It is interesting that apple doesn't allow user loaded executable code in apps. Yet allows chrome.
AFAIK
every web browser on iOS is just a "skin" for the same built-in Webkit engine used by Safari.
So if you convert iDos to create webasm byte code and then ran that in apple's javascript engine would it be allowed?
Seems sensible on the surface - since you can download and run arbitrary webasm anyway, but that would be a question for Apple. It could still increase the "attack surface" by adding another route for code to get from the Internet into the javascript engine - the devil would be in the details.
This isn't about pretending that Apple's Javascript Engine is 100% secure - it can't be - it's about thinning out the hordes of security threats it might have to deal with.
I think people need to decide whether they want a hobbyist pocket computer/game console or a phone... because the first needs to be able to run arbitrary code while "phone" is rapidly becoming a synonym for "credit card, ATM, bus/train pass, ID card, computer unlock key, car keys, 2-factor authentication tool..." and really needs to be
not able to run arbitrary code.
Currently, I have an Android phone partly because my instinct is that I want to install whatever I want - that was the reasoning a few years ago when I bought it. I'm increasingly needing to use it for 2FA, so I'd already be reluctant to install anything remotely suspicious on it, and the day on which I decide to start using it for payment and e-banking will probably be the day I finally switch to iPhone... not that I completely trust Apple, I just trust them a bit more than Google and/or a phone manufacturer who loads their Android phones with proprietary bloatware.
I guess Apple also have to worry about reputation, a problem that isn't dictated by logic: Here in the UK there was a bit of soccer a couple of weeks back which one of the main TV channels, ITV, live streamed, but their iOS/Apple TV app fell over and couldn't get up at a critical moment. Do you think the headlines were "ITV Player App fails during semi-final (oh, the humanity!)"? No, of course not, it was "Apple TV fails during semi-final (oh, the humanity!)". If some eejit sideloads some malware and has their bank account raided it will be "I lost all of my money because of scam iPhone App" not "I ignored security advice and got myself pwned". If someone writes an App to crack Netflix/Spotify/whatever then it's going to be more profitable to sue Apple than the Ruritanian teenager who actually wrote it. Look at the way "Kodi" - a perfectly legitimate bit of home theatre software - has become unfairly associated with piracy because of the profusion of third-party "crack" plug-ins.
There
is a question over the App Store and anti-competitive behaviour (just not the nonsense of Fortnite et. al. wanting to have their cake and eat it) - but that should be a question of
improving Apple's transparency and consistency over what is allowed and maybe making them take a bit of financial responsibility when they change their mind. In this case, the
problem seems to be that Apple made a mistake approving this app (which,
duh! is
all about running executable code) in the first place, and doing a U-turn on it after the fact certainly harms the users who have bought it, and maybe the developer (although I'm vaguely surprised that this developer didn't know about the executable code prohibition).
NB: or, join the 21st century and just run the code on a remote server and stream the results to any web browser (or download the transpiled webasm) -doesn't even need an app. Companies are doing it with modern 3D FPS games, so it shouldn't be a problem for 640x480 16 colour stuff! Don't want to maintain your own server? Make a server that you can run on your Mac or a Raspberry Pi.
