For the sake of argument lets take as given that the Mac was unacceptably insecure (John Hodgman smirks at Justin Long “I knew it!”) until the iOS security model was applied.
It’s also not clear that the EU requires the PWA engine to also be replaceable but I’m personally in favor of that so we’ll stipulate that’s the case as well.
The term “security model” is doing all the work here.
The EU has no requirement for the “security model” to be changed. They require the browser engine to be replaceable.
The argument that Apple’s security model is the only one that can provide security is not sufficient. Those making this argument need to also prove that the browser engine can only be secure when made by Apple.
And yet the entire history of computing, and especially the history of browsers, browser engines, and app engines in general, have consistently shown that no one company has a monopoly in being able to make secure browser engines, competitive pressure has helped security across the board, and non first party browser engine makers have often made far more secure browser engines than the first party makers.
Apple fans are obscuring the issue by shouting “security model”. The real question is why this security model is irrecoverably damaged by replacing a first party browser engine by a third party one.
And why Apple, at a time of much greater computing power, much more advanced computer science, and far more advanced in browser engine theory and technology, is unable to do what Microsoft was forced to do 2 decades ago.
> The argument that Apple’s security model is the only one that can provide security is not sufficient. Those making this argument need to also prove that the browser engine can only be secure when made by Apple.
I don't think they're making the argument that this is the only one that would work, but that's a silly statement to even debate. Just coming up with a hypothetically security model that might work, is a huge difference from forcing a company to implement it. They're arguing against the second one, the idea that they should be forced to do this, by way of stating the current system works. That doesn't require address hypothetical other systems. I also don't think such verification of hypothetical systems is even possible. We have trouble enough understanding the security of existing systems.
"The MacOS security model has not suffered as Apple asserts." What does this mean? macOS security has radically changed on a number of fronts since the introduction of the iPhone. E.g., sandboxing, notarization, script execution/Apple Events, file-system access, microphone access, video access. I have no idea what your statement means.
It’s also not clear that the EU requires the PWA engine to also be replaceable but I’m personally in favor of that so we’ll stipulate that’s the case as well.
The term “security model” is doing all the work here.
The EU has no requirement for the “security model” to be changed. They require the browser engine to be replaceable.
The argument that Apple’s security model is the only one that can provide security is not sufficient. Those making this argument need to also prove that the browser engine can only be secure when made by Apple.
And yet the entire history of computing, and especially the history of browsers, browser engines, and app engines in general, have consistently shown that no one company has a monopoly in being able to make secure browser engines, competitive pressure has helped security across the board, and non first party browser engine makers have often made far more secure browser engines than the first party makers.
Apple fans are obscuring the issue by shouting “security model”. The real question is why this security model is irrecoverably damaged by replacing a first party browser engine by a third party one.
And why Apple, at a time of much greater computing power, much more advanced computer science, and far more advanced in browser engine theory and technology, is unable to do what Microsoft was forced to do 2 decades ago.