Because they own and maintain the operating system, not the vulnerable software?
I understand that they've built this image of being a grand infinite protector for all their users within the walls of their garden, but they've had plenty of security issues within their own software, and plenty of cases where application developers have sidestepped their rules.
This relationship of trust with Apple is cultish at best. To say that I can trust Apple but not Mozilla? What are we smoking here?
If you add a PWA (with Safari) a year ago to your Home Screen and then change your browser to Firefox, and that PWA breaks out and steals some other application data...
Will you blame the software maker that you used to install the icon on the screen? or the one that is seemingly unrelated to the icon on your Home Screen?
Why silently change the underlying browser engine of an existing PWA without the user's knowledge?
That sounds like a bad UX. At least make the existing PWA stay with Safari and provide the ability to switch the underlying engine for each PWA afterwards if migrating is possible.
As I understand the legislation, Apple has three choices for how to comply with the law.
They can either allow third party browsers the elevated system access that Safari currently has in order to be able to access the data for multiple PWAs ... which compromises Apple's security standards, but puts Safari and other browser engines on the same footing.
Or, Apple can remove the additional security permissions that Safari uses in order to access the data of multiple PWAs so that Safari and other web browsers are on the same footing again.
Or, Apple can invest significant time and resources into creating a new sandbox for browser engines (including Safari) such that a PWA running in the browser engine will not be able to escape and access the elevated permissions of the browser engine or the data of other PWAs through a flaw in the browser engine.
Given the amount of effort that the third option would take, the low adoption of PWAs from most users within the European market, and the not going to compromise on the first option - the second option of removing security permissions from Safari (and other browser engines) to run PWAs is the only option to comply with the law in Europe.
> They can either allow third party browsers the elevated system access that Safari currently has
That’s a fable. Apple have a good history in security design. There is absolutely no way Safari have some "system access" that another app can’t have. Safari is probably just as sandboxed by the OS than every other app or else that would be an incredibly stupid decision.
If Apple wanted to implement PWAs correctly, they’d just run whatever engine + the web page in the same solid OS sandbox and there wouldn’t be any more security issue than with any App Store App.
Any iOS dev knows that it’s impossible for any app to gain any useful access without being granted the permission by the OS. The point is Apple is stuck being forced to hide that the security model of iOS is based on this (working well) sandboxing because it goes against their narrative that all the security comes from App Store policies (which they technically can’t enforce because all they’ve got to review is binary code).
It's not the Sandbox between Safari and Bank of America app - its the sandbox within Safari between the Bank of America PWA and Some Game PWA at issue.
Does Safari, as the browser engine running PWAs have access to the data of multiple PWAs?
If so, and Apple has good security - that's not a problem.
However, if Safari does have that access to multiple PWAs local data, and a different browser engine is used and also needs access to multiple PWAs data stores in order to be able to run them, what can Apple do to ensure that one PWA can't break out of its sandbox within the (as an example) Firefox PWA runner and access the data for another PWA?
If Apple cannot ensure that all browser engines have the rigorous design and/or history of security design and promptness of rolling out fixes when 0 days are discovered ... should Apple grant the additional security access for a 3rd party browser engine to be able to access the data of multiple PWAs?
If Apple should not grant that access because the other browser engines may not be as secure, then Apple (according to the law) must not grant its browser engine any favored position within the system.
The way to fill that requirement is to either figure out how to create additional sandboxes within 3rd party code so that PWAs running within FireFox cannot break out of their sandbox to access other PWAs ... or remove the ability for Safari to run PWAs all together.
And you pointed out yourself ... "If Apple wanted to implement PWAs correctly," - they apparently didn't implement PWAs correctly and are using sandboxing within Safari rather than sandboxing the PWAs and Safari combination at the OS level.
Should Apple invest the time to fix Safari and PWAs and 3rd party browser engines? Or given the low adoption of PWAs, is it less work and better security, and only a marginal loss of functionality to remove PWAs from Safari?
You think this uneducated me would know that this was a PWA and no app and also remember that it was installed by Safari, an app I apparently don't own anymore at this stage...?
Why wouldn't Safari remove all its PWA icons when I uninstall it, considering that it anyway cannot transfer the data to another browser...?