because this is what computing used to be. you would download some random executable off some random website and hope you didn’t get infected with malware

except the stakes are much higher on your phone than your 1998 computer because your phone is more powerful: your phone has more personal data, financial info, and can consume costly telecom resources

No. The APIs are vastly different between modern mobile OSes and win32 from the 90s.

So random websites I go to are now gonna be able to take over my phone?

Why aren’t we seeing this scale of attacks using JavaScript?

Javascript was designed to be secure-by-default, and it takes a vast amount of effort to keep it that way

Native apps were designed to be powerful-by-default, and the amount of effort to bolt security on after the fact is orders of magnitude more

Not for mobile. The default is to have everything sensitive locked down.

They are victim of Apple's security horror story. Apple advertises their mobile app sandbox system is poor, to protect their dominated store.

The sole criterion for JavaScript was to design something that could be shipped as fast as possible. The early browser wars were all about pumping features out. Security had nothing to do with it.

> Javascript was designed to be secure-by-default

It absolutely wasn't, lol?

Where do you think half the zero day security vulnerabilities come from? JIT compiler for JavaScript!

Seriously, if the Play Store is what's protecting Android phones... then Google's OS devs fucked up.