It's been close to a year since I started using GrapheneOS. I've been using all social media on Brave browser with ad-blocking and anti-fingerprinting, things which Vanadium can improve on. It's a bit of a hassle to open up a new website rather than an app so that brings to my question:

How much of a difference is there in using a social media site like Instagram directly on my browser vs. installing a web app in terms of privacy/fingerprinting? The app would still open in Brave, but how much information can the web app access? Can it run in the background? Can it find out the build of the phone like regular apps?

    With Instagram specifically you need the app, unless you aren't going to post anything. Websites cannot run in the background. If you are signed into a website, there is no need to "fingerprint" you because you are telling them who you are. But having an app with lots of permissions, particularly location, is much worse. I will never install the Reddit app for this reason. Once they get the app on your device that opens the door to location tracking, listening to your conversations, high frequency beacons—all sorts of weird shit. This can be mitigated or avoided by using a secure OS like Graphene OS and revoking permissions.

      yore I believe it's the same whether you open the site via the browser or via the "installed" web app. The same javascript will load either way.