Hello,
I use a number of online services regularly and hold accounts with them. Many can be accessed either as an app downloaded from Google Play Store or from browsing their website using Vanadium.
Is it possible to make a comparison of the security of using the service via their app or via the web browser? If so, what differences in security could there be?
Web apps are better sandboxed since they benefit from the Vanadium/Chromium sandbox, but they're served arbitrarily by web servers.
Native apps mainly rely on the OS app sandbox (some parts can use a stricter sandbox called isolatedProcess), but can use more security features such as certificate pinning and the hardware-backed keystore. There are also W^X restrictions as signed code is distributed through app repositories with signature enforcement for app updates.
It comes down to the app in question.
Wonderfall Thank you for your reply. I imagined it would depend on the app in question. I think it is best if I go away and do some reading - your response offers me a useful starting point!
And privacy-wise, what's the best ? Vanadium or app ? (I use DNS filtering)
[deleted] I think web apps would win since regular apps can get some data from the phone that web apps cannot get from the browser.
But the most important thing is how users interact with websites or apps. Doesn't matter how good a device or OS or sandbox or whatever is if a user gives up their personal data willingly. So, use different emails across services, different usernames for extra privacy, deny permissions when possible, etc.
