Dangerous stuff still gets in the app store [1]. The correct solution to the problem of dangerous apps, is sandboxing and elevated permissions with user consent. We've solved this in the web browser, let's solve it for apps.
This line of argument is incorrect: It’s not the AppStore that makes secure apps possible: It’s the mandatory sandbox that apps run inside that actually makes the system secure. It’s fairly easy to push malicious code to the AppStore but bypassing the sandbox restrictions is what keeps bad apps at bay.
I'm quoted in the linked article, and I wanted to add just a bit more here:
It's hard to overstate how entrenched the app store paradigm has become. When you tell people "Hey, I released a new web app" the first thing they do is go to the App Store and type in the name. If the app doesn't show up there, they get confused and don't know where else to look.
Really, the only benefit of the App Store model is discovery – much more so than the claimed benefits of curation or security. The web offers an equal, if not better, security model – all web apps are sandboxed and must ask for permission to do anything. The browser sandbox is the most secure and well-tested sandbox in existence today. It has to be much better than native OS sandboxes alone since it can't lean on "curation" to keep outright malware off people's devices. The web sandbox keeps you safe even when you click a link to totally random website that hasn't been pre-checked by anyone.
The main issue is web apps just aren't discoverable right now. When you search Google, you get a lot of random stuff mixed in with web apps. I don't think consumers care what the underlying tech is – they just want solutions to their problems whether from a "PWA app" or a "native app". It's indistinguishable to consumers, except in discovery.
What fixed that is sandboxing. It's not really clear how much app stores do. And in fairness to Google, their malware scanning system is not tied to their app store. Stuff installed outside the store gets scanned too.
iOS safety measures do not rely on the App Store. The whole sandboxing and permissions model is there to protect one app from accessing things it shouldn't.
The entire premise of the App Store, permissions and sandboxing is that users should be able to download anything from the App Store willy nilly and know that it won’t do the same type of invasive crap that can happen on Windows and Macs.
The App Store is not a flea market. Podcasts can’t install malware, eat battery life, invade privacy, etc.
I’m very careful about what I install on my personal computers. I install all sorts of crap on my iOS devices with some type of assurance about knowing what they can and can’t do.
The spy/malware problem on the App Store is tiny in comparison to what you see on almost any other platform. Even if something nasty slips through review, it's access to the iOS device is very limited and gated through permission pop-ups.
the malicious app, even signed off the app store could also exploit unpublished vulnerabilities to gain elevated access and not require asking for permission. even or especially if it's not a full sandbox escape.
The appstore does jackshit regarding security. The reason ios is stable and not virus-ridden is the sandbox, which would work exactly the same way with or without apple’s forced filtering of apps.
But if they can't, then what you said was basically wrong. The app store totally lets you make malicious applications. Seems like security theatre to me.
Apple has never guaranteed the App Store is safe. They've pushed the idea that the App Store is safer than alternatives though. The iPhone EULA covers this.
I didn't say that Apple should or shouldn't do anything. Just that apps from the App Store are potentially safer than things in-browser. Of course JavaScript apps pose similar risks, but as Apple controls the JS engine (unlike the Flash runtime) they feel safer that way.
I don't think that's good enough, unfortunately. People just dismiss the dialogues or malware distributors just learn to provide instructions to bypass any consent dialogues. The benefit of the App Store is that it's impossible to install malware through it. Unless you can provide the better experience while still delivering on that point, it's not much better. As I mentioned above, it's better for techie people but not for the average user and certainly not good enough for my mother to use.
1. Sandboxing might help prevent certain types of attacks but the App Store review process goes above and beyond simple API restrictions and imposes rules on how you're allowed to use those APIs to prevent abuse of privacy. For example: just because I grant an app access to my contacts/photos for a legitimate purpose doesn't mean I want that company to exfiltrate that data and sell it to a third party. Sandboxing won't help you there.
2. Sandboxing is no panacea as we've seen from multiple Android malware attacks that abuse system vulnerabilities to break out of the sandbox. You're also underestimating the amount of damage that can be done even within the sandbox:
1. https://www.wired.com/story/apple-app-store-malware-click-fr...
reply