macOS: install program or use browser?

What is more secure/private/anonymous, downloading and using programs like Telegram/WhatsApp/Signal or using these services inside webbrowsers?

It depends.

Web version

  • Advantage: The app runs in the browser sandbox (which is stricter than even the macOS sandbox). As long as your browser is up to date, you should be secured from most vulnerabilities. It is also easier to combine VPNs, for example run any VPN app on your Mac, then use Tor Browser so use of the app goes through a highly private connection.
  • Disadvantage: The client code of web apps can change any time without notice. The next time you refresh the page, it might get updated. If an older version of the app is cached, the server can instruct the browser to flush the cache. This means that if someone intercepts your connection or attacks the site’s server, a trojanized version of the app can be served to your browser, which can compromise your account tokens, messages, or even infiltrate your Mac.

Native app

  • Advantage: Unaffected by browser vulnerabilities as long as the native app is not an embedded browser (such as Chromium Embedded Framework). You run whatever version you have and the automatic updates can be turned off for most apps so you can reveal the changes before choosing to updating the client.
  • Disadvantage: Native apps have more permission than web apps in the browser and can spy on you, upload your files to a remote server, or potentially infiltrate your Mac with malware if the client is infected. Proprietary apps like WhatsApp might abuse permissions like camera, microphone, and full disk access. If updates to the apps are not applied promptly, you might be exposed to vulnerabilities such as zero-click attacks (malicious attachment sent to you infects your device).
1 Like