|
|
|
|
|
|
by mikeash
3394 days ago
|
|
|
If you don't break out of the sandbox then you can't access anything interesting. Traditional UNIXoid workstations are quite different. A program running under your user can do anything your user can do. It can access and delete all of your data. An iOS app can't access or delete any of your data by default. Everything requires explicit permissions granted by the user, and even those are pretty limited. As long as the sandbox functions correctly, a malicious app will never be able to, say, read my financials spreadsheet out of Numbers, or my private texts out of Messages. I've yet to see any evidence that this process adds security. Given that the review process is extremely shallow (some automated tools are run to scan for private API calls and such, and two non-experts spend a total of about ten minutes with your app) so there's no hope of any sort of useful security audit being done. |
|
|