Them: Once you see how the sausage is made, do you still want to eat it?
Rae: I ate a sausage this morning, but I don’t eat hot dogs.
Them: Well, how can you tell the difference between a hot dog and a sausage?
Rae: You’ll know in the morning.
You’re always putting yourself at risk when you download an app, but you won’t be sure what kind of risk until later. That’s why mobile phones ask you for permission. Desktop apps, on the other hand, don't. A desktop app can access files, record your keystrokes, turn on your camera, take screenshots, and even hold your computer hostage for ransom.
Simultaneously, it's never been easier for anyone to make a desktop app. More half-baked desktop apps means more security risks. Because of this, I think it's imperative to force desktop apps to get permission, too. MacOS is doing a good job by upping it's privacy game over the last few years. Overall, desktops are trending towards feeling more like mobile phones. And I’m really excited about this.
As an app developer, I really really really don’t want my app to have access to your entire operating system. Developing a desktop application is really scary, because I could mess up people’s lives. There’s something nice about knowing where the boundaries are, and having safety rails in case something goes wrong. It’s nerve-wracking because it’s virtually impossible to prevent all of the little ways you could put your users at risk.
I want to stop making desktop apps. And most people don’t want to download apps, either. What I really want is to write my application for the web. I want the build websites.
But websites don't give the fine-grained control to make an app that feels good.
It's true. Everyone knows that desktop apps just work better, have more features, and are for serious work: from video editing, email clients, audio production, or even video conferencing, like Zoom. Even security-minded folks would rather use and build desktop applications, despite vulnerabilities. But a website is great for growing the user base – no one has to install your app if they don't want to. Web browsers are improving so that they work almost as fast as desktop apps. Touch event capabilities are getting better too.
Despite wanting to build websites, I always had to build desktop apps. We needed direct access to OS features like the filesystem, SMTP, Bluetooth, and UDP. Unfortunately, web browser vendors have generally refused to integrate directly with the operating systems, citing security. For many years we have had web browsers that couldn’t really do much. You’d probably need to download a desktop app if you needed to do anything serious and important on your computer.
It's a significant amount of work to build an app that works and builds flawlessly on every version of Linux, Mac, and Windows, Android, and iOS. So where does that leave a typical developer? A decade ago, if you weren't just building a toy for yourself, you’d need to hire a team to make it a real thing. This was a huge barrier, and people often needed either some financial backing, or a league of open source volunteers to make a safer (safe-enough) and successful app.
The capability of web browsers has shot forward significantly in the past few years: WebGL, touch events, in-browser storage, and bundlers have made web apps feel a lot like desktop applications. But we still haven't had full access to operating system functions we needed.
Electron was released in 2013, and it changed the game. Electron solves these problems in the most hacky way possible. Electron forked a web browser and used it as the desktop application framework. Electron bypasses all of the protections that Chromium has put in place. For each desktop app on your computer that runs Electron, there is a separate version of a web browser (Chromium, the browser that powers Google Chrome). Now, with Electron, an app is just a website with access to your filesystem, bluetooth, raw UDP sockets, keyboard, camera, and other parts of your operating system.
Nowadays, it seems like every developer has their own pet project desktop application now, and why not? It’s cheap and easy. Visual Studio Code and Slack are written in Electron. Basically every platform has a desktop app nowadays, even web-native ones like Miro and Figma.
Developer: But wait, what about security? It is really insecure to have a separate version of Chromium for each app you download.
Rae: How can you tell the difference between a secure Electron app and a secure C++ app?
Developer: Hmm, I guess both would need a security audit before I could know for sure, and even then, we could find some vulnerability at some point. Is the app up to date?
Rae: Yes, it's up to date.
Developer: Then I reckon it's secure as it can be.
Rae: So how can we make it more likely that users will update to the latest version?
Developer: Well, we can nudge them within the app and even disable the app if there is a newer version.
Rae: Is there anything off the shelf we can use to do this reliably? Does the web browser do a decent job at keeping itself up to date?
Developer: Yes, but we’re making a desktop app.
Rae: Why can’t it be a website?
An Electron app is still a desktop application, and it still has many of the flaws and issues that a desktop app does. Whether the app is built in Electron, in Java, or C++, the chances of a vulnerability are high. And when there is a vulnerability, every single application needs to be updated. In contrast, when there is a vulnerability in your web browser, you only need to update your web browser, not all of your websites.
It’s ironic that web browser vendors didn’t want to create permissions workflows, because it essentially forced the creation of Electron. Subsequently we saw a new wave of new desktop applications, many of which are now unmaintained or out of date. Even well-known and popular security-focused apps, such as Keybase, eventually go out of maintenance. This makes everyone prone to huge security and privacy vulnerabilities through culture. Users and developers are habituated to the idea that desktop apps have ideal security properties. This zeitgeist desperately needs challenging.
Progressive Web Apps really slap
Progressive web applications (PWAs) are a nice way to build an app where any potential security issues are less severe. A PWA is a website that can be downloaded, and has the same security as your web browser. A PWA looks exactly like any other app on your computer, but it runs in your web browser when you double-click it.
This is great for security, because the web browser vendor is the one handling all of the interaction with the operating system. If there is a security issue in the web browser, users just have to update their web browser. They don’t have to update every app on their computer. Browsers already handle tons of compatibility and security issues across operating systems.
Progressive web applications also give debugging benefits. Because the app works across different browsers, you can take advantage of all the debugging tools you’re used to in the browser of your choice, rather than having to use Electron’s Chromium-based debugger (which is fine, but maybe could be better).
Deploying an Electron app is a huge pain compared to deploying a website, and it's getting harder as time goes on. In contrast, distributing your progressive web application is no different than deploying a website. Once you get it to work in the browser, it works across all platforms. All we need next is more operating system features. They’ve already been working on bluetooth and filesystems, so I’m excited to see what comes next.
But website data isn't stored on your computer, though. The web is just good for enterprise companies to hold your data hostage.
With the Chromium FileSystem API, a web app can create, read, navigate, and write to a sandboxed section of the user's local file system. Today, you can write an app that saves data to the user's file system, just like a native app. There are no excuses for enterprises to hold your data hostage. They do it because they want to, for economic reasons. There are no technical reasons for this anymore. So let's stop blaming the tools and put the onus on the companies that don't let users have agency over their own data. This is an ethical, not a technical choice.
Have you tried to build a PWA? I looked at it a few years ago and it was terrible.
I built a few PWAs last year (2021) as part of the Backchannel project. I was very satisfied, and surprised since so many people told me that PWAs were not good. I think they've improved them significantly in the past few years.
After only three months, we built a chat app that:
- worked across platforms (Mac, Linux, iPhone, Android and Windows),
- long-term local storage on the filesystem,
- offline support,
- end-to-end encryption,
- multi-device synchronization,
- mobile share screen,
- 'install’ button that downloaded an icon and offline version of the app on the desktop and mobile, and
- QR code scanning.
By building it as a PWA, it allowed us to build and test some ideas in a short period of time that would have been impossible if we had done it any other way.
Some key things PWAs still need:
- More control over chrome and visual of the application button.
- Better integration of service workers directly in the browser so it's easy to have the app work offline. (right now it's possible, just a bit of painful boilerplate).
- Access to the OS status bar so you can build an app like Dropbox that runs in the background.
But Native Apps are better than Electron
I agree, native applications are always better than Electron apps, if you have the skills to build and maintain them. Electron is nice when you're trying to do cross platform & web, but have a small team or your app is simplistic enough that you're not focusing on tight OS integration.
There will still be some things that aren’t possible with progressive web applications, and native desktop apps may always be better for certain tasks. For example, a window manager that modifies locations and monitors the active windows on your screen.
But for the needs of most apps, PWAs are the future. And for those who need super slick frame rates, you might want to go Native. That leaves Electron in the dusk. Thanks Electron, and those who made it. It was a great hack that lasted a decade, and will probably be around for another one. But I predict that sooner or later, we will be moving on without you.