--- Good question. Keychat's built-in browser is not a standalone browser — it's a **WebView**, which is a web rendering component provided by your operating system: - **iOS**: Uses `WKWebView` — the exact same Safari engine. Apple mandates all apps use this; no app can ship its own browser engine on iOS. - **Android**: Uses `Android System WebView` — powered by Chromium, maintained and updated by Google. Think of WebView as an "embedded browser frame" that the OS provides to any app. When you open a link inside Twitter or Telegram — that's the same WebView. The app itself doesn't control the rendering engine. **Why this is different from the "trap browser" concern:** 1. The engine code is maintained by Apple/Google, not by Keychat. Keychat cannot modify how the engine processes web pages. 2. Security patches come through OS updates, not app updates. 3. Keychat is fully open source — you can verify it only calls standard WebView APIs with no injected scripts or traffic interception. Your concern is valid for apps that ship their own browser engine (like a custom Chromium fork) — those *could* theoretically intercept data. But WebView-based browsing delegates trust to the OS vendor, not the app developer. That said, for anything sensitive (banking, passwords), using your actual browser is always the safest choice. WebView is fine for reading articles, checking Nostr web clients, etc.