Are apps more secure than a website?

I read a vague comment a few days ago, that suggested that an app from a smartphone is more secure than using a laptop and a website URL.

The vague suggestion was that the app was Cloud based, therefore using Cloud based security.
I ASSUME the unstated part is that the laptop uses “local, laptop resident” security which is less robust?

For instance, I usually fire up the laptop and pay bills via opening my bank (a small, regional credit union) URL, logging in to the website, and using the Online banking Bill Pay service.

I can also do this from my smartphone via the bank app … (OR via loggin in to the bank website).

My phone’s hot spot is the ISP for the laptop. If that makes any difference.

This website offers apps as more secure:
Biometric ID verification, I don’t use biometrics.
APPs are vetted by Apple, Google, etc. Only use vetted apps.
Phones are more commonly a single user.

https://www.fremontbank.com/resource-center/insights-and-lea….

This Guardian article, 2017, is a bit more nuanced.
https://www.theguardian.com/technology/askjack/2017/jun/22/i…

The Guardian article says: These apps are different from traditional PC programs in that they are vetted by and downloaded from secure online stores. Further, these apps run in sandboxes to prevent them from doing bad things.

https://en.m.wikipedia.org/wiki/Sandbox_(computer_security)

Network access, the ability to inspect the host system, or read from input devices are usually disallowed or heavily restricted.

Is the APP more secure than the website?
Why?

There is also the question of smartphone vs laptop?

TIA

ralph

Ralph, I got a few thought on this…

1. I would suspect that much of this is based on your level of upkeep on either device. Either can be compromised, easily, by the proper parties… if not maintained. Heck, even if you do, I’d suspect…

2. On the PC, I just watch for “the lock”, in the address line. RE: this aspect on a phone, it’s still a computer… I don’t know the SSL level or encryption on the app, guess this pends the the developer?

3. Since 1985, my first PC… I’ve never had a PC, desktop or laptop, get up and walk out of my house, without my knowledge or permission. I have managed to lose 2 phones, data irretrievable gone. Mrs PL has lost or damaged 5. I see this as a big compromise in data safety/security. YMMV (BTW, we do NO banking on our phones, for this very reason)

4. So, what are you using the apps, on your phone, for? Banking? Less than this? Something specific that needs a specific/special portable device? Many more variables that I’m seeing…

Me… I put my $$$ on the PC, for security, if for nothing else. When it comes to money, security takes the lead.

ww.knockonWOOD.neverhadmyIDstolen.pl/safetyfirst/

That question is like asking if one building is more secure than another. It depends on how it was built and how well it is maintained.

If the developers of the website are security-focused (rather than just “get it working”), you’ll see security features including a certificate issued by a trusted CA, 2-Factor Authentication, and enforcement of strong passwords. All of this can be compromised if you have a keylogger or other malware infecting your computer. The most important part here is keeping your computer secure (including browser extension). Make sure you keep up with Windows/Apple/Linux updates as well as browser updates.

As far as apps go, Apple wins IMO. I personally use Android because I love the freedom of the OS, but that freedom has a cost. Android apps from the Google Play store are relatively safe, but there are still reports of problem applications more than Apple. If you side-load an Android app, all bets are off and you take your security into your own hands. The entire iOS ecosystem is a playground with a 10-foot hedge around it. It’s very safe, but you have to pay and play on Apple’s playground equipment. Given that culture and society is migrating to a mobile-first ecosystem, I would expect in the future that apps will become more secure and feature-rich. My personal goal is to have my entire financial life able to be managed via apps on my phone. I’m getting closer. Again, make sure you keep your device as up-to-date as possible with both the mobile OS and the apps through the app store.

Phaz

Those are good comments PL and Phaz.

Any device certainly can be compromised, especially if the security is not well maintained.
And, phones are more susceptible to being lost.

And, I, too, have been thinking to move all my banking, health, ie “sensitive” activities to apps via the phone.

If for no other reason than my phone is almost always with me, while the laptop is usually left at home.

The VAGUE comment I saw led me to think about apps as being “cloud resident” almost like the phone is a dumb terminal (like a chromebook).

My laptop depends on Windows Defender for laptop/computer.
The defense relies on updated files, etc.
The laptop is NOT protected against the “latest” threat until the update for that threat is released.

Apps. IF they are cloud resident are protected by the defenses of the server farm, and app administrators?

I assume this means the “cloud” environment is protected by Crowd, or Sentinel One, or Z-Scaler or Cloudflare, and is protected by the AI that is instantly/rapidly updated for any threat. Many commercial IT installations are also defended by Palo Alto or one of the other Big cybersecurity companies. Still, their defenses will likely be more consistently updated and more robust than the defenses on a home/personal desk top or laptop?

This would suggest Apps are more secure than my laptop.

ralph

I assume this means the “cloud” environment is protected by Crowd, or Sentinel One, or Z-Scaler or Cloudflare, and is protected by the AI that is instantly/rapidly updated for any threat.

Accounting for current "Z" cyberthreats?

[ww.subject2threat.withoutnotice.pl](http://ww.subject2threat.withoutnotice.pl)

I was talking to a security consultant that worked for one of the three major mobile phone providers. He was telling me that they give him a phone to use and they don’t allow one to put apps on the phone because the apps monitor your activity and track you. After talking to him over a year ago, I removed all social media apps that were affiliated with FB, Twit, Instagram Goog etc. Any major player in the marketing of our data was removed. Since then Apple has announced that you can turn this function off on their phones to increase your privacy. Since removing the apps and using a browser to access these social media platforms, I notice that FB no longer gives me ads on something I am shopping for. Also, I looked up how to turn tracking off for all the google stuff and it was simple to do. For most apps I turn tracking on only when I use the app. Tile apps are very intrusive and also send out a lot of information so I shut it down except when I use it.

The security guy said that when you close your browser, they can’t monitor you in any way other than
your ip address. I’m slowly trying to block big players from gathering my data and selling it. OH yes, I use PIA vpn service too. HTH…doc

https://www.cnet.com/tech/mobile/these-android-apps-have-bee…
https://www.nytimes.com/wirecutter/blog/how-iphone-apps-trac…
https://www.codeinwp.com/blog/stop-apps-tracking-you/

The vague suggestion was that the app was Cloud based, therefore using Cloud based security.

This is a very broad statement. It all depends on the app and its purpose.
Some apps are basically just a user interface to a server somewhere.
Other apps run completely on the phone.

For example a banking app would obviously need to connect to the cloud to access your count.
But a level or protractor app that allows you to measure angles just runs on the phone and generally has no equivalent on a laptop just runs on the phone.
While a notepad app could store your files in the loud or could store them locally on the phone.

Data traveling across the airwaves from a phone or a laptop are both sending encrypted packets if the cloud service (i.e. a bank) is properly designed.

If someone steals my phone and logging in sends a two-factor authentication (2FA)as a text message then they get access. If they were to steal my laptop/desktop the 2FA would fail if they didn’t also get my phone.
So there are lots of possibilities.

Mike