> Someone needs to ask Apple the same thing I've always been repeating: why can I visit pretty much any website with a recent browser and be safe, but can't run a native app in the same way? Hell browsers have bluetooth, USB, FS, etc access now as well.
> What, their shitty app sandbox isn't all that good or something? Methinks the real reason is money.
Or maybe just because designing a good sandbox is really hard. Look at snap packages on linux. They're one of the most common way of sandboxing linux apps and come with significant limitations compared to unsandboxed software.
Yeah a lot of these questions are just obviously bad-faith and wouldn't be made in any case except for the fruit company. It's intentionally dragging down the discourse with dumb bullshit.
"selinux had an escape once therefore it's useless!" no, that's not how that works and you know it.
"gatekeepers should have an obligation to interoperate with third-party systems!" oh so google needs to run open SMTP relays to allow third-parties to build commercial operations on google's infrastructure and send mail to google's users? google needs to not block unwanted commercial solicitation from third-party operators because they "have to interoperate"?
etc etc
in this case - ctrl-f for "sandbox" and virtually every single one of the comments is some variant of the same obviously bait/flamewar comment.
the discourse is always really bad in these threads and frankly a ton of it is android users who can't help but roll in the shit and sling insults constantly ("apple sheeple who only care about blue bubbles", etc) and we've completely normalized them acting out (both as a society and here on HN) for some reason.
Lmao, salty much. I literally pointed out the same issue for Android as well; there is a sandbox, can I trust it and if not then why not?
The discourse is on why we accept that browsers can sandbox websites but we can't place the same amount of trust in sandboxing of apps and historically Android has been better at that than Apple because they actually allow you to do it in the first place, the caveat being that it's not really made clear if this is "safe" or not.
Apple is one step behind Android on this but they're _both_ many steps behind making it transparent to the user that "installing any app from anywhere is as safe as visiting any random website".
> What, their shitty app sandbox isn't all that good or something? Methinks the real reason is money.
Or maybe just because designing a good sandbox is really hard. Look at snap packages on linux. They're one of the most common way of sandboxing linux apps and come with significant limitations compared to unsandboxed software.