Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

The incentive for Meta, etc to start their own “anything goes” app stores was low when it was a possibility only on Android. It being possible on iOS changes the equation significantly with how iOS users are typically higher value targets due to how on average, they buy/spend more.

It also gives them the opportunity to normalize per-megacorp app stores across the board instead of them always being a weird Android thing like they would be if Meta opened an App Store on Android now.



I'm sure it'll be a weird iOS thing too if it happens. Apple is going to make it as difficult as they possibly can, the same way sideloading is not trivial on Android for normal users.

Also running a third party store does not have to mean being able to break privacy protections. If the ecosystem relies on app inspections that much it simply needs to be secured better.


> If the ecosystem relies on app inspections that much it simply needs to be secured better.

How do you secure something without inspection? We have health code inspections for restaurants, car safety and emissions inspections, IAEA inspectors visiting nuclear facilities… Should we throw all those out too? What replaces them, the goodwill and word of people?


What I mean is, the OS should not allow apps to do these things. Rather than inspecting the code and strictly banning any dynamic code (one of the reasons emulators are not allowed), the apps should just not be allowed to do things like call hidden APIs at OS level.


They don’t read the code afaik; they prevent memory page being marked both write and execute (with an exception for javascriptcore specifically).

W^X pages are one of the most widespread sources of RCE bugs, and banning them by default is a good idea.


The ostrich is saying that the technical sandbox controls of the is will still be present.


The OP... The technical controls of the OS...

Autocorrect and a lack of editing are a bad combo.


Those will never be good enough to overcome social engineering.


In this analogy, getting to design the system on which the apps run is something like being able to alter the local laws of physics so that car exhaust simply can't contain pollution.


> If the ecosystem relies on app inspections that much it simply needs to be secured better.

How likely is this when Apple aren't getting paid for apps any more? Who should pay for it?


No what I mean is that regardless of the apps that run, there should be no way to circumvent it. The OS should enforce this.


It's not always that simple. What if I make an app that asks for some data from you "for it to function", and then posts that data to somewhere it shouldn't, there's not a lot to be done about that from an OS enforcement perspective.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: