[ttubrian]

But the owner is able to bundle any arbitrary code into an app and run it locally on their own phone for 7 days.

Then it auto-deletes and there's nothing you can do about it.

The only class of malware that the currently-mandated friction is preventing is the kind that appears benevolent for 7 days then strikes on day 8.

[closeparen]

The time limit prevents this from becoming a normal distribution channel for legitimate apps, which would condition users to click mindlessly through it. It an attacker wants to try, most people will think it’s weird and scary. But developers only need to do basic developer things (cut builds) to get around it. Pretty clever if you ask me.