As a practical matter you cannot implement a localhost secure websocket. Essentially all of the methods for communicating between a web app and a native app are some kind of ugly hack and none are supported well enough that you can feel confident they'll stick around for any length of time in all the major browsers.