[devinegan]

Serious question. Does this open up EU iPhone customers to CrowdStrike-like security issues related to their phones if they use these new App Stores? Or at least reduce security and privacy of their devices by downloading less vetted apps? I am not pro either way yet I am just curious what the community thinks.

[Ambroos]

Apps still don't have system level access to anything, so no. iPhone apps can't automatically run in the background, run on boot or just access random data from random apps. If they can it'd be an exploit, and while the App Store gives you some extra safety in that they can scan for it / pull the app without updating iOS, now you actually need an up-to-date OS.

It's a small additional risk but really not that big at all compared to what you can do with Android sideloading or app installing on macOS/Windows, and not comparable at all to macOS kernel extensions or Windows drivers.

[redwall_hp]

No, not at all. Security is an ongoing process of system design, nothing that the App Store can offer. iOS is designed with an aggressive sandboxing model with very strict permissions for accessing privacy-impacting APIs. The App Store, additionally, does include all sorts of scamware that was let through the screening process.

Apps on iOS are strictly user space. They cannot run at a kernel level, which was the issue with CloudStrike. An oversight in CloudStrike's software, which assumed a downloaded file would never be in a broken state, prevented the system from booting.

Technically, Microsoft requires approval for software that runs at the level of CloudStrike. So, clearly, a review process is not sufficient to prevent that issue either.

[solarkraft]

First part: Not at all. Apps can‘t deeply integrate into the system and it’s always through very tightly defined APIs.

Second part: Technically yes, practically no. Apps are still tightly bound by the system.

Theoretically there can be exploits out of the app sandbox that could be caught before an app is released on the app store. But once the vulnerability it will quickly be closed - and while it‘s not known it also won’t be caught by the app store‘s automatic checks anyway, so it could also be inside of app store released apps.

[Underpass9041]

Yes, absolutely. Part of the reason I’m very happy that people around me tend to use iPhones is that I have some base level confidence in what they’re installing. I don’t trust nearly anyone to make good decisions about what applications they are installing, given how much information cellphones have it’s untenable to have them installing random garbage because some website said so.