• GlitterInfection@lemmy.world
    link
    fedilink
    English
    arrow-up
    4
    arrow-down
    6
    ·
    edit-2
    9 months ago

    Look up code signing and entitlements. This is a compile-time thing and an App store validation thing.

    Regardless, what are you even arguing?

    All of the sandboxing and entitlements stuff boils down to asking the user for permissions to access the data I described.

    An app designed to look exactly like Facebook or Tik-tok, installed from a nefarious or less secure app store would reasonably expect to access contacts, the mic and camera, the username and password for that app, and a lot of other data that it can send to a server and use in ways that will negatively affect lots of people.