> why these restrictions aren't good for users

Because they strengthen monopolies, while providing little (if any) security benefits.

Furthermore, there's been plenty of prior examples of malicious apps passing app review, where an optimistic interpretation would be that app review is completely ineffective, and pessimistic would be that app review was more about the security of Apple's profit than their end-users'.

> In that case, are users better served with or without these requirements?

Promoting safe development practices is good, but in practice it will change little because they have no way of enforcing them (see aforementioned gaps in app review).

Where are all the security problems of Linux allowing "side loading"? Especially servers are very valuable.

That’s like saying everyone should carry grenades around because trained soldiers do. Linux servers do get compromised by people installing dodgy software but it’s nowhere near the scale of the same thing happening on PCs and phones because servers are mostly operated by people with the discipline and skill not to add some random site to their package manager.

Anyone who’s ever supported normal people or even talked with their extended friends and family knows that this is not something you can assume for systems used by the general public. There’s a huge industry social engineering people into installing dodgy software to get deals, porn, games, address scary security threats, etc. and the billions of dollars they made annually means that when your grandfather is on the phone with the call center person walking him through turning off every security measure, he’s probably thinking that they’re more helpful than his actual bank.

If normal people ran Linux, they’d be just as prone to run “sudo add-apt-repository“ as they are clicking through the Windows prompts now.

> because servers are mostly operated by people with the discipline and skill not to add some random site to their package manager.

I have the discipline and skill. I want to be able to run what I want. I don't need "help" from Apple. You will always have a choice of not installing an alternative app store, just like on Android.

> If normal people ran Linux, they’d be just as prone to run “sudo add-apt-repository“ as they are clicking through the Windows prompts now.

I installed GNU/Linux for my relatives, and they never did that in years.

> I have the discipline and skill.

This might even be true but that just means you aren’t the target market. Nobody is stopping you from running a full open source stack but I don’t think it should come as a surprise that 99% of the people using computers pick something easier and safer to use when it’s not your job or hobby. My Linux desktop experience goes back to 1994 and while it’s a lot better now I still have zero trouble understanding that trade off.

> I installed GNU/Linux for my relatives, and they never did that in years.

Again, think mainstream. Where that’s happened historically was most server-side stuff because Linux has much greater share there, but most of the business compromising users is focused on Windows, Android, iOS, and maybe macOS because that’s where almost all of the people they’ll make money from are. If desktop Linux became more popular, attackers would spend time on it and would have comparable success rates – likely even higher due to how far behind the Linux world is compared to macOS on sandboxing and code signing. Free software is a great thing but it doesn’t have magic pixie dust obviating the need to spend time on security like everyone else.

> Nobody is stopping you from running a full open source stack

Where are the instructions how to do it on an iPhone? No, even on Android it's impossible due to closed drivers and specs, making a lot of e-waste and, conveniently for corporations, a lot of sales of new devices every time the support is ended.

It seems to me that the duopoly removed any freedom to run what I want from me.

> It seems to me that the duopoly removed any freedom to run what I want from me.

They put a block on your credit card preventing you from buying a Purism or PinePhone? That sure is devious – or perhaps an indication that the market is behaving rationally and the real problem you’re encountering is that the 90th percentile buyer values different characteristics than you do.

> a lot of sales of new devices every time the support is ended.

If this is your concern, you should be pushing for laws regarding recycling to cover the majority of devices which are discarded after something fails. People routinely use old devices until they break, and the thing forcing upgrades is something like their bank not supporting an OS which no longer receives security updates, which won’t be resolved by flashing a completely unsupported OS.

I do use the Purism phone as a daily driver. The heavy weight of the duopoly made open specs and drivers impossible in the mobile ecosystem l, as every single manufacturer refuses to release their firmware and drivers. A lot of such projects failed in the past despite a significant demand (proved by many sold Pinephones). My phone is based on the motherboard from a completely different industry (automotive). That made this phone very expensive and simultaneously very slow, heavy and inefficient, compared with all modern smartphones. More details: https://puri.sm/posts/breaking-ground. Making this phone almost killed Purism the company; even today they can't provide all promised refunds.

> and the thing forcing upgrades is something like their bank not supporting an OS which no longer receives security updates, which won’t be resolved by flashing a completely unsupported OS.

Why wouldn't it be resolved by installing a secure, supported GNU/Linux? Only because banks force you into the duopoly. More alternatives would push the change.

> If this is your concern, you should be pushing for laws regarding recycling

This is exactly why I support forcing Apple to provide a way to run what I want. Not because of the egoism. I don't even have an iPhone.

> There’s a huge industry social engineering people into installing dodgy software to get deals, porn, games, address scary security threats, etc.

But that happens everywhere, though. These same social-engineering ads show up in Safari, can manipulate you into giving away your banking details for a Nigerian prince or tossing your SSN and debit card into a little autofill HTML box. Call-center scammers will abuse your iPhone's callerID to make people think they're talking to the IRS or their car dealership. These scams are nothing new, locking out features doesn't "help" users any more than disabling the phone or browser does. Safety is Apple's abusive catchall excuse that they wheel out when they have to make the poison-pill taste like candy.

The real kicker is that Apple's own App Store has been caught hosting malware. You can't really claim the open web is some scary harbinger of manipulative software when Apple's own first-party service has been caught hosting fake LastPass apps and abusive weekly-subscription services. Meanwhile on Android, I get my favorite apps off Github and don't have to interact with the enshittification-encumbered Google Play Store.

You might want to consider relative scale: yes, there has been malware in the App Store but the questions you should be asking are how long it stays there, how quickly it’s blocked and existing installs removed, and what level of access it had. Look at the product pages for spyware marketed to distrustful parents and abusive spouses, for example, and notice how much less they can do on something like iOS or ChromeOS compared to a full desktop operating system and you’ll understand why this is discussed as a trade off rather than absolute good/bad terms.

It's not treated as a trade-off, outside Apple's marketing. Anyone that's seen Apple's service revenue relative to their hardware margins knows the score. If this was a conversation about iPhone malware then I should point out that people are being infected by Pegasus with nothing but first-party Apple software. There are active zero-click exploits with various levels of persistence on the market today; you want to talk about relative scale in a post-Pegasus era? Hell, a post-Snowden era?

You're echoing Apple's own flawed defense. You can't rob someone in one hand and claim to be paying them back with the other. You're either acting altruistically to actually help users, or you're perpetuating a cycle that benefits only the service-owner. With Apple's complete lack of service-based competition I don't think it's absurd to suggest they're intentionally misrepresenting the only App Store option to try and rescue it from certain regulation.

> It's not treated as a trade-off, outside Apple's marketing

It absolute is by anyone working in the field, and it’s not just Apple. A lot of places have been looking at ChromeOS for similar reasons, tons of people are running Kubernetes on trimmed down Linux systems which are far less “serviceable” than traditional servers because it reduces the attack surface massively.

> There are active zero-click exploits with various levels of persistence on the market today; you want to talk about relative scale in a post-Pegasus era?

Yes, actually. Your emotions are clearly strong on this issue but you really want to get some data and analyze it – for example, how long are users left vulnerable for traditional operating systems versus locked down ones or how hard is recovery?

Nobody is saying that there’s a universal optimum here but there’s clearly a trade off which people should consider when deciding what’s better for their situation. If you don’t need to run arbitrary binaries, can meaningfully segregate data between apps, etc. the benefits of breaking with tradition is pretty high and a high percentage of people will never hit a downside.

WeChat does this as well, and much more (and who know what else more!).

But for some reason Apple is a-okay with that.