PWA Questions

[jking]

     I have a few questions about PWA's (Progressive Web Apps).

1.  Does anyone have a demo NT10/NT11 app I can log into to test on an iPhone?  I want to see an actual user experience, especially the first use where I can install on my home screen.
2.  Is there a NT10/11 example app I can use to create my own?  I realize this may be an issue since it would require a certificate, presumably I can get one from Let's Encrypt though.
3.  The app I'm thinking about would use minimal patient data, basically an ID Number, and some other non-identifiable data.  I'm concerned that there would be data on the device, typically an iPhone.  Our doctors move between multiple facilities, some on our network, some not on the network.  If data is on the device (synced or not synced), it would seem to be a potential security problem, if the device where lost or stolen.  Any thoughts or comments on this?
4.  If I create a PWA application, can I compile it as a dll and use it in the Multi-Site Host app?

Thanks,

Jeff King

[Rene Simons]

Hi,
If I am well informed, webinar 493 has just the information you are looking for
Ren

[jking]

Rene,

     I did see that webinar but it did not answer my specific questions.  I'll keep searching for answers but here is another question:

5.  If I create a PWA, do I still need an Apple Developers Account to install the PWA onto an iPhone?

Thanks,

Jeff

[Bruce]

Hi Jeff,

<< 1.  Does anyone have a demo NT10/NT11 app I can log into to test on an iPhone?  I want to see an actual user experience, especially the first use where I can install on my home screen.

I'm not sure if it counts as an example, but I'll be updating one of our mobile apps in the near future to do this.
So you could install that.

>> 2.  Is there a NT10/11 example app I can use to create my own?  I realize this may be an issue since it would require a certificate, presumably I can get one from Let's Encrypt though.

The cert is only for the server side, and as you mentioned is trivial, and free, to get.
For the client side certs are required for iOS and Android, but NetTalk (mBuild) creates them for you. (You'll need an Apple developer account to get the iOS one. PWA client apps are not signed, but _must_ come from a secure server.

>> 3.  The app I'm thinking about would use minimal patient data, basically an ID Number, and some other non-identifiable data.  I'm concerned that there would be data on the device, typically an iPhone.

Indeed there would be data on the device, and you should consider that data as "unsecure" - if someone has physical access to the device, they would have access to that data.

>> Our doctors move between multiple facilities, some on our network, some not on the network.  If data is on the device (synced or not synced), it would seem to be a potential security problem, if the device where lost or stolen.  Any thoughts or comments on this?

Absolutely. anytime someone has physical access to a device the data on that device (be it mobile, or PC should be considered to be "compromised". If you have doctors who are prone to losing devices then you may want to consider the information you put on there. A web app may be more suitable. (note, a PWA does not _have_ to store data on the device - if it doesn't then obviously a network connection is required to get the data. )

>> 4.  If I create a PWA application, can I compile it as a dll and use it in the Multi-Site Host app?

yes.

Cheers
Bruce

[DonRidley]

The PWA doesn't have to store data on the client side or, at a minimum, some type of data used for authentication.  You have control of what data is sent where. 

PWA's are easily served by a MultiSite host. 

Chrome's developer audit tool really helps to refine your site to meet PWA requirements.

https://developers.google.com/web/progressive-web-apps/checklist#baseline

Good luck,

Don

[jking]

Bruce and Don,

Thanks for the reply.  I just want to clear my confusion on the requirement for an Apple Developers Account.  Bruce mentioned: 

"PWA client apps are not signed, but _must_ come from a secure server."

Since they are not signed, there is no "client certificate", and therefore do not require an Apple Developers Account.  They do require an ssl certificate on the server side, however.  Have I got this correct?

Thanks,

Jeff

[jking]

Bruce,

I found the answer to this question in the NetTalk Apps documentation, page 30:

"There are a number of advantages of a PWA over a Phone app.
No approval by any App store
No need for a user to download the App
Very easy to roll out updates (since the app effectively checks for an update on each run.)"

Thanks,

Jeff

[rjolda]

Jeff,
>> Our doctors move between multiple facilities, some on our network, some not on the network.  If data is on the device (synced or not synced), it would seem to be a potential security problem, if the device where lost or stolen.  Any thoughts or comments on this?
Any HIPAA protected data on any device requires security for the device - whatever it is.  IT could require security on the device - eg screen lock with timeout to protect data.  I think recent I Phones require a screen ID before opening the phone.  That may suffice for I Phones.  Android does not have same requirement.  Might have to force users to have locking on device before PWA is used on it.  Must be some way to check that on Android.
FWIW,
Ron Jolda

[Bruce]

>> Since they are not signed, there is no "client certificate",

correct

>> and therefore do not require an Apple Developers Account. 

correct.

>> They do require a [TLS] certificate on the server side, however. 

correct.

cheers
Bruce