How to deal with domain-specific PWA-Wrapper-Apps (without additional functionality)?

Hi community!

I didn’t find a lot of discussion about that topic, so i would like to hear some opinions on that.
The only relevant thread i found is about PWAs in general.


So, there are app submissions whose only functionality is, to provide a webview for one domain.
For example, a mastodon instance wants to have its own app.
… which is btw a fork of an app which is already available in the repo and seems to be discontinued.

First, I’m not sure what’s the correct term for this kind of apps. I call them “domain-specific PWA-Wrapper-Apps”. If there is a better name, please give me a hint :slight_smile:

A few thoughts (cons):

  • the “real” app functionality is not provided via the FOSS appstore, but gets downloaded and updated from the 3rd party server.
  • Even if the used server-side software is FOSS, there is no control over the source code which ends up on the phone.
    Sure, this argumentation could also apply to web browsers etc, but unlike domain-specific PWA-Wrapper-Apps, they can be broadly used as an abstract platform receiving content and functionality.
  • And in terms of security: Maintaining a few well established web browsers is much simpler than - let’s say - hundreds of domain-specific PWA-Wrapper-Apps.
  • F-Droid puts a lot of effort into reproducible builds. This goes just the opposite direction.
  • There is the A2HS Feature in modern browsers available.
  • Apps which are strongly connected to just one service and don’t bring any benefits compared to their website, feel a bit like Trojan horses for using F-Droid as an advertisement platform to me.
  • The philosophy behind the concept of PWA is, that they can exist independently from platforms and app stores as long there is sth like an open web. I think this concept is worthy of support, and it hurts to punish apps just for using this great technology by refusing the inclusion to the repo. But: I claim that it only makes sense to host an app on F-Droid if the main functionality is already included in the apk.

On the other hand (pros):

  • Having an install-able app which is searchable and listed on F-Droid can be handy for inexperienced users.
  • It’s hard to agree on minimum standards according to an apps functionality or code quality.
  • If F-Droid wants to be un-opinionated about an apps functionality, this whole thing is not an issue :wink:

thoughts about anti features:

  • Does the Non-free Network Services anti-feature apply to domain-specific PWA-Wrapper-Apps for Mastodon Instances if they just allow to use their own instance, but the server-side code is FOSS and the instance federates by default with other instances?
  • Do any other anti-features apply to this kind of apps?

Thanks for reading, i would like to hear your thoughts :slight_smile:

And another one: https://gitlab.com/fdroid/fdroiddata/merge_requests/4895

I did a bit of quick research into these PWA WebAssembly apps and decided to not allow them.

More than a few cons, seems like several :wink: . If the compiled code being sent from the server to the user could be checked against a strong hash function to verify that the code is open-source, then maybe F-Droid users could “openly” get PWAs. My concern is the user could be sent any code, violating open-source.

I agree with your “trojan horse” analogy.

Also PWAs operate on a newer, lesser adopted, programming language. In my experience, newer languages tend to have major security flaws. Java has been around for so many years that the holes seem to have been patched.

This isn’t really about “quality”, so much as whether it’s open-source. I understand that apps on F-Droid don’t download compiled-code from a third-party and simply run it, they might download some data from a non-free network service, and use that data in some way but never run the data as code.

Again this isn’t really about opinions, but whether FOSS (Free and Open-Source Software).

If I’m wrong though, do tell.

That’s a particular nasty one. It’s literally just an icon a webview for displaying a proprietary website, nothing else. 0 features.

@redplanet I agree with all pros and cons you’ve listed. For me personally such wrappers do not make any sense, they’re just hollowing out the guarantees F-Droid tries to give to users. Then again it’s convenient to trap proprietary sites in an app, especially when you can route their traffic over a proxy or something. I’d support a move to introduce a new anti-feature for such apps or even kicking pwa-wrappers out which add 0 features to a proprietary pwa.

Mastodon