ssiddharthI Won't Download Your App. The Web Version Is A-OK
Web browser is a sandbox by default. Worst a sketchy site does is eat a tab, less if you run an adblocker. Native app? Background processes, hardware ID shenanigans, your contacts, location. The whole buffet.
Using flatpaks or mobile apps, you can view the sandbox permissions and adjust them if you have to.
> your contacts, location. The whole buffet.
It's not like an app is getting those without your knowledge, and many times it's useful for an app to have your contacts or location...
Almost never is it useful for an app to have my contacts or location.
That said only on some platforms is it possible to stop a native app from getting them.
One of the most enraging things about life since 2005-ish is that no matter how private and careful I am, it doesn't even matter because every other inconsiderate fool I know and interact with will HAPPILY let some random company have access to THEIR contacts--which includes me--in order to play Farmville for a month until they get bored of that and offer up my private information to the next bullshit ad company that asks for their contacts.
It used to frustrate me that people didn't care about their own privacy, because I genuinely didn't want evil people to hurt them. But, it's even more angering that people don't have the common decency to consider whether their friends and family would want them sharing their phone numbers, email addresses, photos of them, etc.
Not without my knowledge or your knowledge sure. But I'd bet there's significant percentage of the population who is tired of thinking about permission popups and just hit yes yes YES to get the App started. Especially if it forces retries before going forward.
I think they're counting on these popups wearing people out.
After GDPR made these incessant annoying cookie popups mandatory, I just robotically click any button to dismiss it as fast as possible. Some website could probably write "Give root access" in that box and I'd probably click it without thinking.
Location can also be extracted by JS on a website with these geo functions, IIRC?
bias disclosure: i used to do Android dev and kinda hate the browser personally.
i don’t get this take. “Web browser is sandbox by default”. sure, it has to do the rail grind with a rake to access system calls, but in a modern system apps are also sandboxed, especially on a smartphone or when downloaded with a managed app service. the OS gives you the ability to specify permissions, although to what degree depends on your provider. your browser _obviously_ also has the permissions you’re talking about. and now we have introduced yet more vectors in the form of cookies where web _applications_ can track activity _between applications_ with that just kinda being part of the spec, and it totally neuters the protections that the OS gives you because once you configure Firefox to get your location for Open Maps, now you’ve totally given control to your location permissions for _all web apps_ to yet another corporate driven point of failure.
don’t even get me started on the UI mess.
my tinfoil hat theory is that the browser is pushed by mostly bad actors trying to get data, while anyone providing a real user experience has a nice native app.
press F for my reputation.