[ramchip]

You have to trust the original developers either way, but the distribution mechanism is much weaker for a web app. The server / hosting platform can be compromised, the code can change at any time and even depend on the client that's connecting, and there's no software signing providing non-repudiation.

Not saying native apps are universally better, but I do think their treat model tends to be a better match for encrypted messaging. This comment on Signal explained it well: https://community.signalusers.org/t/google-to-retire-chrome-...

[realusername]

The signature doesn't mean much on the mobile store though, Apple and Google could modify anything they want, resign it and push a new app.

With the web you have to trust the app developer and with mobile you have to trust the app developer plus Google or Apple on top of that.

Fdroid is maybe the only exception to that.

[ramchip]

> With the web you have to trust the app developer

The linked comment goes into it, but you have to trust the web hosting platform, the CA ecosystem, etc. We're talking not just Apple/Google being able to attack you, but also China, and even some script kiddie with a Node.js exploit.

> with mobile you have to trust the app developer plus Google or Apple on top of that.

The OS/browser vendor can record what you're doing with a web app just as easily as a native app. Thankfully they have very strong incentives not to do so, and can usually be held accountable with code signatures (the non-repudiation part).

[realusername]

There's much much better transparency mechanisms on the CA system than Apple or Google though. While a CA attack is possible and does happen sometimes, the attacker pretty much burns the CA in the process.

For starters, there's not even automated reports of app signatures on mobile and no transparency authority at all.

[eviks]

With web you have to trust the developer on every visit of the website. With mobile you can pin the trust (with some effort) to a single point in time, big positive difference

[realusername]

I'm not aware of any major mobile platform which works like that though, maybe in theory it could be done but in practice it's all powers to the manufacturer which can modify or remove your apps at any time silently.

Unless maybe you are on some things like GrapheneOS and only install apps though fdroid, that's not really a mainstream configuration though.

[eviks]

How can they modify the app on your device silently?

[realusername]

They have system access and can push anything on your device. In the past you could have an actual developer signature on the play store but Google got rid of it, on iOS there's never been any support at all of this kind of security.

Fdroid supports that but you need a modified rom so that the play store cannot interfere with it in any way. To my knowledge, only GrapheneOS does that.

[eviks]

Your explanation confuses the store with the device .Yes, at the time of download from the store you trust two parties, but that's still only "a single point in time"