Sunday, December 21, 2014

Using browser versus app to deliver your services on mobile devices

The full fledged mobile computing devices are far more common these days than the desktops had ever been. The websites are delivering services more to mobile devices than the desktops. Google now claims to get more searches through the mobile devices these days.

Today most websites will ask you to download their app and install on your mobile device. With package managers like "Google Play Store" people find it extremely easy to do so. Just with a single click and a disclaimer of all possible privacy violations, people install the mobile app.

It is strange that html browser that has been the de facto standard for delivering content and untrusted code has been swiftly replaced by the mobile app. Browsers provide security from untrusted code as the exposed scripting language like javascript is managed code wih limited functionality. In cases where people install "native code" like Adobe Flashplayer, people are at mercy of the "severe bugs" in flashplayer that keep appearing every week. No doubt today that social engineering attacks targeting vulnerable flash player has been quite common on facebook.  Javascript engines never had that many issues.

If installing any "native code" is so dangerous, the obvious question is how come folks are installing mobile apps from untrusted sources without any second thoughts? Some would argue that Android provides a Java framework and so all apps are written in Java and so there is little chance of having vulnerable programs. That is quite untrue as apps are allowed to bundle native code that they can be invoked through the JNI interface. Bugs in native code could be exploited by any other untrusted app.

Beside security, mobile apps have also turned the head upside down on traditionally asynchronous applications. For example, I used to open up a mail app to check for new mails. With the mobile apps, it will beep you everytime you get a mail. And yes not all mails deserve my attention immediately. So converting asynchronous applications into synchronous ones provide little utility and very annoying beeps.

Some people believe searching the app is faster than typing it on browser. But today's browsers provide easy navigation by using bookmarks and clickable thumbnails. So that argument is also spacious.

Lastly, there are many sensors in a mobile device (like GPS, compass etc) that can be used by a mobile app to deliver better services. While HTML 5 has incorporated some of these sensors,  that remains the perhaps only legitimate resign for installing a mobile application.