Is letting Google, Facebook or Apple control every aspect of our lives by sending them all our personal data, contacts and network information voluntary more secure?
I would rather run every application in its own VM under a different unprivileged user
P.s. the browser is the main attack vector on mobile, not only because it's so complex that bugs are everywhere, but mostly because web app security sucks
Browsers usually have fairly strong security models, since they are expected to constantly run untrusted code (which has nothing to do with web app security, FWIW). Apps rarely get this kind of scrutiny and often don't (Android) or can't (iOS) employ features that browsers can to do, such as multiple processes.
Many game engines do it as well, just think about DOOM mods
I think the point is that browsers are not as good as an OS as an application platform (given the limitations) but are as complex as an OS and have more bugs
The fact that mobile apps are terrible is not an excuse for having a terrible document protocol used for applications
Apple invented mobile apps as we know them today,but native apps in general have served people well for ages
We are at a point where a native app with some API is more maintainable than a browser app
Not even talking about the ecosystem and its fiascos, like npm corrupted libs used by millions without even looking at a single line of source code or the famous leftpad incident
It doesn't really matter where the weakness is, if it is exploitable
As Alan Kay once said "the web was made by amateurs at best"
I would rather run every application in its own VM under a different unprivileged user
P.s. the browser is the main attack vector on mobile, not only because it's so complex that bugs are everywhere, but mostly because web app security sucks