| ▲ | palata 2 hours ago | |
Well the idea is that the client should be open source, and audited. If you run a proprietary app, you have to blindly trust it (just like if you access a webapp). In terms of security, the best is an open source app, IMO. | ||
| ▲ | Zak 10 minutes ago | parent [-] | |
Open source helps, but if you didn't build it yourself, you'll need to trust whoever did. F-Droid reproducible builds help in that you only need to trust either F-Droid or the developer, not both. The browser tends to be safer because it has a stronger sandbox than native apps on a mobile OS. It's meant to be able to run potentially malicious code with a very limited blast radius. | ||