| ▲ | palata 3 hours ago | |||||||
Well, you can verify that the code that you downloaded is the same that everyone else downloaded. Even if it contains webviews. Now if it contains webviews, it brings the security issue of... the webapps, of course. Personally, I want an open source app. You can audit an open source app and even compile it yourself. You can't really do that with a website. And I don't mean just mobile apps, that applies to desktop apps, too. I wouldn't run a web-based terminal, for instance (do people actually do that?). | ||||||||
| ▲ | leptons an hour ago | parent [-] | |||||||
>Well, you can verify that the code that you downloaded is the same that everyone else downloaded. Even if it contains webviews. Not impossible to do with websites, if the need to do it was there. It would take about 15 minutes to create a browser extension that could make a hash of all the files loaded, to compare with other users with the extension installed - but honestly that's just not needed because if you're connecting via HTTPS, then you're getting the files that are intended to be served, presumably not malicious if you trust the source. And if you don't trust the source, then why are you loading it to begin with?? >Now if it contains webviews, it brings the security issue of... the webapps, of course. Web applications are sandboxed in the web browser. Very little issue with that, outside of browser bugs/exploits, but bugs and exploits are found in every system ever. >I wouldn't run a web-based terminal, for instance (do people actually do that?). AWS has a web-based terminal for EC2 instances. It's not a problem, a lot of people use it. | ||||||||
| ||||||||