Why websites generally beat apps
The mobile app stores from Apple and Google inspect apps for safety. Their vetting is good but not foolproof.
GET CAUGHT UP
Summarized stories to quickly stay informed
Once you’ve downloaded an app, though, app makers have latitude to collect information that websites generally cannot easily obtain, including your approximate location, your battery level and what other devices like an Xbox are connected to your WiFi. Apps might pass on the information to advertising companies and data brokers.
Apple and Google require apps to ask your permission for some location collection and information sharing. (In 2021, my colleagues investigated iPhone apps that found ways to track you even if you said no.)
Well-designed apps generally do a great job protecting your security and privacy, but you can’t always tell the good apps from the ick ones.
Compared to apps, websites “cannot spy or track you as easily nor access confidential information without permission,” said Chester Wisniewski, a digital security specialist with Sophos.
He also said the top web browsers including Google’s Chrome, Apple’s Safari, Mozilla’s Firefox and Microsoft’s Edge have “some of the best security engineers in the world.” Their security measures apply to any website you visit. Each app might be responsible for its own security updates.
Websites definitely aren’t perfect. They have security flaws and tricky ways to follow your activity. You can also be fooled by websites pretending to be your bank or favorite retailer.
But an experienced web browser technologist said browsers are “paranoid by default.” Compared with phone apps, he said browsers give you more options to dial up privacy, including by blocking targeted advertisements. Outsiders can also verify websites’ security and information-sharing activities in ways apps don’t permit.
(This person spoke on the condition of anonymity because he didn’t have permission to talk to a journalist.)
Nicholas Weaver, a researcher at University of California at Berkeley’s International Computer Science Institute, voted “it depends” on whether a website or app is safer.
If you’re using Firefox or Safari, he said a website is probably better than an app because those browsers automatically block many technologies used to build dossiers of your interests and activities. Weaver said a website is probably worse if you’re using Chrome because Google’s browser generally allows those tracking technologies.
Google said people have options in Chrome’s settings to turn off a common tracker technology called cookies. The company said Chrome is also experimenting with phasing out many cookies.
Frédéric Rivain, chief technology officer for the password manager company Dashlane, went against the crowd and said mobile apps are generally safer than websites.
He said it’s easier to create an imposter website than an imposter app, and that Apple and Google put solid restrictions on app coding while websites have less supervision.
What should you do with this information?
Particularly for services you don’t use often, consider whether you need to download an app to your phone or if you can use the website instead. Also consider deleting apps you don’t use regularly.
Those of you with Android phones are probably using Chrome. If you’re concerned about what Weaver said, follow these instructions to change your phone’s standard browser to Firefox or something else.
For iPhones, you can go to the Settings app, pick Privacy & Security and then App Privacy Report. That will give you a week’s worth of analysis of how often apps collect your location, phone contacts or other information.
The safety question also spotlights the downsides of smartphone apps, including giving Big Tech control over what you do on your phone and potentially increasing costs for subscriptions. That’s why I want us to be open to the promise of potential alternatives to 15 years of the smartphone app status quo.
Also, let me know if you were the reader whose question sparked this exploration of apps versus websites. I can’t find your email!