|
|
|
|
|
|
by coastalpuma
461 days ago
|
|
|
This is a great site, and thank you for the effort. One suggestion for an addition to the section on FOSS: Related to the issue of not being able to modify the source of apps we use, we also can't verify that an "open source" app on iOS is built from its claimed source code. We just have to trust the developer. This blocks true auditing of iOS apps for data privacy practices, something we know is needed given that the "privacy labels" are often deceptive https://archive.ph/Ak6qU. As such, this is a data security issue as much as a user freedom issue. |
|
|
I'll probably end up adding it myself if you don't want to, because it's actually something I wanted to include originally but forgot to.
This is definitely a huge issue with the current implementation of DMA compliance. Apple's mandatory DRM encryption scheme as part of the notarization process doesn't just block reproducible builds and the improved security that those offer, but also means that third party app stores aren't capable of auditing the apps they offer in any way. If Apple lets something slip through their notarization review (which is not an impossibility, since it's happened on the App Store before), then the third party store carrying that app will be unfairly blamed for the incident.