Part of the logic is that many extensions are very dangerous to users: the Grammarly extension, for example, vacuums up everything you type and sends your history to their servers. Most normal people don’t realize the trouble they can get into when installing extensions. Extensions can be as privacy destructive as anything on the web.
1. The job of Safari isn't to be everything to everyone.
2. Most tech enthusiasts just install Firefox or Chrome anyway.
3. Your web browser is by far the most critical aspect of computer security for most users. It controls the entire trust chain between yourself and your online bank. Your browser validates the security certificates. Your browser decides what to do with the passwords you enter. Your browser decides what to show in the address bar.
4. We know that most casual web users have suffered great privacy violations from dodgy add-ons, either by disguising itself as a useful tool or via drive-by installation. This isn't a hypothetical fear. It's very real.
5. Apple's unique selling point is privacy and security. Anything they can do to ensure that your grandmother's browser isn't compromised should be prioritised and applauded.
6. You can add untrusted extensions using the Extension Builder by obtaining a free cryptographic certificate from Apple. It's not trivial but it's just the right amount of onerous to stop your grandmother from being defrauded.
I don't know anything about that specific extension, but ...
Isn't that exactly the sort of thing the Apple walled garden is supposed to protect against? Surely anything that functions as a key logger and browsing history recorder violates their terms of service?
I'm fairly confident that this doesn't happen in Mozilla's addons repository. As I recall from the Stylish incident (Stylish is a similar browsing history stealing extension) they were not allowed to put this extension in AMO with the history stealing code, but it was left untouched in the Google Play store.
