App or browser?

Do you think that in terms of privacy it is better to use a web app in Vanadium/Brave or in an application? For example for public transport, Mastodon, Uber, newspapers,…
Knowing that I have DNS filtering
Thanks

Of the 3 option you’ve listed, based only privacy, I’d order them as:

  1. Brave Webapp (most private)
  2. Vanadium Webapp
  3. Proprietary App (least private)
1 Like

Why do you say this ?

Why?

Assuming we are talking about Mobile:

  1. Why Webapp vs installed proprietary app: Generally speaking webapps aren’t allowed as much access to the system, sensors, etc compared to installed apps. Whatever you do within the app/webapp is still not going to be private, but using a webapp version can keep the invasiveness of an app or service more contained compared to an installed app which is still sandboxed but more integrated into the system by design.
  2. Why I think a Brave (or Mull or Firefox) Webapp would be more private than a Vanadium Webapp: Primarily because Brave has built in content blocking (ad/tracker/malware) and Vanadium does not, and because compared to Vanadium, Brave is more focused on browser privacy and browser fingerprinting protection.

Two caveats,

  1. This assumes the app or service in question is untrusted and/or proprietary. So for example, I would not group Mastodon in with the other examples on your list, because its an open source project which I don’t distrust. Basically I think webapps are a great solution for services you don’t trust but still need to use, whereas if I trust a service, it doesn’t make much difference to me if I use the webapp or the installed app.
  2. There is another option we have talked about, which is using an alternative open source / privacy respecting installed app instead of the official proprietary app (an example would be using Newpipe instead of Youtube, or Redreader instead of the reddit app). Its hard to say where in the list of most to least private this type of app would fall since it will depend somewhat on each individual app (and many are essentially just glorified webapps that you can install to the system). I prefer this type of app where possible in many situations (I’d highly recommend Newpipe or Libretube instead of Youtube or the Youtube webapp).
5 Likes

I agree with everything you said but

"Generally speaking webapps aren’t allowed as much access to the system, sensors, etc compared to installed apps. "

In which way ? Because if I don’t give any permission, including the sensor permission, except Internet permission, where is the the fault ?

One major benefit of not having to install an app is that you don’t increase your attack surface.

2 Likes

That’s a good question, and one that I don’t have precise information about (which is a large part of the reason I prefer webapps for untrusted services–because I don’t have to speculate about specifics as to what is and isn’t visible to the app. If its a webapp it’s more clear to me what the webapp can’t access. I know that there are many things that can be controlled via permissions, as well as things that apps are not restricted from accessing which could be potentially sensitive, as well as things that do have a permission, but its not granular/precise enough). I believe this is one area Graphene improves things compared to stock android, but its been a while since I used Graphene so I don’t recall specifics.

In addition to this Webapps can be useful because they are often designed to work with less permissions by default. Some installed apps will not work properly if you deny permissions (either by design as a way to force you to grant the permission, or unintentionally) and some of those apps will work fine as a webapp despite not having the permissions that they break without as an installed app.

I think a place to start your research if you want to understand what is and isn’t specifically protected via permsissions and the android application sandbox would be AOSP or others’ documentation on:

  • Android Security Model
  • Android Applicatoin Sandbox
  • Android Permissions System

I believe that GrapheneOS has some useful resources for this as well (I’m pretty sure this is where the majority of information that informs my opinion comes from. The GOS project is a wealth of info, but much of it is not very well organized and can be hard to find.

What is the “Brave” webapp? I’m searching for it on brave.com but I can’t find it? :frowning_face: :frowning_face:

A web app is essentially just any application you access via a web browser/the internet. Often (but not always) when people refer to a webapp, they are referring to a specific type of webapp called a ‘Progressive Web App (PWA)’ which is a standard format for webapps that can be ‘installed’ in a way that makes them feel similar to a traditional locally installed application.

So here where we have been referring to a Brave webapp we are just referring to using those sites via Brave Browser compared to installing the application. There is no ‘Brave Webapp’ but Brave does have PWA support built into the browser.

1 Like