trezor-suite icon indicating copy to clipboard operation
trezor-suite copied to clipboard

Published 20 hours ago verified publisher icon trezor

Analysis of the advantages and disadvantages of desktop Suite in the App Store

Open hynek-jina opened this issue 2 years ago • 13 comments

  • What needs to be done?
  • What value it brings?

hynek-jina avatar Jul 19 '22 13:07 hynek-jina

@janandrascikSL already looked into this a bit. @janandrascikSL could you please summarise here?

tsusanka avatar Jul 19 '22 15:07 tsusanka

General benefit:

  • Higher resistance of users to phishing attacks asking to install new version of Suite. New versions would be in App Stores only.

Microsoft Store:

  • Application runs in a "sandbox". In Windows, however, only not allowing access to other applications. Other applications can modify data of Trezor Suite, if they have a permission to Storage.

Mac App Store:

  • Application runs in a sandbox and other applications cannot access application data. Application data can still be accessed by users, especially those with admin privileges.

janandrascikSL avatar Jul 20 '22 05:07 janandrascikSL

@janandrascikSL So now we're mainly interested in the Mac App Store, right?

hynek-jina avatar Jul 20 '22 06:07 hynek-jina

Due to the nature of phishing we face, I would prefer having Suite in both Microsoft Store and Mac App Store but right, Mac App Store brings more advantages.

janandrascikSL avatar Jul 20 '22 08:07 janandrascikSL

Few comments:

  • I agree we are interested in both.

New versions would be in App Stores only.

  • We should keep offering Suite on our landing page. We can however in future push for App Stores there as well eventually having it as the default option.
  • Will this somehow affect the autoupdate mechanism? Can we do the updates via the App Stores somehow? It might be way more stable..

tsusanka avatar Jul 20 '22 08:07 tsusanka

If we keep both App Store and standalone app then all the benefits of using App Store disappear, especially phishing-wise.

App Stores can update automatically and internal autoupdate will not be necessary then.

janandrascikSL avatar Jul 20 '22 08:07 janandrascikSL

It would be great to go the App Store way completely, but I am just not sure that is realistic. Mac people are used to download the apps directly I believe. Even if we have both (app store and direct download) I think it is worth it.

@hynek-jina I believe this is more of a product discussion from now on. From tech / security point of view we definitely see benefits in doing this. But the product team should decide the questions we have risen here.

Lowering our dependency on the Electron autoupdate would be awesome.

tsusanka avatar Jul 20 '22 08:07 tsusanka

Have we ever talked about promoting web suite as a PWA? I see that as another way of safely getting onto user machines with a launch icon. I'm a fan of the PWA model and released a couple of mobile first PWAs.

I use the Google Meet PWA so I can Alt-Tab to it: Screenshot 2022-07-20 at 11 57 26

PWAs can be pushed to Microsoft store as well.

A negative aspect of App Store is privacy, Apple knows what apps I have.

If we keep both App Store and standalone app then all the benefits of using App Store disappear, especially phishing-wise.

Resorting to App Store only suite is hostile to the user. Users should choose how to run our software.

sime avatar Jul 20 '22 09:07 sime

@sime IMO it's a bit confusing since it will be a web version, missing desktop benefits, yet pretending to be a desktop app, when we are already offering a desktop app. 🤓 Also. I think, would be possible to accidentally have 2 different versions installed at the same time and it's too much variability. We would need to support the PWA functionality separately as well.

@tsusanka @janandrascikSL Slack and Telegram both offer their apps on the App Store in addition to letting download them directly from the site (+ web versions). Telegram has additional features in the MacApp store version, maybe because it opens more access to native APIs? Anyways, I think that distribution model makes more sense. The AppStore presence also adds more legitimacy and simplifies life for casual users. People who care about privacy more would definitely be unhappy because of a requirement to expose their app use to third parties, as Simon said (ha-ha 😅)

dahaca avatar Jul 25 '22 12:07 dahaca

@sime IMO it's a bit confusing since it will be a web version, missing desktop benefits, yet pretending to be a desktop app, when we are already offering a desktop app. 🤓 Also. I think, would be possible to accidentally have 2 different versions installed at the same time and it's too much variability. We would need to support the PWA functionality separately as well.

100%. The strategy for promoting PWA will be exclusive for Android and on Desktop browsers, promote the desktop application (in a tasteful way).

sime avatar Jul 26 '22 09:07 sime

Ou, yes! Pardon, I completely overlooked mobile in this context. It would basically be a mirror of AppStore / Current desktop: AppStore / PWA. Still means the PWA version would have to be maintained... And preferably only accessible on mobile to avoid excess variance on desktop. But at least I see that there is a much better justification now! ✌️

dahaca avatar Jul 26 '22 10:07 dahaca

One downside of publishing to stores is that it makes it difficult or impossible to rollback faulty release.

matejkriz avatar Jul 27 '22 14:07 matejkriz

One downside of publishing to stores is that it makes it difficult or impossible to rollback faulty release.

It's not possible to roll back a release, we need to update the app with a previous version as the new version. No way back.

vdovhanych avatar Jul 27 '22 14:07 vdovhanych