The Web vs Apps Outcome

android.gifThere was time when some people thought the future of mobile development was the web. That thinking was based on the fact that the web was a common platform across all types of device and that would be the only way to solve fragmentation. If you look at the ‘Web Technologies’ section at the bottom of this site you will see I was sceptical.

In practice, we all know apps have dominated. While Apple and Google have improved their web browsers, they haven’t put in as much effort to allow the browser access to APIs nor improve the user experience for web-based apps. However, I believe the situation has become even worse than this.

The lack of browser-based access to native APIs has caused workarounds to be devised that are used in hybrid apps that contain WebViews and code included by most 3rd party ‘easy’ app creation tools. On Android these involve use of Javascript access to the Android native Context to call into native code. Unfortunately, as these are workarounds, they are very insecure. My article on ‘Use WebViews Carefully’ gives more details. Anyone using app creating tools based on WebViews or using WebViews in their app needs to be aware of these vulnerabilities. In fact, as of last week, outside of embedding in apps, even using the browser on its own has been the subject of a security scare.

A second problem is that there’s now no one ‘Android Browser’ upon which the WebViews are based. Niels Leenheer has a great set of slides that explains how browsers vary across Android versions, devices and phone manufacturers. The consequence of this is that getting any non-trivial WebView-based app to work across many device types is very difficult. The many 3rd party companies creating app creation tools based on web technologies face an uphill battle – as do people using their tools.

It’s ironic that the (web) platform that some people thought might solve the fragmentation problem has, arguably due to under-investment and lack of innovation by Google and Apple, become one that has security and fragmentation headaches.