Inspiration from Android Instant Apps and Apple App Clips

[DanielHerr]

The explainer states:

Developers who choose the additional security provided by this proposal give up a number of desirable properties that come from building a web app. An example is the ability for users to discover their application by following a link that drops them into a complete experience rather than having to first install the application.

But what if this wasn't the case?

Currently, web apps have very few additional capabilities gated by installation as opposed to permission prompts. Android and iOS apps have many more capabilities and access. Android Instant Apps and Apple's App Clips seem to share some technical similarities with IWAs. In particular, they both consist of a signed bundle contained the app's code, and they both offer a greater amount of access and privileges compared to PWAs, though still less than regular Android/iOS apps.

But one important aspect is that IA/ACs are linkable and don't require installation, just like a web app. It would be a shame to have IWAs not be instantly linkable like the web has always been, especially when Android and iOS provide their own linkable apps implementations which already share the signed bundle security aspect.

[reillyeon]

This is something I would like to support eventually. While IA/ACs are linkable they still require packaging and are distributed by their respective platform stores and so while they aren't technically "installed" architecturally they behave very similarly to installed apps.

Some of the security properties we hope to achieve are hard to maintain however without a real installation flow. For example, if a secure messaging application were available as an "instant IWA" how would users be sure that the link they clicked on directed them to the real app or an imposter? By making the installation process explicit users can be sure that the app they are using is the one they expect.