Comment by palata

Those are valid arguments but I like apps better, for other reasons. Mostly security.

When I use, say, the Signal app:

- I can audit it, download it or even compile it myself from sources

- Once I have installed it, Signal doesn't get to change it "in my back"

- As a result, I don't need to trust Signal for the end-to-end encryption, which is the whole point of end-to-end encryption.

When I use a webapp, say ProtonMail:

- Every time I load the webapp, it is downloaded from the Proton servers. Even if I once stop to audit it, next time I load it, it may totally be a different codebase (that e.g. adds a backdoor, potentially just for me, and just this one time).

- I need to trust that Proton doesn't inject a backdoor to extract my key, then end-to-end encryption is useless. I could also trust Proton to not read my emails, right?

- If a webapp is served by a CDN, I have to trust that the CDN doesn't tamper with it. Actually Meta has an extension made for verifying that for WhatsApp Web. The extension is a bulky way to make sure that you loaded what Meta wanted you to load (i.e. that Cloudflare did not tamper with it), but it DOES NOT ensure that Meta did not inject a backdoor just for you, just this time.