undefined | Better HN

0 pointsSilhouette5y ago0 comments

So why not build a standard mechanism to install and update 3rd party software into the OS? It's hardly a radical idea. There are plenty of solutions to that problem that don't involve monopolising the distribution of all software on the platform.

0 comments

4 comments · 1 top-level

wlesieutre5y ago· 3 in thread

I agree in principle that this would be OK, except part of Apple's vetting processes is making sure apps aren't accessing private APIs.

I don't want to download a game and find out that it's secretly spinning up a background spyware process to monitor the screenbuffer and sending the screenshots off to god knows where.

SilhouetteOP5y ago

Surely the solution to that is not to have your OS expose "private" APIs that allow abusive behaviour? It's not as if they aren't widely exploited even on the official app store today.

Once again, trying to filter malware at the app store level is not a viable strategy for robust, reliable security, and it never has been.

Apocryphon5y ago

Presently, security researchers are already finding both major apps doing this on the Apple App Store (Facebook accessing the camera on the News Feed), and spyware apps happening on secondary Android stores (also on the official Play Store). Sounds like an opportunity for more security watchdog businesses.

wlesieutre5y ago

The recent camera and clipboard things aren't private APIs, so the review process isn't looking for them being used in sneaky ways. I do appreciate iOS 14 adding a user-facing indication so we can tell when it's being abused though.

j / k navigate · click thread line to collapse