alt Hacker NewsIt's obvious what GP meant - we can verify that the apps we download are the apps everyone else downloads.
We can't do this with Proton where our mail is supposedly end-to-end encrypted. They can easily view our mail if they can send us a different code when we load their site.
> That isn't what "sandboxed" means, it has nothing to do with checking hashes. And no, mobile apps are not really sandboxed
Apps ARE somewhat sandboxes and GP didn't mean than sandboxing == checking hashes. It was 2 sentences appearing one after the other.
Replies
>We can't do this with Proton where our mail is supposedly end-to-end encrypted. They can easily view our mail if they can send us a different code when we load their site.
That isn't a problem with how the web works vs how apps work, that's a problem with you trusting Protonmail.
If you really wanted to be secure sending an email or any communication, you wouldn't trust any third party, be it an app or a website - you would encrypt your message on an air-gapped system, preferably a minimal known safe linux installation, and move the encrypted file to a USB, and then insert the USB into a system with network access, and then send the encrypted file to your destination through any service out there, even plain old unencrypted http would work at that point, because your message is already encrypted.
The second you give your unencrypted message to any third-party on any device with an input box and a network connection, is the moment you made it public. If I had to be extremely sure that my message isn't read by anyone else, typing it into a mobile app or a web browser isn't the place I'd start - it would only be done as a last resort.
You cannot. An app can update just like a browser tab. In fact, a very many apps are just frickin' webviews.