[ben_w]

It being a walled garden is the only way I’m willing to trust it for accessing all my account recovery emails, my 2FA SMSes, my bank details, and the sensor package that can listen to everything I do while GPS tracking me and monitoring my heart rate and gaze if I happen to be holding it where I can see the screen.

Of course, that doesn’t mean I like being stuck with an American cultural hegemony that says sexual content is forbidden, or that needs an encryption export licence from the USA government for apps written by non-Americans for non-Americans, and which still demands annual reporting to the US government for using https.

I’m happy with any walls that meet basic security standards, but I do want a wall, even if it would be nice to choose which wall.

[roblabla]

The walled garden is not what protects your email, 2FA SMSes or bank details. The OS sandboxing and permissions system do that. The two are often conflated, but the two concerns are orthogonal really.

Heck, you could easily imagine a system where software distributed outside the app store can only access a subset of perms if security is such a concern, and that'd still be less anti-competitive

[threeseed]

Due to the way iOS works (dynamic dispatch) private APIs can only be prevented through an App Store review process.

And many of those APIs can be used to extract enough information to fingerprint the device, determine your location or steal your data e.g. accessing the list of WiFi networks or browser history.

So no. The two concerns are very much related.

[brmgb]

> Due to the way iOS works (dynamic dispatch) private APIs can only be prevented through an App Store review process.

That's complete nonsense.

Dynamic dispatch has nothing to do with the ability or not of a program to access API. Dynamic dispatch is the selection at runtime of the correct version of a polymorphic function. Obviously, you can sandbox programs written in languages using dynamic dispatch.

[threeseed]

Be curious how you plan to prevent access to Apple's private APIs in Objective-C, which uses dynamic dispatching, without breaking existing code.

I am sure Apple would love to know how you've managed to solve this.

[gpderetta]

sign existing code.

[ben_w]

They do, this is an argument about how they decide when it is OK to sign that code.

[t0mas88]

You could easily argue that Apple has built an OS that is deeply broken and insecure if they aren't able to technically enforce permissions of apps to do certain things. Virtually any other OS has that capability.

[gridlockd]

They can't be prevented reliably even through the App Store process - that's simply impossible.

The point of a private API not security, it's to distinguish between the public interface that is meant to be stable and implementation details that might change.

They might do some rudimentary checks to catch obvious usage of private APIs, but it's not part of the security model and still apps show up on the App Store that use private APIs, all the time.

[appleflaxen]

they are related because apple plugged one process into the other.

but there is nothing intrinsic to their operation that requires it, and apple could un-plug it.

this is like apple arguing that IE is central to the fabric of windows, and can't be removed during the european antitrust suit.

it's dishonest, but apple will likely make the same claim.

[Joeri]

Heck, you could easily imagine a system where software distributed outside the app store can only access a subset of perms if security is such a concern, and that'd still be less anti-competitive

I think this system is called the world wide web.

Apple would have a much stronger case if mobile safari were a first class PWA platform, instead of being almost useless for PWA's. Then the choice would be: make a PWA and live in the browser sandbox, or go through approval and be on the app store.

[madeofpalk]

I really don't think so. there are many classes of applications that just do not work on the web platform.

A podcast player or music and video streaming app, or a game like fortnite, are not going to work as web sites.

[rimliu]

   > but the two concerns are orthogonal really.

They are not, really.

[daveoc64]

Your stance seems nonsensical to me, given the fact that Epic was clearly able to sneak something that violates the rules past Apple's review process.

It's clearly not possible for Apple to actually check all functionality of every app, particularly as it's so easy to hide it or to put it in an embedded web view.

In this case, Epic managed to put an alternative payment method in - but they are a trusted brand, so there's no real security issue overall.

But could some other developer do the same thing and harvest payment details? Of course.

[mdoms]

> It being a walled garden is the only way I’m willing to trust it for accessing all my account recovery emails, my 2FA SMSes, my bank details, and the sensor package that can listen to everything I do while GPS tracking me and monitoring my heart rate and gaze if I happen to be holding it where I can see the screen.

Sorry I'm not following. What does any of this have to do with the app store?