Crypto API
From MgmtWiki
Full Title or Meme
The ability of any Progressive Web App to access cryptography engines on the device.
Context
- W3C web crypto API.
- Bitcoin in the Browser: Google, Apple and More Adopting Crypto-Ready API 2017-09-16
Problems
- Any web site can download a Progressive Web App for use whether or not the user chooses to "install" it and thereby pretend to be the user.
- If a wallet is installed by a web site, there is no way for another site to use it by sharing cookies as that has been blocked since 2022.
- There is no reason for the user or any other party to trust the app as it is not known who installed the app or why.
References
- Also see this wiki page PWA initiators for implementing in a Progressive Web App page.
