Dirk-Jan Rensema The Current State of Progressive Web Apps A study on the performance, compatibility, consistency, security and privacy, and user and business impact of progressive web apps Informatics Bachelor Thesis Term: VT20 Supervisor: Dr. Bridget T. Kane PhD Examiner: Prof. John Sören Pettersson Abstract Since the late 80s the web has been evolving through new standards, added functionality, device performance and improved user experience. Websites evolved from static information to what is now known as web apps in which web technologies started to replace regular native programs and apps, as web apps slowly started offering similar functionality and performance, with the added benefit of being cross-platform. Over time, even more functionality and improvements were added to the web apps which, with the right combination, made them progressively become more like apps. In 2015, this combination got named by Google as Progressive Web Apps (PWA) which allow users to add web apps to their home-screens and use them like native apps. PWAs can support being used offline, give notifications, use the device’s hardware and more. In this thesis, the compatibility, performance, security, privacy, and user/business impact of fundamental elements of PWA are researched through literature review and experimental analysis. Eight browsers are tested on four operating systems for compatibility of the Service Worker, Web App Manifest, add to home-screen ability and offline usage functionality. For performance, tests are done on a website called Fleet Management System (FMS) which is a track and trace system for Inter-Data Europe b.v. who will keep using the implementation and knowledge created from this study. For security, privacy and user/business impact, a literature review is done on past studies, use-cases and discoveries made during the implementation and tests. The results show that most of PWA’s fundamental functionality is supported by most major browsers, especially on Android and on Chromium browsers, with the exception of iOS in which only Safari supports anything to do with PWA. Performance is found to be heavily dependent on implementation strategy but can make a significant difference if implemented correctly. Security is found to allow certain abuse and sensitive data leaks depending on implementation. Furthermore, user reengagement and revenue of major companies are found to increase significantly after implementing PWA. I Table of contents 1. Introduction ............................................................................................................................ 1 1.1. Background .................................................................................................................. 1 1.1.1. The Web - History ................................................................................................ 1 1.1.2. Web Apps ............................................................................................................. 2 1.1.3. The rise of the smart phones – Responsive design ............................................... 2 1.1.4. Websites disguised as Programs .......................................................................... 3 1.1.5. Progressive Web App – The natural progression ................................................. 3 1.1.6. Service workers .................................................................................................... 4 1.1.7. Caching ................................................................................................................. 4 1.1.8. Manifest ................................................................................................................ 5 1.2. Purpose ........................................................................................................................ 5 1.2.1. Target group ......................................................................................................... 6 1.3. Method ......................................................................................................................... 6 1.3.1. Platforms and Browsers ....................................................................................... 6 1.3.2. Research Question – Current state of PWA ......................................................... 6 1.4. Ethical consideration ................................................................................................... 8 1.5. COVID-19 ................................................................................................................... 8 2. Literature Overview ............................................................................................................... 9 2.1. Native, cross-platform frameworks and PWA ............................................................ 9 2.2. Security, Privacy and Abuse ........................................................................................ 9 2.3. Performance and compatibility .................................................................................. 10 2.4. Use Cases ................................................................................................................... 11 2.4.1. Trivago ............................................................................................................... 11 2.4.2. Uber .................................................................................................................... 11 2.4.3. Rooted Objects ................................................................................................... 11 2.4.4. George.com ........................................................................................................ 12 2.4.5. Best Western River North Hotel ........................................................................ 12 2.4.6. Pinterest .............................................................................................................. 12 2.5. PWA Life Cycle ........................................................................................................ 13 2.6. Developing PWA ....................................................................................................... 13 2.6.1. Service Worker ................................................................................................... 14 2.6.2. Web App Manifest ............................................................................................. 16 3. Results .................................................................................................................................. 17 3.1. Implementation .......................................................................................................... 17 3.1.1. Requirements ...................................................................................................... 17 II 3.1.2. Setup ................................................................................................................... 17 3.1.3. Manifest .............................................................................................................. 17 3.1.4. Service Worker ................................................................................................... 18 3.1.5. Cache-first implementation ................................................................................ 20 3.2. Compatibility ............................................................................................................. 20 3.2.1. Service Worker ................................................................................................... 20 3.2.2. Web App Manifest ............................................................................................. 21 3.2.3. Add to home screen capability ........................................................................... 22 3.2.4. Offline usage ...................................................................................................... 24 3.3. Performance ............................................................................................................... 25 3.4. Security and Privacy .................................................................................................. 25 3.4.1. Push-notification abuse ...................................................................................... 25 3.4.2. Cryptocurrency mining ...................................................................................... 26 3.4.3. Authenticated pages being cached after session expiration or logout ................ 26 3.5. User and Business impact .......................................................................................... 26 4. Analysis and Discussion ....................................................................................................... 27 4.1. Compatibility Analysis .............................................................................................. 27 4.2. Performance Analysis ................................................................................................ 27 4.3. Security and Privacy Analysis ................................................................................... 28 4.4. FMS Analysis ............................................................................................................ 28 4.5. User and Business impact .......................................................................................... 29 4.6. Summary ...................................................................................................................