I think Tim Berners Lee is working so hard to try to bring some part of that back as the "online world" (apps and internet) become more and more walled garden.
If you are coerced into giving consent, it isn't consent, and most of the time if you're doing it so you can be part of the world around you, it is coerced, whether people want to recognize that or not.
Any time you see the phrase "implicit consent", it can be helpful to stop and ask how that consent could be withheld without changing anything else. If it can't be, then it's not really consent at all.
I'm interested. As a iOS developer I always found that user want to skip the login page soon as possibile, if there is an FB button they press it.
Do you have different experiences of it?
Web-wide analytics (and our own, which have almost exactly the same stats), show about 30-40% of users still rely on email/password (and that's actually growing, as password managers become more ubiquitous especially when Apple implemented the built in credential manager in apps and in Safari on iOS).
We're actually getting rid of social login in our apps. And we're not alone, alot of platforms I use have recently moved the same direction, and I think for the same reasons.
Google, Facebook, Github, Twitter logins proliferated because
a) the cost of implementing an auth system is high, and those offered a turnkey solution that was cheap and quick to implement. This is no longer true, there are lots of options now to host your own auth while federating the hard work to someone else (e.g. Auth0, Cognito, et al)
b) for awhile, people LOVED the idea of having "an online identity" and a single login everywhere. Over time this has not really panned out, because it's the prisoner's dilemma; for it to work, everyone has to do it (which is why G and F have tried so hard to get everyone to use them). But also, because privacy questions have reduced the shiny appeal of that scenario in the first place. Combine that with easy to use password managers now, and it's much less necessary.
But browsers are severely sandboxed already. What the article is talking about is:
> deleting all local storage (including Indexed DB, etc.) after 7 days
which I can see how it might help privacy (since you could be tracked via local storage too) but also how it might break any potential web app that might need data to last more than 7 days.
> If you want more access, make a native app
But then, everybody will complain about yet another Electron app, right? Not to mention that you have to fork over $99 and go through the signing / notarization hoops that change from one week to the other.
I think in the name of privacy and security only Apple and some select few corporations will be allowed to make software in the future. macOS / iOS and Windows 10 are evolutionary dead ends in many ways.
* AdoptOpenJDK releases that were notarized some months ago are no longer accepted by Apple since they made the rules even more stringent. I had releases accepted by Apple that are not accepted today using the same AdoptOpenJDK binaries.
* Apple's notarization rules are not global. There's whitelists for given companies/institutions/apps/files which means the same dylib might not have to be notarized by a bigger player but will have to be codesigned by you.
The above happened to me in the span of less than 3 months I think?
Indeed, the scripts I use per se to do the notarization are about the same as originally.
Apple may have stepped up notarization requirements, but I never heard them be inconsistent across developers. Are you sure you submitted the same binary? Nothing different about the signing or bundle layout?
Apple requires that all code-related assets for an app should be included into the app. So the app cannot just be a launcher that show a browser with a website.
If we had to make non-electron, native version of our app, that would mean Windows[1] and Android, because that's where the current users are. Forget the rest.
Is that the future you want?
[1] And they would not be happy about that either. For many that would mean RDP or Citrix. They prefer webapp right now.
It would only be citrix if it was made a native app. It is presently a web app, presumably because it was determined to be a better choice. You proposed that it should be a native app. It would be the customers that would choose Citrix, but they'd probably prefer web apps (if they're anything like my customers).
The deployment story is so much better for web apps, which is the main reason it seems to be so compelling for big enterprises.
I think apple DOES want this. Core markets cleanly segmented are probably a better value prop to apple than everything working everywhere and users being able to freely migrate between platforms
Apple doesn’t have an ad network outside of the little money it makes from ads on the App Store itself.
Also, Apple may want a cut of the subscription revenue but most companies who have significant subscription revenue, don’t go through Apple’s subscriptions payments.
Yeah, cause everything in the browser is free, right?
Clearly it's A LOT of money for apple. If they didn't care about the money then they would just allow it so everyone could avoid receiving payments using apple and giving them 30 %.
That still doesn’t answer the question. How many websites were required to be apps because of limitations of Safari?
What makes you think users would willy nilly put their credit card on every random website.
Everyone can avoid using Apple for subscriptions. There are existence proofs of apps on the store that require payments outside of the store - like all digital content from Amazon.
Most of the money that people spend on the App Store are from games and in app consumables. Especially since the major services like Netflix and Spotify don’t allow in app subscriptions.
Seeing that most major subscription services on the App Store are already forcing users to subscribe outside of the App Store, Apple isn’t getting a cut of subscriptions from the most popular service.
How many apps require a subscription and cannot be a web app because of limitations of Safari?
How many paid apps would be websites if it weren’t for limitations of Safari?
The moment you offer in-app payment, apple gets a cut. This goes as far as not allowing apps that link to payment outside of the appstore's payment system.
There is a huge number of cordova apps out there. These are webapps inside a native wrapper, to access exactly those features that are crippled in safari. Reliable storage, push notifications, and not much more.
ACloudGuru does not allow you to pay for subscriptions via in app purchases, Udemy allows both. A company can decide whether it is right for their business model to allow in app purchases exclusively or along side their own payment options.
Hulu for instance allows in app purchases for the regular Hulu service but not Hulu Live
Which in a current situation is running a risk to fall into Google's walled garden. It is not there yet but Google's working hard on subverting the Internet.
It's not "limiting browser storage", it's making browser storage expire. TFA's example is just some random app, but this essentially kills the entire concept of an offline-first web app, and severely hurts the browser as an application platform.
> If you want more access, make a native app (with or without web technologies).
Browsers usually ask for an additional permission in this case which would be a good approach. Your post sounds like "browsers need to be severely limited, so if you want to watch video, just launch VLC". It does not work this way.
Making a native app is more complicated than making a webapp, especially if you want something cross platform. Browsers are now an universal virtual machine, what was the JVM years ago, and with webassembly we will se more and more things done in the browser.
The real 'write once, run everywhere' are webapps, a webapp doesn't care if you are using Apple, Windows, Linux, BSD, whatever, if you have a compatible browser you use the app.
Sure there is Electron (or React Native), to me it doesn't make sense, what is the point that every application needs to ship basically a browser? And still Electron apps need to be compiled and packaged for every platform, while with webapps you enter the URL in the browser and you are done with it.
Doesn't adding APIs to browsers not only to use the local storage but also to access the filesystem of your device (of course asking the permission to the user) make more sense?
Of course what really Apple fears is loosing the control of the apps that gets used on their device, now they control the App Store that is the only way to get apps on their devices (beside jailbreak), with webapps is different, since you can access them directly from the browser.
And the thing that is absurd is that the first iPhone didn't have the App Store since Apple decided that the only way to get third party apps was trough the browser, now they are aiming for the opposite thing.
My company created a web client for our chat software product around 5 years ago. The quality of our product has slowly deteriorated as browser vendors continually remove or restrict features that once worked fine. Just to name two examples: autoplay audio for chat notifications and tab throttling killing websocket connections and background timers. I understand bad actors are abusing these things, but they're breaking totally legitimate use cases.
We've been forced into an electron client and now urge our customers to ignore the web client. If we didn't have a small number of customers on Macs, we would abandon web tech altogether and build a native Windows client.
You have to send every change to Apple before the user can run the code. In theory, that allows Apple to do more checks than when the code is dynamically loaded from your web server.
Apple doesn't care if your app logs your usage to Google Analytics every 1000ms.
Besides, in the browser you have trivial tools like uBlock and the network tab. In native apps, you have to use mitmproxy just to see what the app is doing at all.
> Browsers need to be severely limited due to them running arbitrary code from the web. Doesn't matter if it's an offline web app. If you want more access, make a native app (with or without web technologies).
Native apps have the same problems too and such "severe" limiting of apps in web browsers still doesn't solve it. The only more or less privacy preserving model I can think of for native apps today is open source repositories with app distribution not controlled by app developers, like f-droid or repositories in various linux distros.
Wouldn't making it first party only cover it? I don't see how this has anything to do with privacy/tracking. webpages can still leave long term cookies. The only way this is a privacy issues is if 3rd party iframes can use localstorage but just like 3rd party resources have their cookies blocked so to could localstorage.
Otherwise this has absolutely nothing to do with privacy or tracking.
OR maybe it's apple's responsibility to figure out how that usecase can exist without security flaws?
As a customer, I'm tired of devices functionality being limited coz "security risks". Functionality that is arguably superior to native apps apart from the security risk.
...and give apple their cut. Why not add permissions to webapps? Like location, or push notification... oh that's another feature that happens to be missing only in safari.
Just accepting these moves from apple as "in the interest of users" is naïve. Apple has a huge vesting in their appstore, and every webapp is a potential appstore-app that is some lost revenue.
I mean, maybe apple is right, and the web should go back to a readonly document-like format, like in the old days. Articles and links. Apps for everything else. But let's not kid ourselves that they do it purely in the user's interest.
Genuine question: what makes native ad frameworks different here? They execute with the same privilege of their containing app so surely they’re open to similar privacy concerns. Shouldn’t native apps have their storage cleared?
I’m a little confused by this and maybe I’m missing something. Wasn’t localStorage always intended to be treated as a volatile storage mechanism for non-critical data and caching? The advice I’ve seen for several years says to avoid storing sensitive or critical data there.
Can PWAs not switch to using IndexedDB which seems like it’s more purpose-built for this use case?
No snark intended. I’m legitimately curious what the situation is and where any blockers are.
It's a bit confusing because there are two similar terms being used to describe this. First is "local storage" which refers to any of the storage, as long as it's on the local device. Second (which you used) is "localStorage", which refers to specifically the window.localStorage API (which you are right about, has been described as a volatile short-term memory for apps).
There's certainly a balance to achieve there. Too few permissions prompt and you lose control, and too many and you get desensitized or even worse annoyed at them.
Some browsers show an icon in the address bar when an app is requesting/can make use of an optional permission or feature. Clicking the icon allows you do grant the extra permission (i.e. allow cookies, enable, camera, etc.) but otherwise no additional prompt is shown.
I think this is an excellent example of such an unobtrusive prompt and is how ALL such features should be implemented. Sites should get almost no permissions by default and certainly not be able to show popup prompts.
That is not a prompt at all, just a fancy configuration option. Which most users will never notice and just assume the app is broken.
When the site tells them to "active X permission" without telling them how to (for their specific browser version), most will leave instead.
When the site gives super detailed, up-to-date instructions on how to activate the feature, a very large percentage of users will still leave instead.
When the feature is so useful that many sites go through all thouse troubles and it's common enough for users to encounter this that they'll follow through, most will do so for every site that tells them to and entices them with "ACTIVATE X TO RECEIVE YOUR $10,000 PRIZE, LUCKY WINNER!!!".
Actually there is - firefox does it all the time. It's simple really - just add a new obscure configuration parameter and tada - the browser starts ignoring your dns resolution setting and automatically uses a preconfigured one.
No need for a prompt, obtrusive or otherwise.
I configured my Chrome to block sounds on all websites except for a few selected ones. Now if blocked website plays sound, I can see tiny icon in right of my URL bad. It's absolutely unobtrusive, yet I can enable sound with two clicks.
Even before this change, data in IndexedDB was kind of volatile - if a device was low on space, browsers could delete stored data.
https://dexie.org/docs/StorageManager describes the StorageManager API which lets you prompt the user to allow your IndexedDB data to be stored more reliably. My first thought after reading this article was wondering if this would allow an exception to the 7 day rule... but then I remembered that Safari is the only "modern" browser which does not support the StorageManager API
lol, sucks for users of my client side JS video game!
I would say yes. The reason being is that exceptions will be abused, so it is better to enforce rules that everyone has to follow than to depend upon good behavior which the people we are trying to stop won't (almost by definition, because we wouldn't be needing to try to stop them with rules if they were already respectful of the social contract).
If there were a way to enforce that the application has no access to any communication system (network, inter-app, maybe excluding explicit copy/paste), then I would be happy to give it permanent storage.
But as soon as you allow it any access to network resources then carrying state becomes a liability.
Sounds like the solution is to add the app to your home screen. I don't think its reasonable for a browser to let any site I ever interact with to store data on my device indefinitely
A Note On Web Applications Added to the Home Screen
As mentioned, the seven-day cap on script-writable storage is gated on after seven days of Safari use without user interaction on the site.” That is the case in Safari. Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer. We do not expect the first-party in such a web application to have its website data deleted.
If your web application does experience website data deletion, please let us know since we would consider it a serious bug. It is not the intention of Intelligent Tracking Prevention to delete website data for first parties in web applications.
> Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. [...] We do not expect the first-party in such a web application to have its website data deleted.
I don't get it. Which of these statements is correct?
1. "Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Of course, that counter doesn't do anything. It just sits there, counting, for no particular reason. We just love counting things!"
2. "We do not expect the first-party in such a web application to have its website data deleted. Except, of course, if they don't use the web application for seven days. In that case, that data will be _extremely_ deleted! Really just wiped from the face of the earth."
The counter is per days of application use, so (2) is false. Not using the app does not affect the counter.
The counter is also per domain, and so while the first party domain for the PWA (which is likely to, of course, be loaded on each PWA launch) is effectively meaningless, if you visit other domains from within the PWA they will be subject to the counter independently.
I believe the first-party primary domain of the app will never have its data wiped — though the article could certainly be clearer on the point. What would be cleared in that case would be any other domains — if there's also a "Visit Zombo Facebook" link in there, and you only looked at Twitter for a week, the Facebook cookies would be wiped.
> Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer.
Can anyone explain this with an example?
So web apps added to the home screen will have their storage wiped under some scenarios? If not, what does "have their own counter" mean?
How are web applications added to the home screen not part of Safari in a way that's different from a regular URL you might visit?
Note this is totally based on my reading of the GP:
>> As mentioned, the seven-day cap on script-writable storage is gated on after seven days of Safari use without user interaction on the site.”
I'm understanding this to mean: you access Site A and it stores data to your local storage on day 0. Then you use Safari for Sites B, C, and D, but not A for the next 7 days. Since Safari has been used for 7 days without using Site A, Site A's data is cleared.
>> Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer.
I'm understanding this to mean there's no distinction between Safari and Site A anymore. Since you can't use Site A for 7 days without using Site A, Site A's data is never cleared.
It would make much more sense for them to just disable the counter in this case, or at least just explain it that way. It would be less confusing.
Home screen installed PWAs are treated as a separate web browser.
So installed PWA's do have automatic deletion, but that basically only applies to third party content (like advertiser tracking cookies, or content from other sites you show inside an iframe), since the number of days used since last interaction counter will stay at zero for the main site.
If you add the Twitter PWA to the homescreen and don’t use it for seven days, it’s storage will be reset and you’ll have to log in again.
I think WebKit’s handling of local storage is the prime example of how optimizing for privacy to the exclusion of every other consideration is user-hostile
I don't read it like that. It's not about 7 days real time, it's about 7 days on which you use the app.
Since you can use Safari without visiting the PWA's domain, this feature can delete the data of a PWA which runs in Safari.
Since you can't use a homescreened PWA without it visiting the associated domain, the data saved by the PWA's domain will never be deleted for homescreened applications. But data associated saved by other domains can still get deleted if you use the application for 7 days without it opening that domain.
> Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer.
This is a baffling word salad. So they are tracking days of use of home screen web apps... which sounds like it means that if you do not use the app for seven days the cache will be deleted... but they don't expect a web app to have its data deleted. What?
Home screen installed PWAs are treated as a separate web browser.
For all web browsers, content is only deleted after 7 days in which you use that browser. So if you shut for phone off for a month, and then turn it on, and open safari, that whole month only counts as one day, since you did not use the safari browser during that month.
The same rules apply to PWAs installed to the home screen, which are being treated as seperate browsers. Of course, the count of days of use of this "browser" without using the main site will always remain zero.
But for third party cookies, or third party content from an iframe that uses local storage, those would get nuked if the home screen installed PWA is used on 7 different days without interacting with those domains.
The only coherent interpretation I can think of is that accessing example.com in a home screen app doesn't reset the timer for example.com in Safari. And vice versa. But it's still really unclear whether that implies that home screen apps get their data wiped or not.
It depends on the context.. For example, I use an invoicing web app that stores previously created invoices indefinitely in localStorage. This gives me the benefit of not having to manage login credentials and keeping everything client-side. It also gives the site's developers the benefit of not having to manage user accounts or server side state.
Without being able to use localStorage as a long term store, I'll have to register for an account, have to deal with them handling my data, etc. Losing the functionality of localStorage as a long term store has disadvantages.
Maybe it is because I can't seem to hold onto a device for more than a year or two before I lose it somewhere, but the idea of having all my important invoice data on a single device sounds scary to me. I would hope that localStorage is included in in iCloud backups.
I think looking at Apple as saviour of Privacy, is for lack of better term just wrong. They have always favoured closed systems even if didn't provide privacy advantages or as in this case was counter-intuitive for privacy.
I feel the comparison of Apple with data companies such as Google, Facebook is by itself at fault. Apple like any computer company of 70's was not into data, just because Internet itself didn't exist at that point like it does now. 'Apple didn't choose to be in data' is projected as altruistic, instead of just a marketing ploy(they didn't choose, because it wasn't available).
Apple doesn't receive even the fraction of scrutiny Google, Facebook receive (which they should). e.g. iCloud hack, Apple's response to iOS vulnerabilities targeted by state actors, Newer Safari being incompatible with privacy extensions such as uBO etc.
Personally I feel good that Apple is not into data, just because I feel if they are into data; they might be more evil than Google or Facebook aided by their walled garden.
I think looking at ANY company as the savior of privacy is a waste of time. Companies have proven time and time again that they are unable to self-regulate this. Only way forward is to introduce legislation that makes it illegal to track users using privacy-invasive practices, otherwise we'll never get rid of it. A company can be privacy-preserving today, but then the leadership changes or acquisition happens, and now they change their practices, without informing users.
I simply see no technological solution to this problem, it'll always be a cat-and-mouse game, until governments catch up and makes it illegal.
I'm eager to hear if someone here does have any solution to this problem though.
Well, we're talking about a hypothetical law here, so we don't really know the amount... The low amounts for fines when it comes to big companies is a different problem that should also be fixed.
It was open sourced as WebKit because it derived from KHTML, which was copyleft, and it took lawyers getting involved before Apple played ball and released it as open source.
Before someone says I have Firefox/Chrome on my iPhone; they are just skins for Safari. Same vulnerabilities which exist on Safari(Webkit) can be exploited there as well since they aren't allowed to use their browser engine.
If I understand you correctly, "open source" is not a kind of openness and should be disregarded. Assuming that is so, for the sake of argument, what does count as openness?
When you use Apple Maps, Apple doesn't know who you are, where you go. There's not even a way to sign in.
It's not incompetence. When you request a route, your iPhone breaks up the request into separate, unrelated segments so Apple doesn't even know your total route. They've done work to avoid tracking you.
Call it a "marketing ploy" or "altruism" or whatever, but the fact is that Google wants to know where you go, and Apple doesn't.
Agreed — Apple’s trying to project a high-minded motivation here, but their real motivation is likely to try and limit web technologies so that companies must still invest in native iOS apps and remain within their walled garden.
Did PWA's take off? What are some famous/big PWA's now? I can't remember ever "installing" anything in a browser as an app, or even being asked if I wanted to do it. Am I misunderstanding what they are?
I'm the OP, I use a lot of PWAs. My main machine is a Surface Pro X and I don't have native apps (as in native aarch64 binaries) for many of the things I'd like to use. So, I'm using PWAs for Instagram, Twitter, Kindle, Pinafore (mastodon client), Spotify, and some of my own.
I was developing a feed reader that was supposed to be a client-side-only PWA but that's tricky.
Off topic, but how is this experience using the Surface Pro X as a PWA machine? Does Windows / PWAs work well in tablet form? I was thinking of switching to a similar setup and using it essentially as you describe. Seems like it could be a really lightweight and simple computing environment similar to Chromebooks but still allows you to run traditional Windows apps as well if you need.
I really like it but I wish Microsoft would support FOSS developers better and provide more support and incentive for them to port more developer tools. There are almost no native aarch64 programming languages for Windows 10. If you keep yourself inside WSL then you're good to go because Linux under aarch64 is quite complete. On the windows side of things you'll probably running a lot of 32bits x86 apps.
Which is one of the reasons I like PWAs, they are ISA independent and are working pretty well here. Unfortunately Firefox doesn't support an add to homescreen feature on the desktop, so I used Edge to do it for the apps I want to have a nice icon for (such as spotify).
If you're going to use it much like a chromebook then it might be a tad too expensive to be justifiable. I don't regret buying mine at all, I really like it, but I'm sure they'll release cheaper ARM64 Surfaces soon, I'm betting on a Surface Go with ARM64 at some point.
Their regular web app is a pwa... thats the beauty of it. PWAs are not different offer, they are just enhancement on top of web apps. Good PWAs are invisible.
The Cloud Reader isn't a PWA. It's only available as a website and a Chrome OS app. Its UI is miles behind the Kindle apps on Android and iOS, which have better footnote support and font settings.
PWAs haven't taken off because Apple won't implement full Push API support in Safari thus forcing you to go through the App Store if your web site or application needs push notifications. The App Store then complains if you try to publish an app that just wraps your web site so that you can have push notifications. It's... infuriating.
Sites could easily only prompt this after you've added them to the home screen. Browsers could, do?, also allow users to set a default of deny all notification requests.
The problem is that developers have to spend a significant amount of time and money to get on iPhones because of Apple's policy here. If browsers and devices fully supported PWAs developers could "write once, run everywhere". Instead we have to build separate apps and deal with separate release processes. It's a huge productivity cost.
Yeah so maybe try making a real native app instead of trying to hackaround with web sites?
Apple isn't obligated to implement every single "this is now cool on web"-thing on it's platform to satisfy small niche of people who will find value in them.
Are you an Apple employee? If not, as a consumer or developer why are you not talking from the consumer's point of view? I don't want to install each and every native app. As a developer, I don't want to write and maintain completely separate native apps.
Further, if Apple were truly concerned with the quality of the apps in their store they would free developers from having to submit apps just to support push notifications. Less time reviewing and rejecting apps, less "low quality" apps in the store, happier developers, happier users.
PWAs are also useful where you want visitors to be able to access a portion of a website while offline. I run a site that hosts audio tours[1] for museums and walking tours. I use PWAs to allow visitors to quickly download the tour onto their phone in case they don't have a data plan or a portion of the tour will not have cell service.
Apple definitely makes it difficult to use them effectively. For example you need to use Safari on iOS in order to download the PWA - it won't work if you're on chrome or another third party browser.
There's a chicken/egg issue here. Apple's support for progressive web apps has been subpar, so it's difficult to justify the extra effort in making a PWA when a major platform doesn't fully support it. Which, in turn, means people turn around and say "why should Apple support PWAs? No-one uses them!"
The look depends on how much effort the developer invests. If you take Bootstrap, the resulting PWA looks like a website. If you take Framework7 the resulting PWA looks more like a native App (including animations and the like).
The key is the 'P': Progressive. A PWA is just a web app, but one that takes advantage of features you'd typically see in a locally installed application like local storage, notifications, etc. This might mean it has metadata to make it "installable" in browsers that support that, but I wouldn't say that's a requirement to be considered a PWA.
devdocs.io is the most successful example I'm aware of. I've never "installed" it as an app, as I don't use a browser that supports that (basically Edge, Safari or Android Chrome), but I've certainly relied on its ability to load without an internet connection for train/plane journeys.
Given that the OneNote web and Windows 10 apps don't implement Find&Replace (just Find), 5-10 years after their first release, I wouldn't hold my breath for usable Office PWAs.
Edit: the official help page on how to do Find&Replace reads like a joke until you realize it is very real:
DevDocs is great for offline documentation, and is entirely a PWA. You just preload the doc sets you're interested while online, and they will always be there for you when you need them. Automatic updates can be enabled for when you come back online.
How should PWA take off, when Apple with a high mobile market share refuses to implement basic APIs like the Push API and other browsers can't run their own engine on iOS? It is abusive, but who cares.
Ok I think I'll have to rephrase the question: are there many widely used PWAs that actually go one step further than being a web app using a few of these APIs (spotify, twitter), and actually try to "mimic" desktop apps more (installation, icons, fully offline etc)?
I think the original post is oversimplifying the new behaviour a little. If you look at the other blog post on ITP 2.3 [1] it says:
> ITP 2.3 caps the lifetime of all script-writeable website data after a navigation with link decoration from a classified domain.
i.e. the 7 day timeout for local storage only kicks in if you've been redirected from a domain that ITP has classified as one that tracks users. So, for example, web apps that users navigate to directly will be unaffected.
> If you look at the other blog post on ITP 2.3...
why would you look at the old blogpost for the new behavior?
It's all web pages, regardless of classification or redirects. The new webkit blog post is quite clear:
> Now ITP has aligned the remaining script-writable storage forms with the existing client-side cookie restriction, deleting all of a website’s script-writable storage after seven days of Safari use without user interaction on the site
> website.example will be marked for non-cookie website data deletion if the user is navigated from a domain classified with cross-site tracking capabilities to a final URL with a query string and/or a fragment identifier, such as website.example?clickID=0123456789.
So my guess is you are fine most of the time, except if you allow other sites to embed your content in their page. In that case, you should:
- provide the embed on a separate subdomain
- remove features requiring identification if the content is view embedded: attempting to use them redirect to the real site.
Otherwise ITP will mark your domain as tracking and wipe you after 7 days if your user don't interact directly with the site.
I have a hard time deciding if it's a good thing or not.
I guess it has the potential to be mostly a good thing, provided that:
- I understood it correctly, which I'm not sure, as their wording is not clear
- It's implemented correctly. Once the deal is done, it's in the wild years, fix or not.
- It's implemented in good faith. Apple wants to promote the app store and has shown to neuter web apps in the past.
JWT tokens are irrevocable by design, or it would defeat the purpose. I would advise against issuing JWT token which are long-lived. Using "refresh tokens" are generally more prefered, as this gives an opportunity to revoke a stolen token in active use by the attacker. Even 7 days seems like an excessively large session time. That is 7 days a stolen token can be used to forge an authenticated session.
My guess would be that if your user uses service site.com, calling using microservice micro.com, then you have to store the JWT in the localstorage of site.com, but cannot store it on the localStorage of micro.com.
As far as I understood this is not a "list of trackers" per se but a "list of websites that track you when you navigate to another website from them" and people don't navigate away from the Google Tag Manager or Google Analytics domains because they don't serve content with links.
I don't know if t.co is such a classified domain but if so, if the link contains query parameters or a fragment part, then yes.
I'm also not sure if "navigation" means through user action or if redirects count, although for the purpose of tracking prevention I don't see how the latter should not also count.
So, if all of this is true the way I understood it now, the restrictions could apply to when someone reaches your site via social media.
Could someone please change the title of this post? It's rather inaccurate and spreading FUD... legitimate offline web applications are not going to randomly lose their storage abilities in Safari. Tons of people read this (admittedly hard to follow) blog post quickly and then took a nose-dive into their own hot takes.
Hoping Webkit pushes another of these posts later to clear things up.
I have an app which isn't offline, but I wanted to make use of IndexedDB and LocalStorage to make things faster for users. Now I wonder if it's worth the effort to even try. I think this pretty much kills the utility of all local storage initiatives.
My app is an inventory control system used by businesses that build electronics (https://partsbox.com/). Deleting client-side data after 7 days is ridiculous. You can't assume that people will always log in every week, in small businesses or design/manufacturing companies there are times when 2-3 weeks can pass without building new hardware or touching inventory.
Both your and Apple's concerns are valid. This change makes the fact (arguably) that these local storages are caches apparent.
Some web apps already saw the danger of having an easily purge-able storage on the client side and simply implemented an export function for their tools. I admire those tools more than the ones who overuse local storage for everything.
One such tool is draw.io, a flowchart maker. You use the app, persist everything in local storage and when you are done, you export your project into a file, all happening on the client side. When you need to edit, you import the file on launch. It's portable, it's protected from browser bugs/decisions and imho pretty user (privacy) friendly.
Your demo page is 3.23 MB. ~500KB is javascript, ~500KB is CSS and another ~400KB is web fonts. The parts database is 24 KB. That's certainly not the first place I would look for an optimization target, even for customers with very large parts databases.
With respect, I believe you are mistaken about what my important use cases are like.
Not going to go into details, but that JavaScript, CSS and fonts are all immutable assets, never to be requested again, while the database is significantly larger for clients who run their businesses using this software.
I see two problems:
- apps with client-side-only data, i.e PWAs served from static sites
- delta sync, although useful, is little help when what the dev wanted was a fast start
I really hope the outcry about this is big enough to get Apple / Webkit reconsider. With service workers and improvements in browsers/cpus "PWA"s (aka web apps) were just getting to the point where they could compete with native apps for a number of use cases. And they had much better privacy / security policies. This doesn't completely kill that, but it's a big setback.
This depends on many factors but a PWA can be inspected by third-party using the browser developer tools which makes easier to find out about its communication. You can do that with proxies and other heavier tools for native apps, but it it requires more skills than the former. Also the web platform is very private, you don't get access to files and many other features without user consent. Native apps might not be like that even though Catalina is going crazy with the permission dialogs.
The sandbox, while questionable at first, has slowly been improving and at this point gives the same features as the web you're describing. If anything I find the APIs more feature complete, albeit less well documented as... well, let's face it, this is Apple and macOS we're discussing here. ;P
I'll also note that "requires more skills" seems like a bit of a blanket statement to me. They're just different sets of skills.
I'm an engineer at a platform that makes it easier to build privacy-friendly apps. This means that all apps on our platform have app-specific private keys stored on the client side (in localStorage), and they never touch a server.
With this change, you're essentially "logged out" after 7 days of inactivity.
This is pretty a bad user experience. I honestly am not sure how to mitigate this. MacOS Safari might not be a massive market, but iOS Safari is.
Any thoughts about how we should address this change?
Being logged out after 7 days of inactivity could be a little bit annoying but I can live with that, as long as I can log in again.
I could be misinterpreting your comment but are you saying your keys are simply destroyed upon this “log out”? Then I’m not really sure why your platform was considered working in the first place, if it’s tied to a specific browser of a specific device and won’t survive a clearing of storage which any user can do at any time for a variety of reasons?
What if someone accidentally erases everything because that’s what they’re told when something doesn’t work right? Answer: it’s volatile storage in the first place, and a tiny one at that. Heck some browsers can be configured to erase everything when closed (when operating in non-incognito/private mode).
No, it's not tied to a specific device. You can of course log back in, and keys are not "destroyed". We ask users to store a 12-word seed phrase, from which all other keys are derived from.
I can't think of any, they're all the same topic as far as I can see. The WebKit blog post has a little bit about third-party cookies being blocked but everyone quickly moved discussion to the script-writable storage cap.
I'm confused, or seeing confusion, over some things in the comments here. "We don't use Safari in our app..." We're talking web apps: you know, web sites with functionality. You don't exactly have control over which browser your users use. And in iOS, everyone is using 'Safari' even if it's Firefox or Chrome wrapped around the rendering control. This means you have to assume that the policy affects any visitor from any web browser on iOS. Technically, the other browser vendors can siphon the data into other storage to their users' benefit, but I don't know how likely they are to do that, nor whether Apple would approve them with such changes.
Do you mean that you deploy a 'native' app that's really just a wrapper around a web view that would also be just Safari? Same policy applies, but now, you have the option, in native code, to siphon off data and put it into Real Storage.
The argument would be stronger if the post got into what privacy protection in Safari isn’t available in the Apple News app. Instead there’s a seemingly random plug for a content blocker app I’ve never heard about, which upon further inspection happens to be sold by the author.
Sorry, I wrote this blog post too fast because I was/am a bit angry and didn't notice my usage of jargon without explanation.
It is a “Progressive Web App”. Sorry for the jargon usage without explanation. Basically it is a marketing term used to place some new web APIs and best practices into an umbrella of a “near native UX on a Web App”. What it usually means is that your application is:
* Served from a secure context (a requirement for the other APIs anyway).
* Has an application manifest (this contains metadata about your web app and is used by browsers and OSs to add icons, names, themes, etc)
* Has a service worker (which enables your application to potentially work offline beyond what other cache solutions did in the past)
So with these in place, browsers can offer a “Install this site and an app” feature which allows the site to open in its own window, with its own icon and name on the launchers and home screens.
Thanks for your reply :) I recognize often articles are meant for a specialized audience and shared here without the author even being aware of the site, so it's unreasonable to expect that everything be described to a total neophyte, but sometimes I have to laugh at the buzzword articles that get posted here about how to implement foo in bar on baz, using a fizzbuzz framework running blarg, and I have no idea what ANY of those things are, having worked in tech for decades :D
Honest question - If you're creating an app like that, is a PWA really the right way to go? Aren't there other options available (such as creating a native app with a SQLite database)?
Sure you can do that. But now you need a Mac, probably an iOS device and pay $99/yr to Apple. If you're just providing a small one-off solution for a particular problem that you're not monetizing, the above may pose a serious problem.
For example, I (used to) maintain a tool that is essentially a save file viewer, but must store some data for decryption of said files. It's an Electron app, but could work as a normal website for the most part as well. I got a prototype of that up and it stores the required data in local storage. I don't want to maintain and host a backend for it, and I'm not too hot on paying Apple's developer fee for it, either.
You may say it's a fringe use case, and it probably is, but it's very much legitimate. I don't know why they couldn't have made storage for longer than 7 days with an extra permission to be requested.
Honest answer, it depends on the app. For some cases sure, just throw it in cordova and be happy.
It is my own personal take that PWAs are more powerful than we give them credit and that they could be used for private apps without backends where you leverage the benefits of web distribution while keeping data private. Doing the native/hybrid app forces you into dealing with gatekeepers, distributing on the web does not.
There's swathes of apps that will never be allowed on popular app stores (gambling, porn, sometimes apps that Google or Apple doesn't want competing with their own services). You can created a native app but it'll only be usable on Android.
Native applications also require acquisition of a Mac and a $99/year membership (iOS) and $25 (one-time fee for Google Play). A web application is mostly hosting costs which can be near free if you use the right cloud services.
I don't know of an alternative that will let me develop a small tool that will be free to develop and distribute, is not subject to restrictive store policies, works on desktop and mobile and is capable of things like accessing the device's camera and location when necessary.
I'm personally a fan of PWAs because they can't secretly write identifiers to my phone's SD card, they can't extract my contracts, they can't monitor my location in the background, etc. Sure, modern smartphone operating systems allow you to set up proper restrictions, but that puts the responsibility of making applications behave on me instead of on the phone.
Sure, native applications have their place (geofencing, native performance, file system access, system APIs) but in my opinion so do PWAs.
If you don't have a backend and don't want to use sqlite or something externally you can't save your data with the expectation it won't get erased. Before this change someone could manually clear storage, running out of space could trigger erasing this, etc. Now things clear after 7 days.
If you care about saving that data forever don't use local storage. Just like don't expect cookies you set on the client not to be modified by the client.
It is fine if your apps use only 1st party scripts and not 3rd party scripts.
> If your web application does experience website data deletion, please let us know since we would consider it a serious bug. It is not the intention of Intelligent Tracking Prevention to delete website data for first parties in web applications.
A lot of "normal" apps treat local storage this way. A lot of those apps are basically a wrapper around a WebView. Why does apple accept it there but not for PWA:s?
It’s always been impossible to rely on local storage for long-term use.
Users clear their caches. They swap browsers. They swap machines. They use their phone instead of their desktop. They use private mode, or sand boxing. They re-install their OS. They buy a new machine.
Don’t be lazy. Using local storage without a backup is not acceptable.
And what kind of ‘progressive’ web app expects all the features in every client? Have we forgotten what progressive means?
Don’t be entitled. You are not more important than your users.
Based on the blog, it sounds like he wants to downloaded RSS feeds to the user's device, and not store them on his server to speed up development (all those complaints about FAANG being able to develop at web scale and him not wanting to run a backend).
Then, if the user clears cache or changes computers, they lose the stuff they were following and have to wait for new items, but it's not the end of the world. They might even expect it if you name/describe the app a certain way.
E.g. if you download an app called "Podcast Downloader" that says it just downloads any new podcasts from feeds you follow for your later offline consumption on your current device - you might not expect a podcast on your phone to magically jump to your desktop without a re-download from the original site.
Seems like it could be a valid trade off if it lets a front end only web dev publish apps he couldn't publish otherwise because he can't/won't do backend. Storing user media on the backend is not cheap. The company I'm at has spent months of developer time moving over from Google to Amazon, for example, just for infra cost improvements that come from serving terrabytes of data off one instead of the other.
I already have a comment on this subject in a thread here but I believe this should be stressed more explicitly.
Apple didn't kill offline web apps. You can always add an interaction to your app which exports the stored data into a file which then can be saved by the user. It can be done entirely on the client side as well. If anything died here, it is the implicit consent by the user for allowing unnoticed storage space consumption. Implementing an export function will automatically make your app portable, which is always appreciated I believe.
Most data on local storage is some kind of structured tree, table or blob. All can be exported with only little effort.
HTML5 games -> Prompt user with a dialog to download saves/assets after they play the game for a while.
Productivity apps -> Detect "ctrl/cmd + s" to prompt a save dialog. Add save buttons somewhere visible.
Map like apps -> Do nothing. If the user is not visiting the map for 7 days, they don't need the map data persisted either. If necessary, allow explicit save with UI buttons for people who travel often.
Apps/sites which use local storage for auth related artifacts -> Notify users if they click "Remember Me" and explain them the caveats. Allow for encrypted save if users ask for it.
Kiosks -> Use Electron or a similar tech.
I am open to counter arguments. I don't have any idea about how mobile browsers behave for the scenarios stated above.
Edit: I use draw.io since last year and the experience there is as refreshing as it can be in this SPA jungle. I use it as a good example to learn from for my own web app projects.
This might technically work, but is an absurdly user-unfriendly.
Name a modern game that required you to manually manage game state files, let alone didn’t have autosave. It’s a feature users expect, and they’re going to have a bad time. I don’t want to play a quick game on my phone and have to remember to save and where I am keeping my save files.
I’d argue a far better options would be just to treat local storage as a permission like camera or microphones.
While I agree that it’s ideal to treat localstorage as a permission, as someone who has played a lot of games over the years I can tell you that I wish I could manually manage game state files.
The current way iOS does it (either keep the game installed forever or erase all your progress when deleting it) is a huge barrier to me getting invested in iOS games at all.
With “save progress to file” (and loading), I would be a lot more comfortable.
I would still want autosave though. No way do I want to go back to the era of “oh all my work for the past 6 hours is just gone?”
Our suggestions are not mutually exclusive options. Both can coexist if the developers are ready for the implementation burden.
The issue with the permission model is there has to be a mechanism to prevent overuse which I believe is always worked around by annoying the user with the prompt as often as possible until they concede.
I don’t even play games but I wouldn’t expect a web game to store all of its metadata in my local storage. I would expect it to store data on their own severs and only store active gameplay information locally.
My browser storage is not a game developers long term storage, its a cache.
Cookies can be used for storage for up to a year, but it’s commonly accepted that browsers vary in implementation of this based on user settings. So why wouldn’t user settings exist for other kinds of permanent or session storage? Google Chrome is so dominant in both browser-making and standards-making that we’ve forgotten the browser — and user — is always king when it comes to the web. If users want permanent storage they will use alternative browsers for those particular sites. And while site authors can block Safari with a prompt, it’s then up to users to change browsers. Presumably for developers these will have knobs to tweak so local storage can continue working in alternative browsers on iOS the way it always has. Presumably Safari will eventually get a config toggle for this setting if it isn’t already there. Users already don’t notice when browser history is cleared, though advanced users will configure this by following instructions on Google. Same here.
> Google Chrome is so dominant in both browser-making and standards-making that we’ve forgotten the browser — and user — is always king when it comes to the web. If users want permanent storage they will use alternative browsers for those particular sites.
No, they generally won't. There also aren't really any "alternative browsers" on iOS, they're all Webkit-based.
> So why wouldn’t user settings exist for other kinds of permanent or session storage?
Nobody is saying there shouldn't be any settings or consent in this regard. What we get here is not a setting, we get one major player deciding that there will be no way to properly implement offline web apps on their platform.
I disagree that there’s no way to implement an alternative to Safari, besides Chrome there’s also iCab and other browsers that show not only a completely different UI but also innovative new features. Even if WebKit makes it impossible to remove this restriction, a third-party browser could find a way to intercept calls and keep its own local storage, read and backup native local storage, or provide other means to local storage via proprietary JS APIs, and if that browser is Chrome, it will gain traction. Especially if Apple changes iOS to allow users to change default apps.
Why? Are you paying for it? To you, it's trivial amount of data that you can wipe if you somehow desperately need the 1mb, to them it quickly adds up to significant costs.
I find this position absurd, just like the suggestion that everyone should start programming complicated user hostile save flows.
The article as well as my concern here is not about the browser proper but web apps like you install onto your phone and one of the major points of is that they work offline despite t
>You can always add an interaction to your app which exports the stored data into a file which then can be saved by the user.
But... why? Drag the user through some dialogue to save a file locally / manage / be responsible for that and then deal with that whole deal? That seems like very... old / unnecessary.
The fact that applications store some random things locally to me is neither surprising nor a hassle. Browsers already cache files and etc. Unless I don't know something... LocalStorage and other non cookie options seem just fine / safe.
I get the concerns about cookies and such but this seems a step beyond what is needed into the realm of unnecessary / a hassle for the user.
Maybe I'm missing some bad patterns / dark patterns using LocalStorage and etc but it seems to throw them out with the bathwater.
I think that is reasonable ... maybe if the prompt is ... reasonable.
I'm kinda averse to the OMG COOKIES and other super technical warning type prompts that worry users, but really don't successfully educate them or direct them too good outcomes / choices. Granted education / good outcomes aren't easy tasks there, but what's the point of a prompt if the decision is made by an uneducated and just annoyed user?
I like the idea of empowering users, but not so sure about how we do it on the web / the best way to do it.
After the number of times my Firefox and Chromium profiles have been wiped clean due to browser or packaging bugs it's become clear to me that localStorage is not the end-all in terms of data persistence. It's always been a "best effort" rather than a guarantee.
Browsers offer a lot of useful functionality, but people increasingly expect them to be a replacement or substitute for an operating system, and in terms of being operating systems, they're all pretty lacking. Mozilla learned about this with Firefox OS (it was pretty cool though, RIP)
Well I've never lost anything other than the list of open tabs, and that's despite using alpha versions of firefox and chrome half the time. Cookies and localStorage aren't guaranteed but they're pretty reliable. I've had more trouble from native phone apps losing data than browsers on all platforms combined.
Then that's just my ignorance - I've never used Chrome OS, though I was heartened to see they were migrating to standard PWAs instead of proprietary parts.
I worked with Firefox OS back when Mozilla was seeding dev kits to software companies. It was a great concept but really seemed marred by bad hardware and then organizational paralysis. IMO this is one of the greatest missed opportunities of the last decade - an (actually) FOSS alternative to Android and iOS. No one else making attempts in this space right now has close to the same engineering experience as Mozilla.
For Safari, Apple adding any PWA features came off as them rolling their eyes, sighing loudly and then putting out a half-assed attempt to deliver years-old standards. And rather than switch to a unified extension architecture like Chrome and Firefox (which they were very close to in previous versions), they've gutted extension support to the point where you need can only bundle very limited extensions with compiled MacOS apps distributed on the App Store.
I don't really understand what Apple is even playing at by offering features but not taking them seriously. But I just don't think the LSO expiry move is _that_ user hostile in the scheme of things.
>I don't have any idea about how mobile browsers behave for the scenarios stated above.
That's the problem, it won't work there. Apples support for PWA's is frustrating to say the least.
It's fair that you might need consent from the user before storing and keeping large amounts of data, but by removing the option you are forcing a bunch of developers to make a native app instead of a webapp which I find quite infuriating.
Implicit consent is lack of explicit consent so yes, apple fixed the problem by inventing another one. The thing is, this new problem of missing the explicit consent is easier to fix than going all in with the implicit approach. Not sure if Apple will follow though.
Dear lord, I hope you don't have any UX design responsibilies.
> Apple didn't kill offline web apps.
Yes, they did. For an app to work offline, you need to be able to at least cache the app itself. If that gets wiped after seven days, you can't call your app "offline capable".
> If anything died here, it is the implicit consent by the user for allowing unnoticed storage space consumption.
What about the "implicit consent" that bandwidth is being consumed?
> You can always add an interaction to your app which exports the stored data into a file which then can be saved by the user.
That would be awful. Imagine being prompted to import your data every time you launch it.
Maybe that sort of works with document-centric apps that have no persistent settings, but even then it wouldn't be possible to integrate properly into the file system in the way users would expect (file assocations).
> HTML5 games -> Prompt user with a dialog to download saves/assets after they play the game for a while.
More like constantly reminding the user that their valuable progress gets wiped after seven days, should they make the poor choice to run the app offline.
> Productivity apps -> Detect "ctrl/cmd + s" to prompt a save dialog. Add save buttons somewhere visible.
Same as above, except the data might be even more valuable.
> Apps/sites which use local storage for auth related artifacts -> Notify users if they click "Remember Me" and explain them the caveats.
"I'm sorry, we made a decision to write an app with technology that, in hindsight, we shouldn't have used. Therefore, your user experience will now be more annoying. Thanks for sticking with us while we're rewriting the app!"
Your response sound a little angry but maybe the tone is lost in the text so I will respond in good faith.
> I hope you don't have any UX design responsibilies.
I don't. We are safe. :)
> For an app to work offline, you need to be able to at least cache the app itself.
You can still do it, for a limited time. Your mission critical app will work offline if you are not planning to isolate your device from the internet forever. I know this doesn't solve the issue but I believe it is the lesser evil.
> What about the "implicit consent" that bandwidth is being consumed?
This always bugged me as well. This is unexplored territory for all browsers if I am not mistaken.
> Imagine being prompted to import your data every time you launch it.
I don't have to. I use draw.io excessively and it prompts me every single time. I actually appreciate the experience but I am a sample size of 1.
> More like constantly reminding the user that their valuable progress gets wiped after seven days, should they make the poor choice to run the app offline.
If it is valuable, maybe browser is not the best medium for it. Here, Apple's anti-consumer practice with its App Store becomes more relevant than Safari's localStorage algorithms.
> "I'm sorry, we made a decision to write an app with technology that, in hindsight, we shouldn't have used. Therefore, your user experience will now be more annoying. Thanks for choosing sticking with us while we're rewriting the app!"
"In order for 'Remember Me' to work as you expect, please visit us every once in while <3"
> If it is valuable, maybe browser is not the best medium for it.
Progressive web apps are not "the browser". It's a platform to ship apps using web technology that integrate into the operating system pretty like any other app, at least from the user's perspective. It works well enough on Android.
If you have to explain to your users all the caveats that such an app has on their platform, it just becomes pointless. If it becomes pointless on iOS, then it becomes pointless in general. You might as well go with a Web View app then.
Of course Apple has never been all that enthusiastic about PWAs, giving half-assed support at best. It was never a great platform to begin with, but now it's effectively dead in the water, at least for apps that are expected to work offline.
Doesn't make sense, just ask the permission to use the local storage to the user if that is the deal.
But that is not the deal, the deal is that they fear that more and more developers are moving to webapps instead of developing native apps that need to pass trough the App Store and thus be approved by Apple, and they don't like that.
Also you could sync data to an API and offer a login function. If the cookie expires, login and download your data again. This could be end-to-end encrypted for privacy, and having remote storage enables other clients to login and access the same data. Either way it's wise to have some kind of persistence option beyond just cookies and localStorage.
It's annoying how far Apple is behind Mozilla and Google when it comes to progressive web app functionality, but I don't think their action is as user-hostile as is being raised here.
It seems like the Storage Standard [1] could be combined with the writeable-files proposal [2] to permit the same sort of behavior for local files-on-disk webapps as mobile apps receive, where they can download large asset files and store them on disk in a persistent cache:
This sounds like a death-knell for my personal project: a fully decentralized collaborative task/wiki, built on ipfs, and encrypted against your blockchain wallet. I had just migrated the backend from firebase, too, and was ready to re-launch the beta next week.
Pretty much any PWA that was using ipfs as anything but a caching/distribution layer is no longer viable. This is a huge blow to decentralization technology.
Sure, you can make a standalone app, but that is going to cripple already difficult adoption.
I'm coming from a decentralization tech background as well and was working on similar stuff. That's why I'm so angry at this arbitrary decisions by Apple. This is just them breaking something that has been working well.
Rather than wiping local storage/indexed DB data after 7 days, could you not just make it an opt in thing, like the camera or mic? For example, ask users "Allow myapp.com to store app related data on your computer?". If they allow it, then give access to local storage APIs, otherwise don't. That way users can still have fully local PWAs if they wish.
As an ardent PWA developer, this change annoys me immensely.
> Heck, they could even go further and ban apps from corporations like Facebook, Inc., and Alphabet, Inc., that have violating your privacy as the core tenet of their business model.
If Apple were to ban the Gmail app (and obviously block web access via iOS too because that would be a loophole otherwise), I would throw away my iPhone, swear off business with Apple, and search dearly for a way to sue them.
I don’t love the walled garden iOS represents, I merely live with it in exchange for great hardware and UX. If the bargain changes to be more restrictive, I would turn against it in a heartbeat.
Thinking about that, is no surprise Apple is striking out early to make web apps useless. If they wait too long, they will become entrenched, and people will feel like they have lost something if access is restricted. Apple really wants to jealously protect its control, and more importantly ability to take 30% tax of every transaction that they can perceive.
We use local storage for features in hubs.mozilla.com when most sites would use a database, because we want to minimize storage of data in our servers to increase privacy. This basically will now force us to store this data in our database for safari users, eroding their privacy.
I have a copy of my “DAT Shopping List” demo I last opened about 6 months ago saved to my iPhone home screen... I opened it, and the data was still there. I’ll be really sad when I open it again after iOS autoupdates and the data will be nuked.
Granted, this could turn out really well if the industry adopts another standard which requires user permission, overcomes this limitation, overcomes the existing limitation of LocalStorage on iOS getting automatically cleared when a device is low on storage, and overcomes the problem of sites being able to use up a lot of storage on users' devices without their knowledge.
I'd be very welcoming of such a standard. These could be good future replacements if the industry can adopt them:
Maybe I'm being cynical here -- I'm not a web developer but have lots of experiencing managing web-based products -- but if you want to have state you should store it in the cloud, because local devices are volatile. Xbox Live, for example, uses a fairly simple service for cloud saves for games; local saves still happen but any developer has the option to push saves to the cloud. The author definitely raises good points about how it's easier for developers to not have to worry about it, but cloud saves have some hefty benefits, like multi device support, user getting a new device, etc.
Yes, you're correct, but have you ever used an app that worked offline or performed well with a poor network connection? Or a website maybe provided wicked fast data access despite only having a 2G connection?
These technologies can be leveraged to improve usability. Unfortunately, advertisers and 3rd party trackers make it so we can't have nice things.
Rightfully so. We won't have a cookieless world if the entire tracking industry basically just switches to LocalStorage when cookies finally die. Enough whack-a-mole.
Safari already was lagging behind Chrome, Chrome forks and Firefox in a lot of feature adoption. This will only make it more of a "new Internet Explorer", a browser that sites recommend you NOT to use.
Lol, 50GB unexplained mobile data consumption. That'd be 3 months worth of rent on my mobile data plan. Good luck ever getting out of debt if that happened on some more expensive international roaming.
By Gordon Kelly, who gained notoriety for his "nasty surprise" set of iOS articles he'd put out whenever there was a new iOS update. Glad to see he's still at it.
Normally when one said "the new Internet Explorer" he meant "the browser that was always recommended to use", "the browser that stopped innovation because it was almost the only one used".
The article doesn't exactly cut to the chase. Here it is:
> "...But deleting all local storage (including Indexed DB, etc.) after 7 days..."
From the Apple announcement:
> Now ITP [Intelligent Tracking Prevention] has aligned the remaining script-writable storage forms with the existing client-side cookie restriction, deleting all of a website’s script-writable storage after seven days of Safari use without user interaction on the site. ...
On one hand, I don't like this direction from Apple because it's meant to boost Apple's proprietary app store business -- which directly competes with the open web -- but masquerades as a privacy issue.
On the other hand, this direction keeps web devs honest: local storage, service worker, cookies and other script-writable areas are meant to be temporary.
I see nothing in any of the specs that implies local storage was intended to be temporary? You could argue cookies, maybe, but even that I'd dispute: it is a user-agent, I should be able to tell it "don't delete my stuff". I already have browser controls over my local storage: I can go into settings in every reasonable browser and flush that down the tubes.
If privacy really is the thing, why can't I have an extension on ios to let me expire various cookies/storages on a per domain name basis, eg so I can write my extension to limit some cookies/storages to minutes or even seconds depending on how hostile or blacklisted such things are.
Other domains I'd actually prefer to be indefinite. I've got a notepad thing that uses local storage and doesn't store its data on the server. There's no excuse for deleting its data since its user data. Apple therefore has no permission to delete that data. Do I have a non-cloud workaround for that?
I wonder whether my irritation over this is strong enough to App up JustAnotherIOSWebKitBrowser with an extra API just for per site storage explicitly controlled by user. Literally to run a notepad and some kind of extension thing.
Its likely blocked by app store rules. Supporting extensions is probably forbidden.
Anyone care to be more authoritative based on their AppStore knowledge/experience?
Good question. The definition of a "progressive web app" is vague. What they seem to mean is a web page which, once you visit it, is cached locally, and thereafter runs locally. The web page accesses various servers, not necessarily ones from the same domain as the web page. Persistent state, if any, is stored locally. The page gets its own icon on the home screen somehow, so it sort of looks like an "app".
Apparently "progressive web apps" are supposed to have a browser service worker so they can get notifications pushed to them from somewhere, although it's not clear why that's essential. That would seem to depend on whether the function performed requires being notified of something happening elsewhere.
Apple apparently dislikes this because they don't get to force people to use their store, with their big cut of the revenue.
Is that about right?
Does this only apply to pages read through Apple's browser, or does it impact Firefox, too?
1. The app has an app manifest describing metadata about the web app, enabling it to be treated like an app (e.g. it can be installed)
2. The app has a service worker, enabling it to work offline like a native app.
3. It's served over HTTPS.
Those are the 3 technical requirements of a PWA.
There's also the philosophical direction of Progressive Web Apps: they're progressive, meaning they offer the app's essential experience no matter the device, but enhance progressively based on the device they're running on. That is, more capable devices let the app offer more functionality without blocking out users on lower-end devices.
> By now, most people are aware of the amount of surveillance and tracking that their web usage is subject to on a daily basis and how this data can be used in ways that do not match their own personal values.
The data for "Local Storage" is stored in ~/Library/Safari/Databases -- you will need to give Terminal access to the Safari directory as the current Sandboxing works both ways, Safari stores security config info in this directory and scripted malware could / can exfiltrate data and change values in this location.
To violate privacy (aka enable tracking) a sub-iFrame could be set up that uses "local storage" with a parent page security policy that allows communication across the iFrame boundary. Sorry, yes, I am being a bit vague.
Who cleans up ~/Library/Safari/Databases? I personally see crud in this directory from 2011 that has been migrated from older systems.
Almost not relevant now, but Flash also had a "local storage" system that was shared across all Flash Apps. It also allowed (before sandboxing) local apps to proxy and communicate (via shared memory) with any standalone Flash App on the system through any page that used the Flash plugin -- i.e any running web browser, violating all attempts to have web compartmentalization rules.
I think some threads have been merged. I am now seeing some posts that confirm what I say above, but were made earlier in time that I had not seen. My experience and perspective is from security and privacy defense, rather than "find the loophole".
[edited for clarity]
Is there any evidence that local storage is being used as a pseudo-cookie way of tracking users? If so, keeping local storage saved while regular cookies are being deleted would defeat the purpose of deleting cookies for anti-tracking reasons.
I was in the adtech world about ten years ago, and localstorage was definitely one of the things used for "supercookie" stuff (along with Flash, etags, and probably other stuff I'm forgetting).
I'm the OP and I'm crying because I'm working on apps that don't have backend so that your data is yours and never leave your computer. This is now impossible for WebKit users.
Sorry if I sound rude, but my conclusion from your article is that the problem here is you don't want to assume the costs and resources needed to build a backend and blame Apple.
Please read the HTML/Web Storage standard [0] and try to find where Apple is not honouring it.
Even before this move by Apple, you should already had to consider localStorage to be subjected to being wiped by actors not in your control.
On top of that, localStorage privacy concerns were also in the standard. See section 11.4.1 [1].
Nevertheless, I reckon Webkit should expose the option to the user.
I feel your pain, I really do, but I can't see how Apple made PWAs impossible.
Our company has started shaming iOS. We tell users that because of a commercial policy aiming to increase their revenue from their App Store, iPhones and Ipads "do not support the Web 2.0 technology enabling powerful experiences for web sites and web applications, while Android and Windows devices have been supporting this technology since 201x". We briefly explain in one sentence that it would not be the best use of our resources to try to bypass Apple's technological decisions but that they should contact Apple for further information.
We then link them to a $30-$50 Android device that they can buy on Amazon and use as a second device to use our services "if they are interested in a more powerful web experience". We provide a basic version to all users, but put a shamewall for advanced features. Best use of our time and resources.
It is time to push back, stop making Apple's problems your problems. Educate people without ranting and offer them solutions, developers have the bad habit of trying to cover up this kind of non-sense and taking the blame while really Apple are the ones who should be ashamed. If people love your product/service getting a $30 phone to be power users and make their life easier and their experience richer will not be a big deal for them. It's all about educating them the right way.
Obviously I have no idea what your product is but if I got that message I'd just likely go to one of your competitors (assuming they exist). I wouldn't go and buy another device unless it was for an absolutely critical application.
And that's the real nature of the market, isn't it? If enough third-parties aren't willing to play by Apple's rules, Apple will have to modify the rules.
They're a stubborn company, but it's happened before. They've also been burned trying to own a standard when a common consensus exists they can't control before.
Exactly. It sounds to me like websites that refuse to load in GDPR countries. Good, if you can’t support me I don’t need to support you.
90% of software engineering (or engineering in general) is finding solutions for difficult problems. Throwing up your hands and saying you refuse to support one of the most popular computing platforms is certainly a decision that any business is free to make, but then again as a consumer I’m free to make my own decisions as well.
OP doesn't need to spend excessive money on developing for a Evil company, and those who buy their products can go to a competitor with a more expensive product.
Nearly everyone has at least one non apple product, so it seems like it would be a problem for a limited number of users.
What technologies does Safari not support that you need?
That’s a genuine question by the way. I’ve been frustrated by Apple’s reluctance in the past but since they implemented Service Workers things have gotten better. I still really wish they had Web Push but I do understand at least conceptually why they’d be hesitant.
... or find it really necessary. Banks, for example, have the clout to expect this kind of behavior. The built-up reputation and long-term partnerships a company and a bank build up can out-value all kinds of IT inconveniences.
I don't know if you meant from the consumer perspective, but if my bank started telling me what kind of a phone or computer I needed to have to use their services I would definitely find another bank! I'm not sure if clout is the right word for what what banks have, it's more like a kind of lock-in because of having to sign a million pieces of paper to change banks, that makes people put up with a certain amount of IT inconvenience, coupled with the fact that usually the competition is equally inconvenient.
My bank logs me out after ten minutes of idling, not seven days. Not sure what kind of crazy bank allows you to persist login session / personal data indefinitely.
I was responding specifically to the question "I would have to REALLY love your service to want to carry around an extra device to use it." Some people's banks require their users to carry around a rotating 2FA key dongle, for example.
> If people love your product/service getting a $30 phone to be power users and make their life easier and their experience richer will not be a big deal for them.
So you're suggesting shifting the development costs of you building a native / cross platform app directly to your customers? Does this work?
In addition to what others have said, I think the effectiveness of this likely depends heavily on the target audience - to a non-technical user, this will probably come across as lazy. From their perspective, everything else works fine on Apple, so you must be complaining about nothing.
Of course, if everyone did the same, people would start to realise the problem might be with Apple, but the chances of all (or most, or even many) big web services deciding to alienate such a large portion of their (potential) customers seem slim.
In the general case, almost all websites and web apps don't need offline storage at all.
But the ones that do often need it for very business-enterprise reasons, and here Apple is taking a bit of a risk. I've watched companies hang onto old versions of Flash well past the sell-by date because for quite some time, it was the most practical platform to build a cross-platform videoconferencing client in. And once it's built, the opportunity cost to throw it away and switch to [OTHER_TECHNOLOGY_X] matters.
What did we expect? I mean how long is it now that Apple refuses to implement the Push API properly (which in turn is a basic requirement for many PWA use-cases). They clearly try to use their influence to defend their App Store revenue. And to make it look good, they do it in the name of privacy.
Offline Web Apps were already weak(i.e. CORS restrictions). Now they are even more useless with this storage limitation. You can't really blame Apple.. after all, Google claimed that offline web apps are nothing more than websites so that's what we have... I don't mind if Safari deletes offline data stored by websites every week so why would I complain about "offline apps" ?
My point is that Offline Web Apps (i.e. PWA) that are installed on user's desktop should have a bit more permissions than websites but people in charge(google, apple etc) seems to think otherwise.
As for as "persistence" is concerned I really care only about offline PWAs. Why would a website need offline data after 7 days? It would improve performance, that's true but everything else should be "fresh" unless that said website wants to actually behave like an "app".
Maybe the "website" should ask the client to be installed as "app" if the user wants to take advantage of persistent storage(and other "app" features) . Asking the user to install(which is actually just a kind of bookmarking for PWAs) isn't that much of an effort if the user is planning to use it regularly.
I made one of these. We generally expected users to be offline for at least a week. Probably using the app regularly on their respective devices (but possibly not), and syncing data again when they had a good internet connection. Uses Dexie and React, syncs with a horrible Drupal site. It's always going to be uncertain to rely on a database held at arm's length by the browser, but in practice it worked incredibly well on all manner of devices. I guess it won't anymore. (Thanks, Apple!).
This is absolutely a necessary change on some level, but I think if Apple wasn't in complete control of a web monoculture (and obviously uninterested in anything that doesn't sell more iPads), it would be possible to steer this API towards that without breaking a bunch of peoples' stuff.
I think this is a good idea. Developers should not be able to store something on my computer indefinitely without my consent. This doesn't apply to applications users add to their home screen.
This doesn't "destroy" the PWA ecosystem. Just makes a user's intention explicit when they save a PWA to their home screen, rather than continuing to use it within the browser.
One of the pages linked there just says local storage is used to store stuff... yeah? It's still not as wide open as cookies.
You could use local storage while doing other things, but i'm not convinced it's a serious issue with tracking or etc. ... and if ANY storage is considered an issue I think we're in for a big snowball effect on what we should or shouldn't allow from ... anything, including native apps, etc.
I get that controlling the walled garden is apple's mobile strategy now, but this is costing developers so much blood sweat & tears.
Both xcode and android studio are heavy + horrible compared to web, and the fact that you have to use both tools to release at scale makes them worse. Shopify wrote a dev post a few months ago saying 'we're react native as much as possible now' and claiming it makes life easier, but react native is worse than PWA because you still have to build for mobile 2x and deal w/ app store nonsense.
If PWAs supported push on ios, with or without cookie expiration, they'd be the preferred launch strategy for most non-game apps.
Hasn't aggressively controlling the walled garden always been Apples strategy? I don't see them changing any time soon. iOS didn't even have an app store initially, and it took a lot of pushing for that to happen (they realized Android was going to eat their lunch if they didn't).
This "feature" also invalidates the use case for WebCrypto API, since a user's keys would be stored in IndexDB, which now means keys cannot be safely persisted.
Since when was software freedom synonymous with we should all want to use PWAs?
I’d be happy if Spotify gave me an API key and essentially went away except for a monthly bill.
But software has to be a product the masses get first to get made in our world.
I’m glad some folks are having their itch scratched but free streams are more than enough and I can wrap them for consumption as I choose.
Once again building your life around importing someone else’s priorities turns into an exercise of despair from not learning how reality doesn’t stand still no matter how hard you hope it will this time.
I have many useful files in my computer, which I don't want to be deleted. You are saying, that it is ok, if the OS deletes all files in my computer from time to time.
A local storage is the only way webapps can store any data in your computer (other than asking you to manually load / save some configuration file). Not all webapps can afford cloud storage for all user.
I am not saying that it is OK to delete all your files. I am saying it has always been like that in the case of a browser's local storage.
As I said, that use case was out of the window long before. From the start, as far as I know.
No browser has ever given you any definite promise on whether your local storage data will be kept. That's also true for IndexedDB. So you need a mechanism to restore that data, be it cloud storage or something else.
If you wanted to support Safari private browsing, you even had to deal with local storage not being available _at all_.
I disagree. The IndexedDB was introduced as a permanent way to store data (which is not deleted after closing a website). As it is the only available standard for permanent storeage, I think it should be deleted only if the user asks to delete it (the same way you delete any other file in your computer).
Of course, browsers are free to do whatever they want. But the user can (and will) switch to the software, which does what he or she wants.
You disagree with the status quo implemented in browsers or you disagree with the decisions that were made years ago (by browser vendors), because you basically cannot guarantee for that (disk full, privacy settings, private browsing, etc.)?
It's different if there is a technical limitation (disk full - computer tend to barely function in this state anyway), or the user has opted in to ephemeral storage. But to not give users the choice to store things permanently is quite a severe restriction.
> As mentioned, the seven-day cap on script-writable storage is gated on "after seven days of Safari use without user interaction on the site." That is the case in Safari. Web applications added to the home screen are not part of Safari and thus have their own counter of days of use. Their days of use will match actual use of the web application which resets the timer. We do not expect the first-party in such a web application to have its website data deleted. If your web application does experience website data deletion, please let us know since we would consider it a serious bug. It is not the intention of Intelligent Tracking Prevention to delete website data for first parties in web applications.
[1] https://webkit.org/blog/10218/full-third-party-cookie-blocki...