[hashstring]

What about turn JS off on your favourite iOS browser?

[prmoustache]

That wouldn't prevent possible malware apps using WKWebview from getting out of the jail they are running out right?

[hashstring]

Yes, I agree.

However I also expect that Swift-compiled apps can do this without a web browser component.

It’s a different threat model though, having installed a malicious app vs browsing a malicious site.

[prmoustache]

Which is the reason alongside telemetry I tend to favor using websites over apps.

Having said that there are apps that are considered mainstream and not malicious by the general population but can become a convenient backdoor for, say, a state actor.

[tholdem]

No need to turn JS off. Turn on Lockdown mode which disables Javascript JIT and WASM, which might be enough

[saagarjha]

It’s not.

[walterbell]

Brave on iOS can limit Javascript to trusted sites.