> While in no ways perfect, Apple's walled garden gets rid of a huge amount of the enshittification found on other platforms, and makes it so that downloading a random app is relatively safe and unlikely to nuke your phone, steal your data, etc. Yes all the "allow access to location/photos/etc." are annoying, but at least the user has some level of control and consent.

Better than Android sure, but let's not get too hyperbolic. There's less outright malware, but a ton of questionable crapware with bad practices. Let's not forget that Android phones definitely also do sandboxing and just-in-time permission prompts.

Even among major apps, maybe especially among major apps, the Apple App Store is full of apps that blatantly violate Apple's own policies, often including Apple's own apps too, much like the Google Play store. As a simple example, apps that put crucial notifications in the same category as advertisements are all over the place, despite this being a clear violation of the policies. There is plenty of enshittification on Apple platforms.

Beyond that, I can go onto my iPad and search something that is likely to be popular and find a ton of very questionable apps. For example, search "Grand Theft Auto". Scroll down slightly. That sure looks like a lot of very questionable garbage apps full of questionable advertisements. You can repeat this with tons of popular search terms. Yes, it's one thing to trust the sandbox, but are you really sure you feel safe installing all of those?

And sure, App Store review policies do stop most malware and unwanted tracking software from flowing through, but that doesn't mean you should gamble your life on it either. There are plenty of lapses all the time. Probably at least a few times a year, though obviously we only see the incidents that generate a lot of publicity. Just for fun, here's a few incidents over the years that generated a lot of publicity:

From 2011: [1]

> As a proof of concept, [Charlie Miller] created an application called Instastock that was approved by Apple's App Store. He then informed Apple about the security hole, who promptly expelled him from the App Store.

From 2015: [2]

> XcodeGhost exploits Xcode’s default search paths for system frameworks, and has successfully infected multiple iOS apps created by infected developers. At least two iOS apps were submitted to App Store, successfully passed Apple’s code review, and were published for public download.

From 2025: [3]

> We found Android and iOS apps, some available in Google Play and the App Store, which were embedded with a malicious SDK/framework for stealing recovery phrases for crypto wallets. The infected apps in Google Play had been downloaded more than 242,000 times.

And even if the apps aren't malicious, that doesn't mean you're secure. If the idea is that you feel safe using random app store apps because the apps are neatly sandboxed from the system, well, first of all, that part can be accomplished without an app store or a 30% tax. Second of all though, a lot of people's important information lives inside of the apps anyways. Why compromise the phone to access the data when you can compromise the apps themselves? Consider this from 2017:[4]

> During the testing process, I was able to confirm 76 popular iOS applications allow a silent man-in-the-middle attack to be performed on connections which should be protected by TLS (HTTPS), allowing interception and/or manipulation of data in motion.

Obviously Android has more malware than iOS, but if the idea is that even an idiot can use an iPhone and not have to care about good security practice and just run completely random apps, I firmly believe that's a horrible idea. It definitely reduces risks for the average person, but in practice they definitely should be employing good security practices either way because the app store and all of the sandboxing in the world can not save them from themselves. For power users, it basically doesn't do anything meaningful to the security practices calculus and you may possibly be better off with CalyxOS or GrapheneOS depending on what threats you are most concerned about.

My point, of course, is not to say that Apple iPhone is particularly unsafe, just that these anti-malware measures are very far from foolproof, definitely not something you should trust your Bitcoins with. They do probably screen a lot of obvious attempts at malware, but a lot of subtle attempts definitely find their way in. They don't really at all stop the store from being flooded with shitware that does things that would probably harm the privacy of the average user, like apps for "file format conversion" that silently upload your data to the cloud and have dubious privacy policies, or apps that try to convince you to accidentally subscribe to some expensive subscription. This is the kind of thing the Google Play Store was definitely known for, yet it's actually also completely all over the Apple App Store right now. Apple doesn't really seem to mind too much, they're more concerned about periodically harassing people like the developer of iSH.

What Apple and Google both do have a tendency to do is tie their dystopian anti-consumer garbage in with their security features even when they don't actually have to, for reasons that I don't think anyone needs explained to them.

Personally I think the sky will not fall if iOS allowed people to choose to be able to sideload applications. The fact that this would cause a tension whereby Apple would have some pressure to change App Store policies in order to continue getting a cut of sales and have better ability to mitigate unwanted software is kind of a feature and not a bug. As it is today, Apple has basically no incentives to ever consider changing its policies in any way that wouldn't be beneficial to them somehow.

[1]: https://en.wikipedia.org/wiki/Charlie_Miller_(security_resea...

[2]: https://unit42.paloaltonetworks.com/novel-malware-xcodeghost...

[3]: https://securelist.com/sparkcat-stealer-in-app-store-and-goo...

[4]: https://medium.com/@chronic_9612/76-popular-apps-confirmed-v...