Hacker News new | past | comments | ask | show | jobs | submit login

> which would allow developers to cause all sorts of unchecked havoc.

This is simply not true. The security boundary is not at that layer. Calling private methods doesn't escape the sandbox.




Sure, but private methods are another vector - tracking and bypassing the IDFA and potentially acting as official Apple Apps to use/abuse things like Carrier/SIM info[0], updating the wallpaper for the user[1], accessing call history[2], etc.

0: https://github.com/nst/iOS-Runtime-Headers/blob/fbb634c78269...

1: https://github.com/nst/iOS-Runtime-Headers/issues/32

2: https://github.com/nst/iOS-Runtime-Headers/tree/fbb634c78269...


These are all security issues that Apple fixes by moving them outside of the process.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: