|
|
|
|
|
|
by ramchip
776 days ago
|
|
|
> With the web you have to trust the app developer The linked comment goes into it, but you have to trust the web hosting platform, the CA ecosystem, etc. We're talking not just Apple/Google being able to attack you, but also China, and even some script kiddie with a Node.js exploit. > with mobile you have to trust the app developer plus Google or Apple on top of that. The OS/browser vendor can record what you're doing with a web app just as easily as a native app. Thankfully they have very strong incentives not to do so, and can usually be held accountable with code signatures (the non-repudiation part). |
|
|
For starters, there's not even automated reports of app signatures on mobile and no transparency authority at all.