I've played with some "web3" concepts. Mobile client tethered to a user-owned cloud counterpart (your "agent"). RESTful API's to the rest of the world run from the agent, and presentation is a backend function of your cloud agent handing back to your mobile device.
So you control caching, sizing, and the protocols control semantics for what you're accessing. This means the SW on your own device doesn't have to offer an attack surface to anything except your own cloud agent.