Notes - Fugu Community Monthly sync EMEA friendly (Sep 8, 2025)
Vincent Scheib
Sync on projects of shared interest
Microsoft Lead:
Web Install Umbrella bug, UX bug, Discussion doc
All planned code for OT has landed in 141
Web platform security review and PEPC – check in
tsteiner thinks that PEPC should not block from shipping. Thomas wants to give a talk at TPAC. Want to catch Mike before TPAC
Thomas is not aware of telemetry to reduce prompt abuse.
Main usage seemed to be recovery
Mike seemed to think this prevented prompt abuse
Dan - I think he said it would help with not needing a permission, which prevents annoying permission requests.
scheib: I'm supportive of moving forward with origin trial w/o PEPC. We can get signals for install here, signals for functionality, etc
As long as that is making progress, that is just a convo between your two groups
Lia - Yes - Mike is out through mid-September, waiting there.
Dan - are we engaging Serena?
Not really - mostly thought this was on the UX side
Alex - let's make sure that we don't go around the asigned reviewer.
Are there known incidents of abuse of install?
Vince: not aware of any.
Dan: spoofing, have addressed with mitigations.
What should we expect?
Alex: I don't have a good enough understanding of PEPC use in practice to believe it solves these problems
The API version may or may not add a quantum to mitigate
We have other mitigations potentially in place as well.
or maybe PEPC is the ideal? I don't have a reason to believe either way yet
Having a place to understand that evidence is helpful for us.
Dan: A concern if another permission is user permission fatigue similar to notifications and geolocation.
Primary goal: Work with Mike.
Request: Want to prepare the ground towards moving forward
Want: Evidence to date on tests with PEPC, give us a belief we won't have to solve related abuse problems with other mechanisms. We want to know this
If not, we want to know this too.
Path to Origin Trial, presuming we move forward without PEPC what other constraints are needed?
Notifications example, could have adjusted the API shape.
FYI chrome launched machine learning & user prompt mitigation which has been effective.
Dan - it would be nice to not need that at all if possible - needs PEPC data.
Recommendation: propose OT with API as is, document the data needed to revisit for shipping.
Main visible feedback: on mobile, random sites always randomly pop up 'share location ' or 'share notifications' permission. Don't want that for install.
Alex: proposal here is
install only available from installed app
Making sure this problem is listed is important
Dan suggests: always have an up to date concise doc with current recommendation and known concerns.
Diego:
New explainer versions are out
There is an FAQ document now to help reviewers.
LImin: Notification spam ML thing
Do you have things you can share with us about this? We are also fighting this.
https://blog.chromium.org/2025/05/fighting-unwanted-notifications-with.html
Google Lead:
PWA install icon on Android large screen form factors launching in M141.
Approximate Location API
continues
Improve Gaming on the Web Interop by increasing WPT passing rates on Gamepad, Pointerlock and Screen Orientation APIs
Navigation capturing launched on ChromeOS as well (already WinMacLinux
Alex: Available to other Android browsers?
Chrome on Android is work in progress, well under way. expected in approximately Q1 2026
Dan: Believe this is already supported by an installed app in app scope.
Most work now is bugs, e.g. related to auxiliary context (e.g. login flows)
Alex: on Android, other browser too?
Dan: Desktop targeting around M143. 2026 for mobile. Getting good engagement from partners which helps support the effort.
Dan: enables moving web apps to a scope of whole origin, in the event we need to gate capabilities to PWAs that are 1-1 with origins.
working on interop proposal for install testing.
FYI: Apple Marcos seemed supportive of improving testing in this area for e.g. manifest parsing.