Weird I would expect that iOS sandboxes apps in such a way that it doesn't have any impact on other parts of the phone even if the app is hacked.

Apps are sandboxed, but WebKit runs outside the sandbox with additional privileges such as JIT and multiple processes and communicates with the app through IPC. This change is allowing third-party code to also run with these privileges as long as they follow certain security standards.

Imagine if they spent the last fifteen years hardening those privileges, rather than fighting like hell to keep everyone out of their treehouse.

like iMessage. Oh wait :)

iMessage runs at the system level, and there's an argument for it as it needs to run all the time to process incoming message notifications.

But I don't see why a browser should run at system level - if the app is closed, there is no reason for its code to be running.

iMessage has also been the main source of hacks for iPhones for years if not decades. Apple really struggle with securing iMessage.

It definitely does not need to run all the time, it could be woken up by incoming notification like all other apps (and I hope it is how it actually works).

> Nor do they want a 3rd party browser phoning home with user data.

Then why aren’t chrome, Tik-tok, etc. banned?

There's still app reviews? If Facebook really did ship as a browser, they could just reject it. Just like they reject everything else that goes against their (unwritten) rules.

The alt stores discussion is really <1% of users that'll use it and I don't think is an issue (but anyway, they are policing that too)

Yes apples does that only for the privacy of the users...

Even if someone got unsigned machine code execution on V8's or SpiderMonkey's JIT, the same could happen on JavaScript Core. All browsers could be vulnerable to something like this (it's just a matter of time before a vulnerability appears), and Apple should be focusing on securing their app sandbox.

In terms of privacy and third party apps, isn't the protection domain name based? Those are native apps, so browser protection wouldn't work.

I’d say nowadays it’s 30% for privacy/security reasons and 70% for profit.

Phoning home with user data does not require any browser engine, this has happened many times. Weather apps were selling gps data of their users (and some probably still are).

sorry but no

(1) chrome has a better security record than Safari so they are not protecting users by disallowing it. in fact they're doing the opposite. Preventing users from using more secure broswers

(2) the privacy protections are already circumvented in current WebView based browsers. How do you think Firefox iOS is able to sync all your history?

Arguably they're doing it to prevent any erosion of their native app market. other browsers provide more features like full screen support and PWA support, both of which are ways of providing app experiences that don't go throu apple's cash cow $$$$$ store

Do you have a source for (1)? I see a lot more CVEs for (desktop) Chrome than for (any) Safari. Also, a native version of Chrome doesn't exist yet on iOS, so how can you say it has a better security record?

> Nor do they want a 3rd party browser phoning home with user data.

I don't own an iPhone. Could for example firefox on iPhone (that uses webkit?) not phone user data home?

But it’s perfectly acceptable for their own browser to phone home. Absolute bullshit this is.