Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

As someone who disables JavaScript while browsing, I find it disappointing that you are encouraging more developers to build web apps rather than a native experience.


You actually prefer when your phone runs native stalking code that you can't inspect or block?


I can't really inspect or block things in the iPhone browser either. The javascript is opaque and I can't easily inspect what it's doing or what it sends.

Web apps have a lot of access to your data as well, especially your location data.


Not if you deny the sites access to your location data, the permission for which is denied-by-default and is never, ever actually necessary for anything.


You can do the same thing with apps though too. So what's the benefit of moving to web in this case?


Because I honestly never know whether or not an app has permission or not to access my location. App permissions are granted when the app is installed, not when it's run. Furthermore, apps update silently, and are they giving themselves new permissions or not with each update? If I have given an app permissions to access my location, how do I see that, and how do I revoke it? And if I don't manually close the app, is it still running in the background accessing my location at all times? For how long? For websites, these questions are easy to answer. For apps, I find it to be an utter mystery. App permissions are mess; better than free-for-all OSes like Windows, but worse than the web.


> App permissions are granted when the app is installed, not when it's run

This is not the case in iOS, and I don't believe it's the case in android either, IIRC. You can also always audit app permissions via the settings app.

> how do I revoke it

Settings app. No idea how I'd do it in the browser, FWIW. Nor how I'd audit what permissions an app has.

> it still running in the background accessing my location at all times

Apple has a "allow location access only while running [in the foreground]" option as well. Not sure about Android.

> Furthermore, apps update silently, and are they giving themselves new permissions or not with each update?

They are absolutely not doing this. Security auditors would be screaming from the rafters if Apple or Google allowed app updates to change their permissions settings.


If you disable JavaScript while browsing but recommend that people install mobile apps, that's kind of like forbidding pocket knifes in a war zone.


Who said websites have to use JS? Your argument is orthogonal to companies using apps to harvest user information, and being blocked by web platform there. There's no reason Facebook, Twitter, etc. has to use JavaScript in their web experience.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: