[prmoustache]

That wouldn't prevent possible malware apps using WKWebview from getting out of the jail they are running out right?

[hashstring]

Yes, I agree.

However I also expect that Swift-compiled apps can do this without a web browser component.

It’s a different threat model though, having installed a malicious app vs browsing a malicious site.

[prmoustache]

Which is the reason alongside telemetry I tend to favor using websites over apps.

Having said that there are apps that are considered mainstream and not malicious by the general population but can become a convenient backdoor for, say, a state actor.