Comment by palata

9 hours ago

Well the idea is that the client should be open source, and audited.

If you run a proprietary app, you have to blindly trust it (just like if you access a webapp).

In terms of security, the best is an open source app, IMO.

4 comments

palata

Reply
Zak  7 hours ago

Open source helps, but if you didn't build it yourself, you'll need to trust whoever did. F-Droid reproducible builds help in that you only need to trust either F-Droid or the developer, not both.

The browser tends to be safer because it has a stronger sandbox than native apps on a mobile OS. It's meant to be able to run potentially malicious code with a very limited blast radius.

  • palata  6 hours ago

    > Open source helps, but if you didn't build it yourself, you'll need to trust whoever did.

    You need to audit the code. If you are not capable of doing that, you need to trust someone to do it.

  • zadikian  6 hours ago

    Also even obfuscated JS code is easier to understand than machine code, if you're trying to tell what some non-open-source thing is doing