[0x0]

Neat! Thanks again for the super-detailed clarifications!

Going back to my comment that started this sub-thread, I guess the point then still stands, "Too bad there's no way to side-load unsigned (or signed by a custom CA) apps while still maintaining the sandbox restrictions." (i.e. no "safe thirdparty appstores") ;)

[quick note on the camera roll thing, I think apps are denied access before the user confirms a location permission popup]

[another quick note on the exec() thing, exec() probably wouldn't work since appstore codesign only works on a single binary. probably related to why only static libraries are allowed, too]

[edit: the fork/exec thing may also be tied in to the strict limitations on background processing for appstore apps? interesting to see your cycript experiment there!]

[saurik]

It would be easy to provide such a thing on top of a jailbroken system, but in practice there are very few use cases for it: Apple's curation is only evil in a small handful of situations. Again: the vast and overwhelming majority of things people jailbreak to do (and even ten pay for in Cydia) are not apps and fundamentally cannot be installed as an app with an icon into a sandbox. It would likely then be a political death blow of that, as opposed to "ability to bypass the sandbox" we're all that was allowed (as explaining to people, even to developers, even to those actively at that minute using them, what substrate extensions are and how they have no similarity to the apps they modify, is sufficiently tricky that the response will just be "we already gave you the ability to side-load apps").