←back to thread

Is it possible to allow sideloading and keep users safe?

(shkspr.mobi)
205 points ColinWright | 1 comments | 30 Aug 25 12:03 UTC | HN request time: 0.201s | source
Show context
neuroelectron ◴[31 Aug 25 06:38 UTC] No.45080891[source]
Back when the Apple hardware for iPhone offered real isolation between apps, yes. But that's really hard to maintain and isn't PRISM-friendly. Neither Apple nor Google can justify offering real isolation for apps in the current market.
replies(1): >>45080954 #
ggm ◴[31 Aug 25 06:50 UTC] No.45080954[source]
I thought sandboxes were precisely what they are doing.
replies(1): >>45082005 #
1. neuroelectron ◴[31 Aug 25 10:15 UTC] No.45082005[source]
Yes but they're virtual now where the early apps were physically or logically isolated with memory isolation and secret vault. They still have the secret vault but the virtualization layer is all software and the OS has special access.

---

iOS and Android still provide per-app sandboxes, but those sandboxes are managed entirely by the OS kernel and higher-level frameworks.

Secure Enclave (iOS) and Titan M/TEE (Android) still exist for cryptographic operations, biometric data, and DRM, but access is brokered by the OS. The enclave doesn’t run apps; it just provides cryptographic functions.

OS privilege expansion: system services have visibility into app data at runtime for telemetry, background tasks, push notifications, etc. Apps are isolated from each other, but not from the platform owner.

Result: app-to-app compromise is still difficult, but OS-level compromise (intentional or not) gives broad access. This design simplifies features like push services, app updates, and sync, but makes "true isolation" (hardware separation, zero OS visibility) infeasible in today’s consumer mobile ecosystems.