Right; but the whole point of a browser extension is that it interferes with how other webpages work. But iOS apps can’t do that. They’re more like webpages themselves - sandboxed and run as isolated processes. In the absence of browser bugs, it should be safe to click any web link. Websites can impersonate one another. But my device stays secure.

iOS apps already work like that. Why does Apple have so little trust in their own security model?