[throwaway9143]

I'll give you a hard-earned tip: expect to fight Apple every step of the way. They will randomly erase all local data (cookies, localstorage, push subscription tokens, etc) in your PWA without warning. They say they don't do this, but I have the receipts. They want PWAs to suffer, and you will go insane trying to make workarounds on iPhone.

[metadat]

Are you saying the Safari browser on iOS intentionally cripples web applications by randomly erasing / deleting browser data (cookies, localStorage, etc)? And this happens on purpose because apple wants to boost App Store Apps usage?

If there is evidence of the veracity of this claim, this topic deserves a whole lot more attention. Especially considering Apple's stance on 3rd party mobile web browser engines - Apple forbids them, although EU regulation may force this to change.

I searched a bit and found no smoking gun, the closest hit was:

https://old.reddit.com/r/Safari/comments/185cra6/safari_nuki...

But it seems more likely caused by legitimate bugs than any intentional campaign.

Have I been nerdsniped here by a nutter? :-s

[bob1029]

> Are you saying the Safari browser on iOS intentionally cripples web applications by randomly erasing / deleting browser data (cookies, localStorage, etc)?

I would absolutely make this claim.

This isn't even a PWA thing. We had a really simple series of boring web forms that suffered from this. The first iteration of this had the server swap an initial tokenized link for a cookie when clicked.

After some feedback from our customers, we discovered that iOS users were having a lot of trouble getting all the way through the desired workflow. We were able to replicate this on our iOS devices but it seemed completely arbitrary.

After abandoning cookies in favor of maintaining a tokenized URL, we found we were getting 100% success rate for iOS end users.

My theory is there is a malicious bit of code in iOS Safari that is applying some insane cookie policy over "unpopular" domains.

[moralestapia]

I think they have a thing now where all stored data gets wiped every few days (in the name of privacy, purportedly). And yes, that broke a bunch of apps.

[cyanydeez]

When do legit bugs turn into active negligence?

[bob1029]

My most recent workaround for this is to put a session identifier in the URL somewhere and keep literally everything else on the server.

You essentially have to build your app from zero with these limitations in mind if you want any chance at getting around them.

This is a large part of why I am not a fan of frameworks and other popular design patterns. Having total control over how state is managed and communicated is really important if you don't want to get trapped in various tar pits.

[thepra]

Even IndexedDb? Having a PWA based on webassembly(Blazor) that I test on an updated iPhone 6 I have to say that I didn't ever run in such issues, the experience is good even though the device is old.

[roywashere]

They definitely clear localstorage. But they also are honest about doing this under disk pressure — can’t find the link right now though. My old company had a Cordova app and we stored the client token in localstorage and we found some 16G phones losing their tokens and it turned out to be this. We changed to store tokens in the keyring. From a real web app you can’t but I guess if you would use a cookie this might just work.

[aragonite]

Also sometimes localStorage gets cleared because it can easily become corrupted from concurrent writes. I had a userscript that made a few fetch calls whenever I visited a certain domain and saved the results in localStorage. Every week or so, all the data in localStorage would just get wiped. Switching to IndexedDB (via localForage) solved the problem.

[dotproto]

I was about to say "concurrent writes shouldn't be a problem because localStorage is synchronous and JS is single-threaded," but then I started thinking about multiple tabs, WebWorkers, and multi-process browsers and figured I should double-check the spec.

> Warning! The localStorage getter provides access to shared state. This specification does not define the interaction with other agent clusters in a multiprocess user agent, and authors are encouraged to assume that there is no locking mechanism. A site could, for instance, try to read the value of a key, increment its value, then write it back out, using the new value as a unique identifier for the session; if the site does this twice in two different browser windows at the same time, it might end up using the same "unique" identifier for both sessions, with potentially disastrous effects.

https://html.spec.whatwg.org/multipage/webstorage.html#intro...

[throwaway9143]

Yes, a full local reset. Its an issue that plagued us for almost a year sporadically across several thousand customers. After instrumenting our app with very detailed remote logging, we were fortunate enough to catch it on one of our in-house local test iPhones. The logging showed an app with rich local state, the app close, then several minutes later the app open with no local state. Everything was wiped. This lined up with the feedback we had been receiving. Specifically for us, the push notification subscription tokens were being erased/revoked from the browser, meaning the customer couldn't receive notifications anymore. But the logging showed all local state was reset, including IndexedDb. If you dig through the Apple developer forums and StackOverflow, you will see many others complaining about this. You will also see links to resources claiming that Apple ITP does not do this for PWAs, specifically:

https://webkit.org/tracking-prevention/#intelligent-tracking... "Home Screen Web Application Domain Exempt From ITP". This is 100% bullshit though.

My personal belief is that Apple is purposefully nuking PWAs from orbit in a non-deterministic and "buggy" way because they are a threat to the app store business model, and I suspect if they frustrate enough developers, people will stay away from PWAs.

[terhechte]

Nah. I used to be a iOS developer. The official native frameworks are buggy as hell. Everything is broken all the time. Occam's razor is on this behaviour being just another bug that receives little attention because everything else is also buggy. I can't even blame them, the iOS api surface is huge, and every year there's new frameworks and every couple of years new devices. Android has the advantage of being open source, which allows external contributions to fix bugs, which oftentimes fixes the small-percentage bugs because one developer ran into it and decided to fix it. On iOS this is impossible, and there's no corporate incentive to fix small-percentage bugs.

[danlugo92]

They have trillions, no excuse.

[hollowturtle]

You’re wrong, this has nothing to do with bugs. We’re speaking of Safari not implenting features for years and pushing back many of them because of “security”. All bs.

[DANmode]

Hoping everyone reading this understands what's being kept from us.

Cross-platform webapps should be table stakes for adopting any platform.

[ec109685]

Great point. The fact that they don’t backup to the cloud PWA data makes it a non-starter for any app that wants a local only experience. It’s trash.

[d1sxeyes]

I am not sure that I would be happy with a 'local only' experience actually backing up data to the cloud.

[ec109685]

I mean if you explicitly enable iCloud backup, I think you’d expect that your app’s data is backed up.

[streptomycin]

Random data loss happens on Android quite a bit too. Source: I have a PWA with a lot of users, and my #1 complaint is data being lost on both Android and iOS.

This is true even if you use Google's own tool to wrap your PWA and put it in the Play Store, and even if you use the so-called "persistent storage API" to have users request their data not be deleted - still get random data loss, and it makes it very hard to maintain a 4+ star rating when there are a bunch of 1 star reviews about users losing all their data.

[iuvcaw]

Genuine question - not defending Apple/google - does your pwa not use a dedicated server / db for user’s data? And then localstorage just as a cache if needed?

[streptomycin]

It doesn't... started as a hobby project in 2012, wanted to see if it was possible to make an app that stored a lot of client-side data in IndexedDB. Now, my app is successful so I don't really want to move to another platform, but also it creates too much data to easily and cheaply sync to a server. So I'm in a weird situation. https://basketball-gm.com/ if you're curious.

I realize I'm a bit of an edge case. But also, ideally we could make PWAs that operate with similar data guarantees as native apps. That's kind of the idea of PWAs, that web apps should be able to mostly be the equivalent of native apps.

And it almost works, except for the data loss issue. Kind of sad. Cause there are so many other advantages of a PWA... like being able to target all platforms with one PWA is incredible. Having no gatekeepers to "approve" my app updates is incredible. But the cost is sometimes users lose all their data :)

[tomcam]

Wait why not just charge a small amount?

[mvdtnz]

Just refuse to service Apple customers. They can lie in the bed they've made.

[Bjartr]

The unfortunate truth is that for too many businesses this is equivalent to "stop running your business"

[DylanSp]

Does Safari on iOS support the File System API, specifically the origin private file system? Can you use that to reliably persist data into a file/SQLite database?

[streptomycin]

No, that also gets deleted sometimes.

But on the plus side, random deletions also happen on Android!

[DylanSp]

That's unfortunate. Good to know, though.

[gnfedhjmm2]

I’m not saying this isn’t true. Genuinely! but when I make up random unsubstantiated slander about other companies it gets removed instantly. What makes Apple different? You could never say this about substack or Tesla.

[meiraleal]

You can definitely say that about Tesla and most people don't care about substack