> Allowing third party app stores doesn't change the API or permissions system already baked into the OS.
It does precisely that. Apple invests huge amounts of money into people and infrastructure to ensure that exploit code (that can subvert platform security) never makes it into the store or gets signed by Apple. If it does, they can immediately revoke it.
Third parties providing app downloads would not invest the anywhere near same level of care, for the most part. Platform security can only do so much if you can run any code you want to try to attack it.
But you cant run any code you want. You’re still in a restrictive sandbox, and you still need to explicitly request the limited expansions to the permissions scope that the OS allows the user to grant you - neither of which is dependent on the App Store.
I don't believe you understood my comment. Third party app stores with more lax, less resourced app review procedures would result in arbitrary attacker code being run on end-user devices, that, given enough time, would escape the sandbox. It's a layered defense: signing/developer identity account, app store review, sandboxing, specific user-approved permissions.
No one part of it is bulletproof, as we saw with CVE-2020-3883.
It does precisely that. Apple invests huge amounts of money into people and infrastructure to ensure that exploit code (that can subvert platform security) never makes it into the store or gets signed by Apple. If it does, they can immediately revoke it.
Third parties providing app downloads would not invest the anywhere near same level of care, for the most part. Platform security can only do so much if you can run any code you want to try to attack it.