Facebook App vs Vanadium? Is one better to use than the other?

looped_around

I need FB/social media for business, it's in a separate user profile isolated with all the other social media, but also some personal email accounts and clouds.
Is it more private to use the FB app and limit the storage scopes?
Or is it better to use vanadium? After reading the browser details, I don't want to install a second browser to separate out other browsing needs and data. Needing to flip between tabs instead of windows.

I looked at some of the 3rd party wrappers, but I have little trust for them. I know all apps in a profile are sandboxed, but I was reading that IPC and notification information may allow apps to access account names?

I'm new and not very familiar, so I'm hoping for some clarity! TIA

SgtSurehand

Whether you use web app or native app, they don't need to access storage to be able to deploy scripts to track your interactions with the app in both cases and perform analytics based on that. Native app is more capable than the web app of course.

looped_around

SgtSurehand Thank you for explaining. I understand I lose some privacy, I guess I'm wondering how much would the app be able to gather? Knowing an app is installed is one thing, knowing the account info is another. Analytics I expect, but it will be behind a VPN and limited types of activity. How can I understand better what part of apps are sandboxed and what they can access regardless?

SgtSurehand

looped_around I am no developer, but I know for fact that apps have access to a lot of things you wish to keep private by default. Expect the best, prepare for worst.

rerpy

looped_around The app is subject to the permissions framework you choose to run it on, if it's the Android App, then it'll need relevant permissions from the OS itself, and if it's on Vanadium, then it needs permission from the browser, which in turn needs permissions from the OS.

As for analytics, apps in general decide what they do or don't send to the backend service and there's no real way to guarantee they aren't logging what you do. Using your FB example, the app necessarily sends your posts, likes, and such to the backend, which then can or cannot log that into analytics. This last part is happening entirely on their server and thus cannot be influenced by us as users.

SgtSurehand

rerpy it is not as simple as that. App or scripts on website can do way more than that without having to grant them any permissions like processing your interactions with elements on the website, collecting hardware stats and so on.

rerpy

SgtSurehand Interaction with elements happens inside the app/website, so I think I covered it in my second paragraph, sorry for not being clear 😅 but yeah apps have full access to anything happening inside them, so that's ultimately inescapable.

As for the permission framework giving access to non-ciritical info strictly from a device security perspective, that's correct too.