The author delves into the debate of whether web applications are less trustworthy than native applications for implementing end-to-end encryption (E2EE). The argument is that the web’s susceptibility to code injection poses a significant security risk compared to mobile and desktop platforms. Mobile platforms are considered more secure due to app store policies and OS security principles, while desktop applications face challenges in auto-updating and code security. Despite the gap in security models, the author suggests potential solutions like bundling, signing, and transparency mechanisms for web applications. The emphasis is on balancing security and user experience to make E2EE a mainstream feature across platforms.
https://emilymstark.com/2024/02/09/e2ee-on-the-web-is-the-web-really-that-bad.html