The user is warned already on the App Store that installing apps from third-parties comes with certain risks via 'scare screens'. There's no reason they can't do the same for PWAs.
They probably will if they ever re-enable it in the EU, but they also built out over 600 new APIs and an accompanying system of entitlements to go with that scare sheet such that even if it’s “riskier”, they’re not just throwing up their hands and saying “alright devs, we scared them a little, so now go do whatever the hell you want”.
EDIT: I should also add that of those 600, that includes APIs Apple built out specifically for third-party browsers.
I think PWA developers are going to be pretty unsympathetic to 'your PWA is going be available again in the EU at some unspecified time in the future, when some Apple product manager decides to prioritize it for a given year's roadmap and it's all in the interests of protecting users from unspecified privacy and security threats that nobody seems to be able to define'. Most importantly, the EU may feel the same way.
Well to correct you, my position is more “Apple might re-enable this” more than “will”, which from their perspective I’m guessing is even worse and they will be more unsympathetic to it.
Personally I think Apple will, but I have enough doubts that I don’t want to make that claim.
> Most importantly, the EU may feel the same way.
That’s the rub. The EU has been arbitrarily writing new laws which mostly target foreign tech companies that don’t quite read “show me your bellies so we can pick out the choice cuts” but they’re pretty close. So the EU might do a lot of things, but if there’s an argument against them doing that, it’s what I said in my first comment above: it’s not worth any jurisdiction’s time to do so. That includes the EU.
You might need to support some technologies to get government contracts, but nobody ever mandated you had to support POSIX or J2ME or whatever to sell a computer or phone to regular people. That would be asinine, and a PWA mandate would also be asinine.
The arbitrary laws that the EU has been writing are the one of the last bulwarks consumers have against the creeping power of tech giants and these companies are making more money than ever in spite of regulation, so it doesn't seem to be affecting them too adversely.
The biggest abuses in tech come down on the adtech side of things where in order for them to make money, they need to know who you are, and they will do everything within their power to make sure that they do with or without your consent.
Telecoms companies (in which I am including carriers) also often fall within this because they are often envious of adtech companies and want what they have and can theoretically make better guarantees about who somebody is.
Not supporting PWAs isn’t in the same league, but I would also add to that: running a popular messenger, running a popular search engine, and controlling distribution of software on a popular phone platform. Spinning up new laws around terminology designed to have bad PR (“gatekeepers”) is pretty damn arbitrary as far as lawmaking goes.
I’m. It sure what I think about this yet, but I’m pretty sure I’m going to land on “allowing less privacy aware browsers to run web “apps” with heightened privileges seems like a recipe for disaster.
Maybe in the long term ther is a way to do it well. But for now I’m not sure.
Every app on iOS is sandboxed and the damage they can do is very limited. There's risks involved in opening up to third-party apps, and PWAs are only marginally more dangerous. Non-WebKit based browsers don't even exist today, this is not a real problem and won't be for some time.
The obvious solution for now is to enable WebKit PWAs and turn on PWAs for other as-yet uninvented custom browsers as they release, testing for privacy as they get released.
