|
|
|
|
|
|
by Retr0id
776 days ago
|
|
|
> Web apps are better than native apps from a security perspective. This isn't true. Sure, they have less access to the host system, but verifying the integrity and authenticity of a web app is harder than that of a native app, where code signing is commonplace (not that code signing is a whole solution, but it's a great start). Extensions[0] exist to improve the situation but it's not yet broadly applicable. A compromised web app doesn't have to upload your data to a 3rd party, it just has to (for example) encrypt with weak keys. You'd never notice that from the network logs alone. And while I agree that debug tooling for the web is great, there's a lot of great stuff for native code too. Ignoring "expert" tools entirely, a more user-facing example is Little Snitch[1], which handles the "detect data being sent to 3rd parties" use case. [0] https://engineering.fb.com/2022/03/10/security/code-verify/ [1] https://www.obdev.at/products/littlesnitch/index.html |
|
|
2) Legit trusted applications are already what siphons everyone’s content, not malware. At least in the browser there’s uBlock Origin and even a dev console.
Just some things to keep in mind when comparing the differences.