Allowing apps to send SMS exposes users (think: kids) to all sorts of headaches such as auto-signing them up for premium content. And Apple has no mechanism to prevent this other than blocking the APIs entirely.
And you can use a third party browser engine. You just can't be dynamically compiling code at runtime which is needed for JIT Javascript. Being able to do this defeats the purpose of having an app curation process.
Signal doesn't auto-sign up kids for premium content. Firefox doesn't run local apps.
If these were actually security restrictions then they would be privileging their own applications by waiving them for themselves, which is just as bad. Meanwhile in practice the effects of these "security restrictions" rather than rules against apps taking the bad behavior you're actually objecting to are suspiciously convenient for them -- their users can't switch to Chrome and it gives iMessage a larger network effect, and keeps people on iPhones when their friends have iPhones because they're all using iMessage rather than Signal or Whatsapp etc.
No but having an SMS API allows dodgy apps to signup kids for premium content. When dealing with security issues you don't just imagine the perfect case scenario.
And you use Chrome, Signal and WhatApp on iPhones. Not sure what you are talking about here.
> No but having an SMS API allows dodgy apps to signup kids for premium content.
So reject the dodgy apps then. What justification is that for denying it to Signal? In particular, what justification is that for denying it to Signal but not iMessage?
> And you use Chrome, Signal and WhatApp on iPhones. Not sure what you are talking about here.
Signal and WhatsApp on iPhones can't send SMS. Chrome on iPhones isn't Chrome, it's Safari with a Chrome logo.
> You don’t think it’s a security issue for apps to be able to intercept your text messages
Apps, like Signal, that you have given permission to intercept your text messages? Why would that be a security issue? You gave them permission to do it because that's what you wanted.
> Of course the OS vendor is going to have privileged access.
Also known as "private APIs" etc.
> Do you also want third parties to be able to reprogram the Secure Enclave?
Why would that be unreasonable, if done at the request of the device owner?
Allowing apps to send SMS exposes users (think: kids) to all sorts of headaches such as auto-signing them up for premium content. And Apple has no mechanism to prevent this other than blocking the APIs entirely.
And you can use a third party browser engine. You just can't be dynamically compiling code at runtime which is needed for JIT Javascript. Being able to do this defeats the purpose of having an app curation process.