Dynamic Launcher (PWA) portal designs
Hi, I'm hoping to get input from the design team on a new set of portals for installing and removing applications (.desktop files) created by sandboxed desktop applications, primarily intended for Epiphany to be able to install web apps, which is currently only possible when Epiphany is not running under Flatpak/Snap. These portals would potentially also be used by Chromium (and Chromium-based browsers).
Prior art for app installation
Firefox on Android:
The user is sent to the home screen where the app pops up.
Chrome on Android:
There’s a notification that lets you know when it’s been added to the home screen but the browser stays focused.
Chrome/Chromium on desktop:
Epiphany (non-flatpak):
Proposal for app installation
The Epiphany dialog could become the interface to the new CreateDynamicLauncher portal, which would be used by both Epiphany and Chromium, with the following changes:
- the name wouldn't be editable when launched from Chromium, since that currently doesn't let the user control the name
- the URL at the bottom would only show up for web apps, not other dynamic launchers. And other launchers would need a different title such as "Create Application"
Prior art for app removal
Chrome/Chromium on desktop:
Epiphany (non-flatpak):
When "Delete" is clicked, the app is deleted without any confirmation dialog. There is an MR to make the "Delete" button red like other destructive actions.
Proposal for app removal
The security properties around app removal are different than app installation, since sandboxed applications will only be allowed to remove apps they installed, and installing a malicious app that masquerades as trustworthy is the main thing we are protecting against with these portals. Thus, the remove portal can be used without any user interaction beyond the existing "Remove"/"Delete" buttons and Chromium and Epiphany can both keep their current UI.
However, to better comply with the GNOME HIG, Epiphany should have an undo button for this destructive action, which would be supported by a token given to the app by the portal which would only be valid for a short time.
Editing installed apps
Epiphany (non-flatpak):
- Epiphany currently supports the user editing the name and icon of installed web applications, but this is difficult to support in the sandboxed model and it seems better to improve the icon and name selection code in Epiphany than to implement another portal for it. However it might be possible and desirable to still support these things when Epiphany is unsandboxed, since non-PWA web apps are unlikely to have that metadata available.
- How should this dialog look in case "Manage Additional URLs" is still possible but the three rows above it are not editable?
Odds and Ends
- This initial implementation would not support apps updating their icon or other metadata, as this is a hard problem and requires user interaction if maintaining the assumption that the app is not fully trustworthy.
- Web apps will also be able to be installed via Software. In that case Epiphany would do the installation but without any dialog at all (using a token acquired by Software). Similarly Software will be able to remove web apps by talking to Epiphany and the user would only have to interact with Software to do so. (See also software-mockups#14)