Those are both hypothetical that are very far from typical ways that people use apps on their phones.
An app might upload the image to a remote server. A website might parse it locally through JS - maybe disabling your connection, submitting your image, parsing it, then wiping your cached website data would be just as "safe".
The problem is the knee-jerk reaction that "some random website" is dangerous while some random app is not. You have to assume both are equally risky in this situation.
An app might upload the image to a remote server. A website might parse it locally through JS - maybe disabling your connection, submitting your image, parsing it, then wiping your cached website data would be just as "safe".
The problem is the knee-jerk reaction that "some random website" is dangerous while some random app is not. You have to assume both are equally risky in this situation.