PSA: Isolated Web Apps Allowlist for Managed Installations

127 views

Skip to first unread message

Robert Ferens

unread,

Oct 27, 2025, 1:20:44 PM (7 days ago) Oct 27

to blink-dev

Contact emails

rfe...@google.com
iwa-...@google.com

Documentation

https://developer.chrome.com/docs/iwa/allowlist

Launch bug

https://launch.corp.google.com/launch/4381879

Link to entry on the Chrome Platform Status

https://chromestatus.com/feature/5084002709012480

Platforms

ChromeOS
Other desktop platforms(Windows, Mac Linux) when managed Isolated Web Apps are launched on those.

Summary

Starting in Chrome 143, only Isolated Web Apps (IWAs) that are on a Google-managed allowlist can be installed or updated via administrator policies. This change affects all managed scenarios, including Managed User Sessions, Managed Guest Sessions, and Kiosk mode. The change does not affect developer-mode installations.

This allowlisting process is being implemented to enhance platform security and stability. It ensures that IWA developers adhere to Google's platform policies and establishes a verified contact with them. This direct contact is critical for addressing emergency cases, such as a security vulnerability or a major application defect.

Impact
New Installations & Updates:The method for installing IWAs remains the same. However, any new installation or update will fail if the application's ID is not on the Google-managed allowlist.
Existing Installations: IWAs already installed on user devices will remain, but they will no longer receive updates until they are allowlisted.

Blink components
No Blink component

Chrome components
Chrome > Isolated Web Apps

Flag name
chrome://flags#enable-isolated-web-app-allowlist

Milestones

Launch in M143

Reply all

Reply to author

Forward

0 new messages