Difference between revisions of "Native App"

Revision as of 17:59, 5 November 2018

Full Title or Meme

A digital Entity that is operating on a User Device, but is typically supplied by the Web Site or some Federation.

Context

• When discussing the use of the internet by a user, what is really meant is the presence of the user's agent on an internet connection.
• Typically the Native App will run on a User Device in the user's physical possession, but it is possible that the agent is running on a service in The Cloud.
• The Native App may act like a browser and supply an HTTP user agent string, but it should not be considered to be a User Agent.

Problems

• Nearly any application running on a user's device is allowed to access the internet and claim that it represents the user. There is no built-in mechanism to test this assertion by an internet connected service. The internet was designed to connect computer systems, and that is all it can be relied upon to do.
• Any Web Site that wishes to create a Persistent Identifier for a User will need to take responsibility for any necessary Assurance that the Native App has not been compromised by an attacker.
• Most of the larger enterprises operating on The Web prefer to supply a Native App to the users device to improve the User Experience for that site.
• To be sure that the User's intent is expressed by the Native App appears to be an insurmountable obstacle.

Solutions

• Certification of the Native App please refer to page Native App Security.
• The Native App should perform all Authentication of the user by way of a browser (User Agent) selected by the user and running on the user's device using a trusted Identifier or Attribute Provider.

References

1. Native App Security
2. Native App Privacy
3. W3C page on web apps.
4. IETF RFC 8252 OAuth 2.0 for Native Apps https://tools.ietf.org/html/bcp212#section-7.2
5. Apple App Store Review Guidelines https://developer.apple.com/app-store/review/guidelines/