> Someone needs to ask Apple the same thing I've always been repeating: why can I visit pretty much any website with a recent browser and be safe, but can't run a native app in the same way? Hell browsers have bluetooth, USB, FS, etc access now as well.
> What, their shitty app sandbox isn't all that good or something? Methinks the real reason is money.
That’s not really the point. On the Web you have a single google.com, and on the AppStore you have a single "Google" app. If you allow multiple sources for apps you break this idea of a unique registry and allow anyone to create an app named "Google" or any other well-known brand. There’s no way of ensuring the "Google" app you’re looking at is the genuine one anymore.
I mean surely that's solvable in a similar way that it was for websites, ie SSL+certs registered to domain x. Can the OS (Android, iOS) not have a provision to show who any app is really from in the same way that I can see right now that: "Y Combinator Management, LLC. issued by Digicert"?
Unfortunately it's not really perfect solution for the web either as plenty of people still get scammed by fake urls + not bothering to check who the cert is for/from...
That’s not really the point. On the Web you have a single google.com, and on the AppStore you have a single "Google" app. If you allow multiple sources for apps you break this idea of a unique registry and allow anyone to create an app named "Google" or any other well-known brand. There’s no way of ensuring the "Google" app you’re looking at is the genuine one anymore.