Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Which is more secure and private: using an app from the App Store or visiting the website with Safari?
- Thread starter zoziw
- Start date
- Sort by reaction score
It's a good question and deserves lots of discussion. It depends on the privacy policy. Using NYT as an example, you can read about its privacy policy for both the website and the app.
www.nytimes.com
The policy is also available via the app by tapping on your account icon in the upper right, scroll down to About This App > Privacy Policy. The app doesn't request tracking, but using Safari on its website on my iPad, it found 11 trackers. Like many apps, it discloses what info it tracks in the app description.
My preference is to use Safari for NYT because I can see the blocked trackers, so feel like I have more control versus the app, and I prefer the web version's display and navigation options.
Privacy Policy - The New York Times
The policy is also available via the app by tapping on your account icon in the upper right, scroll down to About This App > Privacy Policy. The app doesn't request tracking, but using Safari on its website on my iPad, it found 11 trackers. Like many apps, it discloses what info it tracks in the app description.
My preference is to use Safari for NYT because I can see the blocked trackers, so feel like I have more control versus the app, and I prefer the web version's display and navigation options.
Last edited:
I'd say that using Safari is more transparent than using an app.
But the ultimate privacy and security differences between surfing using an app and using Safari depends on how much time and effort a user is willing to spend on checking on what Safari is doing and acting on that knowledge.
But the ultimate privacy and security differences between surfing using an app and using Safari depends on how much time and effort a user is willing to spend on checking on what Safari is doing and acting on that knowledge.
Apps seem much more able to force ads and notifications on you.
Viewing similar news sites in Safari using ad blocking compared to the native app, it's always a much more pleasant, uncluttered experience.
I think the reason they want you to use an app is because they have more control over your data.
I've never found the viewing experience better or has more options.
Therefore I'd say it's your browser.
Viewing similar news sites in Safari using ad blocking compared to the native app, it's always a much more pleasant, uncluttered experience.
I think the reason they want you to use an app is because they have more control over your data.
I've never found the viewing experience better or has more options.
Therefore I'd say it's your browser.
The technical name for this is "progressive web app". Basically, it's a website built a certain way with some additional resources that allow it to appear to be a regular full-screen app and run independently from Safari, I'm developing one myself. From the developer's standpoint, it's much easier because you don't need to register anything with Apple, don't need to pay any fees and don't need to get your app approved. When the developer updates their app it's not necessary for the user to do anything, the new code is automatically loaded when the app opens (although caching can be a problem). So the developer can basically do whatever they like, which might be a disadvantage from a user standpoint.
However, there are some other factors that should make web apps more secure by nature. The biggest one is that web apps cannot access the device filesystem like native apps. They are completely "walled off" and if the app needs to store any data on the device, it is done with some special API's that store data in designated places instead of simply reading and writing to files. If the web app needs to export data, it can only write to the download directory instead of saving a file anywhere. If it needs to load user data, that can only be done with a special API where the user manually chooses the file. A web app cannot programmatically open a user file because it cannot "see" the filesystem.
There are also limits to the amount of data that a web app can store on the device. I have found it confusing to understand exactly what that is, but depending on the techniques that are used it appears to be less than 1gb. This is different on iOS, Android, Windows and MacOS which makes things even more confusing for developers.
Another limitation of web apps is that they can't run in the background. I'm working on a mapping/gps app and if the user leaves the web app to answer a call or read an e-mail, the web app will stop tracking their position. A native app could continue working in the background in that scenario.
I’m doing the same since a while, after discovering the apps where leaving “tokens” or cookies? on my devices.
Thanks for the explanation.
Not all though open in a self- window. Several open directly in Safari working as bookmarks as they are supposed to do. What makes a bookmark/Home Screen button act differently?
I work for a company that uses trackers for metrics. We metric the living **** out of everything our users do.
That part doesn't bother me, but some of the trackers we use are more invasive, so that we can correlate who uses what trackers with other demographics as well.
When our company decides to implement a library for tracking like this, there's a lot of back and forth between the higher ups to make sure that it's what we should do, and then it's simply "do it". and we implement it across all of our properties, web and mobile. If there's a technical reason for not including it, we can pull it out, but eventually upper management says "Why did we stop getting XYZ info?"
So long story short, it's probably identical, and as long as they can correlate your IP address with your data elsewhere, they probably have some idea on who you are. In that regard, having do not track enabled is probably about the same as having Safari block trackers. The difference is that you can see that they're being blocked on Safari, but Safari might not catch everything, where as in iOS you know they're being blocked already, unless they're not respecting your tracking preferences.
A web app has to:
* Use an HTTPS connection - this is pretty much standard for every site now however
* Have an icon
* Have a webmanifest file - this can be quite simple with the app name, URL, icon, etc.
* Register a service worker - javascript code for data caching so the app can work offline
Some more info here, if you want to get technical.
PWA Minimus: A minimal PWA checklist - mobiForge
Now that Progressive Web Apps are supported on all major browsers, we present a minimal PWA checklist: PWA Minimus, to meet the minimum PWA requirements
I've come to the conclusion that the primary reason that most Apps are made is to facilitate much more in-depth tracking. The amount of tracking data an app can conceivably send to a server is mind boggling (depending on if it was coded into the app).
In every respect, you've got a much better chance of staying somewhat private visiting a https website than using their app.
But in reality- of all of the apps I've used that undoubtedly have tracked me in one way or another, nothing has ever become of it. It's been harmless as far as I can tell. My data point is just one in billions
In every respect, you've got a much better chance of staying somewhat private visiting a https website than using their app.
But in reality- of all of the apps I've used that undoubtedly have tracked me in one way or another, nothing has ever become of it. It's been harmless as far as I can tell. My data point is just one in billions
It really depends on how good / secure the app, as well as the website. In general, I believe accessing through website is more secured than via apps. Only certain apps (ie mobile banking) that I believe have similar security with the website (assuming the phone is not jailbroken).
Run Tor browser on a simulated iPhone in Xcode on a MacOS virtual machine with a VPN, in a Windows 10 VM with a VPN, on a Linux machine. And when you are done, burn the house down around your computer.
Seriously though this is going to depend on a case by case basis. Apple limits cross site tracking with Safari and apps sandboxes. So its going to come down to the webpage and app.
At the end you are running an app. The difference is with a browser you can find a more secure app, conversely that more secure app (browser) is going to be exposed to a lot of other traffic. With apps in iOS you can isolate what a single app is capable of too.....yeeaahhhh....
Seriously though this is going to depend on a case by case basis. Apple limits cross site tracking with Safari and apps sandboxes. So its going to come down to the webpage and app.
At the end you are running an app. The difference is with a browser you can find a more secure app, conversely that more secure app (browser) is going to be exposed to a lot of other traffic. With apps in iOS you can isolate what a single app is capable of too.....yeeaahhhh....