[fatkam]

E2EE can be done anywhere, but of course some entities like Google or Apple might try to spy locally.

[kibwen]

Indeed, the article's assertion that "mobile is convincingly a more secure platform" falls over if you don't trust the gatekeepers holding the keys.

[Andrex]

And even if you trust them, they could be compromised now or in the future:

https://www.computerworld.com/article/3712380/russia-hacks-m...

[tptacek]

So that's fine and all, but if you've lost that trust in the platform itself, you can't trust any E2EE; it's not as if browsers somehow fare better in that analysis; they are in fact strictly worse.

[lmm]

Browsers can run on platforms that don't have secret baseband firmware, obligatory auto-updates, etc. etc.. Obviously a layer on top of a specific platform can never have better security than that underlying platform, but you can run a browser on a better platform.

[fatkam]

browsers do add one more layer of trust when thinking about the OS, but any mobile app also does?