Security of Official App vs Browser w/JS-enabled

ironwindow

Let's say you have to access an online service or website on your phone, and the only two ways to do so are either through using that website's official app or through using Vanadium with Javascript-enabled.
With all of GrapheneOS's additional security and sandboxing features in mind, which approach is riskier or has more attack surface?

[deleted]

ironwindow

I'd be keen to see some thought out answers on this myself.

For me, at the moment, it's in a 'it depends' camp and I use both approaches. Security researches (Madaidan, et al) vote for an app approach, arguing that a static code within an app is a safer option. Yet, if you consider worst case scenario, say a Samsung phone with some loyalty app permanently running in the background with 69 pernissions. That seems pretty nightmarish to me.

As opposed to going to a website, let's say in Brave, logging in, cashing your points and then nuking the leftover crud... Also, avoiding an increased attack surface extra code of any kind presents. And then maintenance (tracking/updating said apps).

What gives me pause is that this is Graphene we are taking about. Are safeguards tilting the balance in favor of one over the other? Eager to hear others' opinions.

spring-onion

I assume you mean to minimize the risk of a malicious compromise of your device. Accessing the service through a browser is hands down the way to go then - an attack would have to compromise the browser first which comes with its own forms of sandboxing and isolation. Apps are more invasive no matter how many permissions you take away, which is why you are always urged to install them... to have your privacy invaded.

Now if you are looking to strengthen the security of a service's doing, e.g banking, e-mail, an app may prove beneficial precisely because it is more integrated. I don't have any readings on me right now to provide you with an in-depth explanation but I'm sure they aren't hard to come by.

ironwindow

spring-onion Apps are more invasive no matter how many permissions you take away, which is why you are always urged to install them... to have your privacy invaded.

So this applies to even GrapheneOS? I thought the OS was hardened enough that it should be relatively safe to install most apps, given all the app isolation/sandboxing features in place.

spring-onion

It is, however even with all permissions taken away, apps are not "powerless" altogether. They can still see what other apps you have installed and talk to them if there's mutual consent, your country code is known, etc. Fairly harmless stuff but more than a regular website could exfiltrate. Remember you close the site it's gone, the browser may have cached it to some degree and maybe there are some cookies as leftovers but that's it, an app on the other hand is none of that, it persistently remains on your device until you delete it. And if it's something that isn't trustworthy it has no business being there.