The fact this is a thing is part of the problem.
We should not be downloading executables and running them from random third parties in order to do mundane tasks. If they absolutely must have an app, it should be a web app, end of.
The fact this is a thing is part of the problem.
We should not be downloading executables and running them from random third parties in order to do mundane tasks. If they absolutely must have an app, it should be a web app, end of.
Here's a question, what if the executable was thoroughly sandboxed? Like Firecracker level with virtualization? And once you're there, what's the difference between that and a webapp?
I don't think apps are going away so users need to have a switch that says, "I don't trust this company with anything". Extremely limited Internet access, no notifications, no background activity at all, nothing. It needs to be like apps for the 2nd gen iPhone: so completely neutered that webapps look like Star Trek level technology.
There is beyond zero incentive for either Apple or Google to provide something like this. Google HAS network permissions on Android. You just can't access them. They're hidden from you, presumably because Google prefers more malware and spyware running on your phone.
The reality is that both Google and Apple are not just in on this, they created this situation. They not only don't care if you download 1 million apps from the app store that may or may not be malware, they actually prefer that model. Going as far as to sabotage the web to maintain that model. Going as far as developing their own browser which is broken to maintain that model.
Which, relatedly, is why any type of argument of "safety" around the app store or play store is complete and utter bullshit. Apple and Google want you to download as much malware as possible. All their actions demonstrate that.
Google is a step ahead of that, with their device attestation technology. Now apps can make sure they are only running in an approved environment.
This is the inverse of what he's saying. Attestation takes control away from users. Permissions give control to users. The ultimate user control is not using the software at all.
That's what the GP meant, wasn't it? "Good luck with your sandboxing, Google is already a step ahead in this cat-and-mouse game".