- Reading time: 8 minutes -

In a nutshell:
“Electron” is a development environment for applications, which are then ultimately embedded in an “own” browser.

Advantage: Practical - An app as a browser, works virtually everywhere. Disadvantage: Potential for attack - overloaded, large memory requirements, not barrier-free.

There are a lot of applications implemented with Electron: Atom, DeltaChat desktop, Discord desktop, Element desktop, Mattermost desktop, Signal desktop, Slack desktop, Threema desktop, Visual Studio, WhatsApp desktop etc.

Below is more on the criticism of the undisputedly very successful development platform.


Electron is not accessible (“accessible”), which means, for example, that visually impaired people are disadvantaged.

Injecting a Chromium Add-On in to Electron
As a blind user, I am having problems using Electron apps with the Orca screenreader for Linux. This is because Chromium, my primary browser, doesn’t support using Orca by default. It does, however, have an extension called ChromeVox to serve as a screenreader. Since both Chrome and Chromium use this screenreader, and Electron uses Chrome to function, I wonder if it then is possible to “inject” the ChromeVox screenreader in to my apps. I use inject losely, as there are some apps that I can’t readily get access to the source code of; Spotify and Slack serve as primary examples. Does anyone have some experience in this matter?

Source: Reddit (2017)

Security and privacy

Electron is more or less a complete Chrome browser with a built-in additional function (the app). So basically Electron apps are not really apps but a Chrome browser with only one tab, namely the app. That means, for each Electron App you install yourself a complete Chrome browser.

It virtually pretends a cleanly developed program for the respective operating system by actually bundling only the web application in Chrome. Actually, you could then use the regular web application of the app right away.

Due to the complexity of browsers, the attack surface is correspondingly larger than with classic programs/apps.

It is also more common with Electronapps that the developers keep their software up to date, but do not regularly update the Electronframework used. Often there are weeks or months between the used and available electron versions. However, no one acting responsibly would not update their browser for months, whether Chromium, Firefox or any other browser. Unfortunately, some developers think differently when it comes to Electronapps.

However, regular updates are elementary important to close security gaps.

An impressive example can be found at debian (external).

**Electron is therefore neither recommended for security reasons nor for reasons of data economy (data protection).

If apps focus on “security” and boast about it - but use Electron at the same time, this clashes a bit. Some therefore recommend not to run Electron applications directly, but exclusively isolated, e.g. in a “sandbox”. Also, according to the Free Software Directory (external) Electron is non-free software.

Very good article on the subject: 'Electron apps have a dangerous Achilles heel'.

More information on the net: