Allowing only site-triggered install prompt

[photopea]

Hi folks, do you really like this idea, that a user-agent will "analyze" a website somehow and decide, if it is appropriate to show an install prompt? It can be disturbing, if the "analysis" is wrong. I also hate the fact, that a browser makes such decissions (browser manufacturers can show the prompt more often for websites, which pay them, nobody will ever find out). I think that the browser should be as "invisible" as possible, and each action should come from the user, or from the website with a users permit.

I am using the following code to be able to trigger an install prompt.

window.addEventListener("beforeinstallprompt", function(e){  e.preventDefault();  myEvent=e;  });
if ("serviceWorker" in navigator)  navigator.serviceWorker.register("sw.js", { scope: "./" });  
//  I call myEvent.prompt();  later, when user clicks Install

The problem I have is, that if both the website and the user want the site to be installed, the user-agent itself becomes an obstacle (by not dispatching "beforeinstallprompt"). What about replacing it all with this:

navigator.install();

It can throw an exception, when installing is not appropriate. If you think there is a risk of "attack" by calling it too often, we can deal with it the same way we deal with alert(...). Imagine if alert(...); worked only on Mondays and only between 12th and 37th minute of each hour. That is how I see the current draft now.

[marcoscaceres]

Yeah, we've gone back an forth for years between the current model and the .install() model. The problem with the .install() model is that we will end up with "Install my App!" buttons all over the web, which we don't want.

Browser vendors are exploring alternatives (e.g., ambient badging)... there might be a middle ground for this, but we are still trying to figure out what it is as PWAs become a thing.

[photopea]

So you want give browsers the ability to limit such buttons with "Install my App"? The button would be hidden. And neither the website, neither the user would understand why.

I think your should not be afraid of such buttons "all over the web". Websites always adapt to users, and when e.g. less than 1% of users use such button on a specific website, it will disappear (or will be moved to some less visible place), because the space on the website is "expensive". It would be like having an add, which is not clicked by anybody (nobody wants such ad). So I believe, that at the end of the day, Install buttons would be only at places where it makes sense.

And even if you still want to have power to limit such buttons, giving this power to the browser and probably any other solution could make users very angry , and is a huge space for corruption (a black box oracle, which decides things for us).

[kenchris]

Google is toying with a new way of doing this.

Ie. they might stop prompting by default when the engagement threshold is triggered, but allow the site to do it after that point.

@mgiuca might be able to tell more.

[photopea]

I would like to let my users start my webapp from a home screen icon and without the browser controls around it. When will it be possible in a Chrome browser?

[marcoscaceres]

You should be able to set display: 'fullscreen': https://www.w3.org/TR/appmanifest/#display-member

[photopea]

But how can my users add the icon of my webapp to the homescreen? Can I create "Add to homescreen" button in my webapp somehow?

[madmoizo]

Firefox pattern seems good to me (a add to homescreen icon directly in the address bar and a android icon if the webapp is already installed). Chrome should provide the same kind of UX on every platform because on desktop, the add to desktop is a hidden features, hard to explain to the end user.

Install my webapp! buttons are a "risk" like enable push notification/geolocation! is one too. It's not necessarily a bad thing, it just needs some guidelines.
There are already download for mac/linux/window buttons for installables software. There are already android app on google play and available on the appstore buttons for native app. Why a Install the webapp icon can't stand near these last for a single point of "get my product"?
Today, it's easier to wrap a webapp url in a electron app which can be downloaded in one click rather than explain to the end user how to add the webapp to desktop.

it's ok if it's on the browser side, people trust browser more than websites. Webapp installation could be triggered like any others permissions, instead of an auto prompt with obscur rules which differ from a browser to another.
Yes, it can be misused, like any other things on the internet (permission prompt on page load, i'm looking at you) but browsers should not concentrate on "what is the best moment to prompt the user to maximize their engagement", it's a developer's concern.

@photopea you can't, browsers decide when it is the appropriate time to show the prompt and provide a way to do it manually (three dots > add to homescreen on Chrome Android, three dots > more tools > add to desktop on Chrome desktop, add to homescreen icon in address bar on Firefox Android)

[photopea]

That is quite bad. I think webpages should have the ability to trigger the "installation" to a desktop. What kind of misuse do you mean? It is not a real installation, but more like a bookmark. It is till safe, "sandboxed" in a browser environment.

[photopea]

I implemented the current "way" to my webapp in the past, but it was hard to explain to users, that they have to wait until their browser "feels like" they may want an installation. And if they accidentally refused the installation, there was no way to trigger it again, it did not work even the next day. The rules are not clear, what does "the browser feels like" mean? (it was Chrome in my case)

[marcoscaceres]

@photopea, we understand your frustration - but please understand that it will take time to figure out the right solution here.

We (browser makers, developers, and End-users) know that we don't want "INSTALL MY FANCY APP" buttons all over the Web - but we also know that developers want user's to be able to easily install their web applications. We also know that we have all these "browser feels like" heuristics, that we can make use of... we just need to put them all together in a way that balances everything out.

The above will still take time to figure out, however. If we move too fast, we risk screwing things pretty seriously on the Web. We need to be disciplined in how we add these kinds of features.

[marcoscaceres]

@photopea, in case it helps, it might be good to read how we assume it works at the moment:
https://www.w3.org/TR/appmanifest/#installable-web-applications

See in particular, the part about installability signals. Hope that helps you understand where we are at.

[photopea]

@marcoscaceres I see where the specification is at the moment. I think there are two key points, where I see problems.

• User agent should not be the "robot", who decides things for us. Decisions should be made either by user, or by a program developer. I can see of browsers becoming 20% larger (in terms of MB), because they will embed some AI libraries, to be able to claim, that their decissions are better than the decissions of other browsers. If you want to guarantee some level of "security", make strict rules (e.g. HTTPS + manifest + something else), that will work for all browsers. Don't make it up to browsers to decide. Web authors would have to test their product with many borwsers to make sure it works everywhere. We are getting the web back to 90s.

• "INSTALL APP" buttons all around a web is nonsense. The area of the webpage is "expensive", and when some button is not clicked, it is replaced by something else. Such buttons can be everywhere only for a couple of months, until authors see how effective they are, and most of them would remove these buttons. Just like we have Social media buttons now.

Please, think about it. Don't make browsers take decissions without specific rules. It may add a lot of headache to both web authors and visitors.

[marcoscaceres]

@photopea, thanks. Will definitely take your feedback into consideration.

[mgiuca]

Hi, sorry I've missed this discussion until today. This is something I think about all the time.

I do mostly agree with @photopea and I think the Google Chrome team has been gradually coming around to the position that developers should be in control of this, not the UA. We've gone from a relatively unpredictable engagement requirement (requiring heavy use of the site before the prompt can trigger) to an almost instantaneous one: we now deliver the BIP event after a few seconds of interactivity with a site. This means if the user immediately closes a site, they won't see it, but any normal usage will be able to show the prompt.

We should recognise two separate issues:

• the static issue of which sites are eligible (manifest, correct icon size, fetch handler, etc, etc), and
• the dynamic issue of under what circumstances do we allow the prompt (after the user has engaged with the site by a certain amount).

I am not concerned about the dynamic issue, because it doesn't present a compatibility risk. Different browsers can have different dynamic (engagement) requirements, and it doesn't "break" sites because the developer doesn't need to design differently. You just need to know that you may need to wait awhile before the prompt event comes up.

I am concerned about the static issue. I think it's a web compat problem if different user agents have different requirements for a site to be eligible to receive a prompt, because then, as you say, we're in the 90s world where developers need to test that they meet the criteria for each major browser. That harms us (the browser manufacturer) too, because then we can't change our policy in the future. (Just as in the 2000s, IE was ultimately harmed by being tied to its own de facto standards.)

User agent should not be the "robot", who decides things for us.

In some sense. The UA will always play a role in deciding things on behalf of the user. After all, they are the user agent (authorized by the user to act on their behalf in making certain decisions). That's why I am OK with requiring a minimum engagement, and with having a browser-specific policy on when you can re-show a prompt if it has been rejected by the user. As well as, of course, UA-specific UI for manually installing the site without a site-triggered prompt.

What's weird about this is that we allow sites to spam notification permission requests immediately (which arguably is requesting a more invasive capability than installation), but we're more conservative with showing the install prompt. I think we should be more consistent about this.

Web authors would have to test their product with many borwsers to make sure it works everywhere. We are getting the web back to 90s.

Yep, I definitely share this concern, as stated above.

Chrome has tried to make the "whether or not you are a PWA" check as transparent as possible, publishing the checklist and providing a tool to verify whether your site is eligible. But up until now, this has been a proprietary Chrome feature.

I definitely think we'll want to lock this in at the specification level at some point, so the Lighthouse tool can tell you definitively whether your site meets the specified requirement for installability in all browsers. However, I think at the moment we're still early on in the life cycle of this feature, and people are worried if we codify this, we won't be able to increase the requirements later (e.g., by enforcing that your fetch handler actually serves content).

[madmoizo]

Different browsers can have different dynamic (engagement) requirements

I don't agree, you will end up with the following on every website:

you should be prompted for installation automatically but: 
- if you are a X user: wait 5s
- if you are a Y user: click somewhere
- if you are a Z user: visit the site twice 

edit: I mean automatic engagement is fine if the developer can prevent it

What's weird about this is that we allow sites to spam notification permission requests immediately (which arguably is requesting a more invasive capability than installation), but we're more conservative with showing the install prompt. I think we should be more consistent about this.

Definitely. And educate developers is the way to go. Today, it's obvious that ask for a permission without context will lead to high rate of "block".
It is not the UA role to show a prompt when it decides to. It's like automatically ask for geolocation permission if the GPS is active on the terminal.
There is a requirement -> UA check the requirement -> requirement is satisfied -> UA allow the developer to prompt the enduser -> developer ask UA to prompt the user at the right time in his context

I think at the moment we're still early on in the life cycle of this feature, and people are worried if we codify this, we won't be able to increase the requirements later

Agree, but we are already in the "later" part
Edge made a move with auto index PWA in the store depending of their own quality criteria and Chrome already gives guidelines in lighthouse.
Edge considers service worker as an ehancement when it's big warning in lighthouse if it's missing.

check "quality signal of progressive webapp" part https://blogs.windows.com/msedgedev/2018/02/06/welcoming-progressive-web-apps-edge-windows-10/