| Apple won't do that because it means creating a Mac enclave[0] inside of what is supposed to be a secure OS. Apple wants the Mac to be firewalled off from the rest of their product line because the Mac has root access and other things that let the owner tamper with device security. To be clear, you can keep such a device secure, but Apple believes the additional work to support keeping such an owner-controlled device secure is "working for free". To elaborate on that last bit: macOS ships with a number of utilities and frameworks specifically to detect and remove known-malicious software. macOS also has to operate notarization infrastructure for supporting non-MAS apps, as well as boot infrastructure to deliberately run untrusted or known-insecure OS kernels. None of their other platforms need this[1], because they have strict code signing enforcement. The web browser and developer mode aside, the only code that is ever allowed to run on device is code written by an entity with a business relationship to Apple. Anyone who wants to ship malware has to create a paper trail and expose themselves to getting a legal ass-ramming. Of course, in practice the enhanced security of iOS and its derivatives is really just an excuse to extract 30%, a price most app developers aren't willing to pay. Putting all your "real apps" behind a virtual display that you have to carry a separate device around for is a way to contrive an inconvenience whose answer is "ship a native visionOS app." I suspect the whole reason why Mac mirroring is even a thing at all is because Apple realized iPad apps weren't going to cut it on a $3500 VR headset, and this was their quick hack to make the Vision Pro useful while they figured out a way to browbeat their developers into officially supporting it. A task which, by the way, has failed miserably. [0] No relation to "exclaves" - i.e. bits of security-sensitive code that have been isolated from regular iOS system processes and run inside SPTM's "secure kernel" domain, but can still IPC back and forth. The most likely approach to "Mac enclaves" on visionOS would be enabling Hypervisor and shoving macOS in EL1. [1] EU DMA notwithstanding - in fact, much of Apple's anger regarding the DMA boils down to the fact that complying with it while keeping their devices secure means shipping macOS-like antimalware infrastructure on other platforms. |