As a general rule of thumb is using a software application’s app more or less secure than using their actual website?
For example the protonmail website versus downloading a protonmail app? Same with any other software application that you may use? Do you always choose one or the other if possible? Assuming functionality is the same for both?
Obviously your web browser and other attributes play a role in the security/privacy of the website, but an OS also may have unknown access to a downloaded app, especially apple or windows or android. So I’m curious from both a privacy and security standpoint.
I’m sure I’ll get beat up for less than specific parameters, but for the average user, what would be advisable in most cases?
I am no expert, but I would guess that generally a website is safer, so long as you trust your browser to properly sandbox the site/webapp. Plus, you can add things like ad-blockers and JS blockers in your browser, and not in an app.
That said, the modern web is so full of bloat, trackers, cookies, and other ugly things that a FOSS app is likely to be free from.
If the app is not FOSS, then I would definitely pick the website, myself.
In general I consider the site to be more secure, though often less feature complete.
To the best of my knowledge most are equally secure with apps using https under the hood so as not to reinvent the wheel but that is not always the case and not the easiest thing to prove.
Your question is not really relevant, at least for services over Internet, here is why :
In terms of security, a website could have as much holes as the software, but the website (probably holding your data) is open 24/7 and your app is not. But you choosing the app will not prevent the website being hacked, and there is a high probability that the app will create a connection to the website anyway.
In terms of privacy, a website requires a third party (the browser) between you and your service provider, so it’s one more link in the privacy chain so you should choose the app, but maybe the app is invading the privacy of you computer, so you should choose the browser
I think it’s really case by case after audit, i don’t think you can determine a general privacy or security rule based only on ‘software’ vs ‘website’
however, if your software doesn’t require or open any network connection or account, I would go for the ‘software’ => much less links in the privacy and security chain
In general, probably doesn’t matter. See below for details regarding protonmail specifically.
Is Protonmail Safe for Security and Privacy?
In addition to the comments of others … if the app is only available for iOS and Android (usually the case) then choosing the app forces you to use iOS or Android, which is a massive fail before you even run the app. So I will choose the web site. We’re all going to get L5 phones, right? So we might as well start now with choosing the web site. This is more a privacy consideration than a security consideration, although the choice of operating system clearly has security implications.
(In limited circumstances, there may be other workarounds e.g. Anbox. )
Once you include the server side in the question, it is almost impossible to answer. You can’t audit the server side. You don’t know how it is set up.
It may have a flawed architecture with a buggy implementation and lax operational controls. That’s about as bad as it gets.
Or it may be at the other end of the spectrum.
That raises a good question, another one that we can’t answer.
For some applications the data will be held on the server regardless of how you access it (web site or app).
It is also possible that for other applications the data is on the server for the web site but locally on the client for the app.
Anything that stores data locally comes with some issues: may never get backed up, may be difficult to migrate from an old device to a new device, more vulnerable to loss or damage or physical theft.
Anything that stores data in the cloud comes with some issues: may be being subject to unauthorized access and you may never even know about it.