It is a trade-off, with too much access threatening security and cross-platform compatibility, and too little access blocking features and giving users an inferior experience when compared to a native desktop application. A key issue for web applications – however they are packaged – is access to the local device and operating system APIs.