You don't even need a third-party app to get a virus on iPhone. As long as you're signed in with your Apple ID, you're vulnerable to Pegasus and a number of other decoder-based payloads that can crash, manipulate or create an entire VM inside your iPhone.
Worrying about the contents of an Open-Source binary is small-fries, my friend.
Alternatively, just have realistic expectations of the devices you own. Everything you have is vulnerable to exploits and social engineering. Apple can't save you from that any more than Google, Microsoft, or even the Open Source community can. Apple pretending that they're poised to solve these problems is an illusion, and one you probably shouldn't argue in favor of.
What strawman are you fighting? What expectation did I say that isn't realistic? I did not state that I was against Apple allowing 3rd party appstores or against sideloading. I said that I prefer to use the offical app store, and I am happy that Apple is loosening the restrictions around 3rd party browser engines as I did not agree with it.
Maybe I am misinterpreting your argument? I feel like you stated that since state actors can hack my phone, I should stop worrying about security.
The appstore limited Facebooks ability to collect information on me. This is a fact.
> I trust Apple to do a decent job at protecting me [...] more than a 3rd party app store.
Arguing over App Store security borders on hypocrisy when there are gaping-wide exploits in the default iOS ecosystem.
Also, this bit:
> more importantly, my less tech minded friends
If your friends can't be trusted to use the internet without direct supervision, maybe they shouldn't have access to Safari, YouTube, Twitter or an iPhone either. It's a hard argument to strongman when the iPhone has a web browser packed in.
Worrying about the contents of an Open-Source binary is small-fries, my friend.