[sneak]

This also shifts a tremendous amount of the burden for preventing system-level malware onto the app sandbox, which today is only one component of a multi-layered defense-in-depth system of notarization, entitlements, app review, etc.

To be clear I support letting people run whatever apps they want, but let’s not pretend that this won’t make the median iPhone more prone to have a malware infection (like Android). There are reasons other than anticompetitive greed that Apple does things this way (although I am sure greed is the primary motivator).

[mathiaspoint]

Apple doesn't instrument apps when they review them. That burden is already there, they've just convinced you otherwise.

[sneak]

I think it depends on the app and the entitlements. I would assume apps that request entitlements for system-level VPN apis are scrutinized more than calculators.

[troupo]

And Facebook spies on users and competitors for years despite all the "reviews": https://www.bbc.com/news/technology-47281906

Apple doesn't review apps the way people think it does.

[sneak]

The rules for Facebook, Instagram, and WhatsApp to get kicked out of the App Store are not the same as the rules for other companies’ apps to get kicked out of the App Store.

[mathiaspoint]

All they do either way is poke at the GUI and maybe watch the HTTP requests.

The real goal of the review process is to maintain control over the UX, not prevent malware. If you want to see a review process that stops malware read a Linux distribution mailing list.