The user issue with HTML5 apps

I have read many discussions on the topic of HTML5 apps (“in the browser”) versus native apps (those you download and install) from the app makers’ viewpoint, and whether or not one of the two kinds is going to replace the other. They are two very different things, they sometimes serve the same objective, but none of them is going to replace the other imho.

The fundamental difference is that native apps are downloaded. This means that I have been on a download page, seen a rating of the app, reviews, who made the app, what it does, and based on that I have decided that it shall be authorized to run on my computer. As such, it may take up space on my hard drive (in order to work offline), have access to my machine’s computational resources in order to do its stuff, have access to my camera, my contacts, my agenda, etc.

Because I download a specific, reviewed version of the app, I can rely on the fact that it’s not going to do unexpected things or things I wouldn’t like it to do. We users can also share our experience of apps in a reliable way because we can ensure that we are running the same thing (based on the version name or number which identifies the app), and we can give reviews. In a word, as a user I can trust that app.

In comparison, an HTML5 app is accessed directly from a link on the internet, without passing through any equivalent of the download page with all the useful information it contains, and this app may change at any time. I should therefore be much more cautious with what I allow it to do. My browser actually helps me with that by setting restrictions. A few years ago, before the HTML5-powered rich applications, there used to be rich apps in the browser called “Java applets” which could have some special authorizations if you responded favorably to the dialog box that would pop up when loading the app. I even think you could have your computer remember to trust a certain app maker. In any case, the thing is that the app you’re accessing may change, even if it is always at the same address. You can’t grant persistent authorizations to an app that changes all the time!

The fact that a certain version of a certain native app can be reviewed is what makes it reasonable to allow it to do and access what it wants on your machine/device (which is more than with an HTML5 app).