|
|
|
|
|
|
by zitterbewegung
852 days ago
|
|
|
Why is it a bad response from Apple to disable a feature that they deem as a security risk if you allow for alternative browser engines? Browsers represent a significant attack surface since they can run code and also transmit data across the network. So when they are allowed to exist now Apple has either two options. One is to do the simple way and remove progressive web apps or extensively test and perform security analysis on all of the new browser engines. A better compromise would be to make new browser engines have extensive testing by the developer themselves. So, what's the point ? It feels similar to the GDPR where I get a popup and I click disallow all cookies except for essential ones. This seems the best way to actually implement the directive because it is not only low effort but most secure. We would have a better compromise for testing to be done by the browser engine developer or Apple but its more likely security holes would fall through. |
|
|
And in fact, they are not being honest in this very case. Their entire spiel is based on the idea that the 3rd party browsers will be malicious, and permit data sharing between different PWAs. It's a risk they've just made up, because they're already making all kinds of other security requirements on 3rd party browsers before allowing them on the platform. They could just have made this one of those requirements.