at present, GET args in a launch_path are removed prior to being used to launch the App. We should explore whether it is possible to relax this restriction without introducing new security risks.
For example -- If we relax this restriction, an App developer could submit different manifests to different App stores that differ only by a GET arg; this would allow them to distinguish which App Store lead to a given installation.
I think it must be a bug that this is being removed; nothing we've ever discussed would preclude GET args.
Tested here, and I cannot reproduce any problem with a query string: http://app1.ianbicking.org/?manifest=manifest-get.webapp
Installation works, and app.launch() starts the app with the query string.