> Well, this is exactly it. iOS should have redundant security policies that don't take fallible App Store reviews for granted anyways. Apple didn't really account for this, presumably to hedge the validity of a single App Store.

If your second sentence was accurate, Apple wouldn’t be leading the industry on app security as they have been. The mistake is seeing these as incompatible rather than complementary goals: the layers of protection on the device ate never going to be perfect so having a single point of review and, more importantly, revocation means that they have a chance to catch exploits first and to deter them with knowledge of what can be done in response. The notarization framework they describe seems like a compromise in that regard, being especially useful for linking binaries to a legal identity.

> Sideloading works fine on Android (or, Mac); getting it "right" is eminently an implementation problem.

Again, this depends on whether your definition of “right” includes as much malware or spyware. That’s a spectrum, and there is not an absolute right answer. Apple appears to be shifting to a model where multiple stores are allowed but there’s still some accountability for stores which don’t control malware, which seems like a better place to me than where we’re at now.

> If your second sentence was accurate, Apple wouldn’t be leading the industry on app security as they have been.

If Apple was actually leading the industry on App Security then they wouldn't be using the App Store as a security defense. They know that people are afraid of Pegasus-style malware and they want people to think it comes only from third-parties. In reality, Apple devices are already attacked from a variety of endpoints, many of which are first-party. Some of them are zero-click. Blaming malware and scamming on sideloading is an obvious stretch; both of those things exist on iPhone even without the DMA.

> The mistake is seeing these as incompatible rather than complementary goals

I do see them as complimentary; that's why I'm outraged that only one half of the goal is considered. Apple actively neglects security on their device to reinforce the validity of a centralized App Store. That is an objectively deteriorated experience for users, and when stuff like the Digital Market Act comes around it's a blatant ploy to buy Apple time.

I'm not denying the merits of your discussion, I'm proving that other platforms (including Apple-made ones) already get this right, so regulators have no reason to go let Apple off easy here. The status-quo can be better, and I guarantee you that this policy will be revised within the year. There is simply no excuse.

As the original comment states, there's not magic sandbox solution. It's a hard problem. The average user should be able to grant or deny capabilities. For things like location it's easy but when you think about the botnet case, things get tricky. What ip ranges do you allow?

There's no way to fix the problem natively, either. Apple's "solution" to this issue is checking every app personally, which is a fallible and expensive approach. Apple will pretend they're taking the high road, but it doesn't take a genius to surmise they only care about that process because it's expensive.

No matter how you slice it, this is already a problem and literally no one blames Apple for it. It's not Apple's job to blacklist phone numbers that contain scam callers, it's not Apple's job to protect Safari users from content that harms them. The EU is very unlikely to approve any scheme where Apple is still a gatekeeping party.