HTML5 or Native Apps?

The argument for HTML5 versus native apps used to be about speed versus function, but the debate is starting to get  complicated.

For deployment speed and cost, HTML5 wins. You can’t beat “Write once, run anywhere” for quick distribution, and trained developers are everywhere. On the other hand, for a native UI or deep, hardware-based functionality, like access to a camera, native and hybrid apps are your only options.

Those points remain valid, but a spike in mobile malware and the increasing reach of mobile devices into the enterprise has heightened security fears. Windows 8 has further complicated the native app landscape.

So how do these new factors affect your development decisions? It really depends on what you need.

Security: advantage, native apps (with a caveat)

HTML5 is a cross-device, cross-browser standard. It runs almost anywhere, and therein lies its greatest weakness. HTML (and by extension, HTML5) is quite literally the world’s biggest target for hackers. Cybercriminals have been exploiting weaknesses in HTML and HTTP for years, and they’ve gotten quite good at it.

Add to that the fact that careless HTML5 developers could open holes with new features, such as Cross Origin Resource Sharing, and you could have some serious trouble. There are a host of glitchy little weaknesses in HTML5, like the one that makes it easy to achieve clickjacking (burying a malicious link behind layers of other content and tricking the user into clicking).

HTML5 is still new, and eventually, these holes will be closed. And that’s the platform’s greatest security strength. HTML5 runs in a browser, and browsers typically self-update. Keeping one browser (often from a trusted source, like your phone OS manufacturer) updated is far more likely than updating several dozen apps. So, while HTML5 might have more gaps than native development environments at the moment, it patches much faster.

The arrival of Windows 8: advantage, HTML5 (with another caveat)

Windows 8 complicated everything by adding a third device platform to the mix. To confuse matters further, Windows 8′s native development language is (among others) HTML5.

You can certainly still use C++ or C# to develop Windows apps, but HTML5 is an option on the menu. For cross-platform developers, this returns a sense of urgency to “Write once, run anywhere.” If you’re going to write an HTML5 app anyway, why not just write native containers for Android and iOS and package in your HTML?

Certainly, the advantage goes to HTML5 with this one, but it’s not a home run. If performance is paramount, native development will still win, and there are a number of cross-platform development tools, such as Xamarin (which happens to use C#), that will let you write shared code in one language and compile down to native code.

HTML5 is finally arriving, but native apps aren’t going away. For at least the next few years, we’ll see a mix of both, with time-sensitive applications rolling out in HTML, and security-conscious apps compiled in native code.


Cormac Foster
Cormac Foster is a writer, consultant, and skeptic who finds enterprise technology more exciting than he probably should. Before coming to ReadWrite, he spent time as an analyst at Jupiter Research (now part of Forrester), a writer at CNET and a business analyst. He's consulted with and written for dozens of tech companies, including Avocent, Research in Motion, Trend Micro and Veracode.
Cormac Foster
Cormac Foster
Tags: BYOD,IT Security,Software,Technology