Everyone knows all the apps on your phone

The question is: Who is the beneficiary of the app sandbox? Is it you, the user, because no malicious processes can taper with your apps? Or is it the corporations, because they prevent you from modifying their apps – which makes you a pure consumer?

I think, for the tech-savvy, the latter is more accurate and I think it is very important to be able to crack open these sandboxes and tinker with processes. Be it to inject ad blockers, automate them, modify their appearance, etc. It should be a right of a user to be able to do these things.

Can't wait for App List Scopes, like we have with Contacts or Storage already. Not a day too early.

For a few months all the UK banks I have accounts in send the list of all apps to the mothership.

I noticed it first when suddenly Revolut refused to start up because I had an app installed, Natwest and Nationwide at least inform prior to the data collection, but weren't concerned.

It ended up with the long overdue confinement of all the banking apps in their dedicated profile, but I'd love to be able to confine them further.

I'm on Android 14 and I've been pretty happy with an app called Insular on F-Droid or Island on the Play Store. It let's you install as many instances of an app as you'd like and they'll show up in the work profile, ignorant of the others' existence.

What do you mean by "break open the app sandbox"?

> refusing to fix it

Google addressed similar isolation concerns (without breaking a tonne of APIs in incompatible ways) with Private Space and Work Profile: https://source.android.com/docs/security/features/private-sp...

I know people may not remember this, but Android was initially designed with interoperability in mind. It's sad to see both the system development and the community opinion to have turned against it so hard.

No idea, but we did have apps rejected because of similar permissions.

Inability to select text is a pain in the ass when you're midway through learning the language and only wants to translate certain parts. In native apps it's understood (app makers don't really give a shit about me), but when it's in websites it's like a slap in the face :)

> Strange. This inability to select any text has always felt like one of the most hostile things developers could ever do. It feels like pure vandalism.

Use Circle to Search? Native capability that works on every single app, and is close to perfect (with the exception of handling text at the very bottom/top of your screen that's covered by your navbar/Google logo).

Yeah, the app model of one page open at a time ever is such bad UX. Huge regression from the web. Funnily enough you get around it on an app like Reddit by opening pages in the web browser.

Every time I try to select a single word in a WhatsApp message I surprised for a second. It’s so strange that most apps that have text as their fundamental content don’t allow you to do this.

On modern mobile and desktop operating systems, you can always copy that portion of the screen to the clipboard and it will recognize the text so you can paste it anywhere.

Also, if my memory serves, native MacOS apps by default support selecting most text that isn’t part of a clickable element like a button.

> browser apps do have their advantages:

These are more like byproduct of the fact that web apps are built on the stack not suited for modern UI apps. It's literally a text typesetting engine pretending to be a rendering engine for high-performance UI.

So, it can also be framed as:

- everything is selectable, even what shouldn't be - buttons, drawers, video players, etc - content is zoomable, which most of the time just breaks UX in hilariuous ways. Developers have to do extra-work to either disable zoom or make hacks/workarounds.

"Everything is selectable" and "everything is zoomable" makes total sense if it's a blog post. If it's a UI for the modern app, it does not.

All the features you mentioned can also be achieved by a well developed PWA. Of course, minus the widgets or some deeper system integration (like controlling phone calls etc.)

+ working notifications - adblocker is more of a minus for publishers though

But mainly don't expect any good web app integration on mobile, because it would hit the store 30% tax.

In Photoshop panels, title (like "Layers") are not selectable. How is it worse UX or user-hostile?

It's worse on desktop. On mobile it just leads to accidental selection when you were trying to do something else.

I have literally never needed to select text in a UX element.

In the past, occasionally there would be an error message in a message box dialog that I wanted to copy and paste. And then I discovered that despite it not looking selectable, it actually was.

I don't want to accidentally select the text of my menu bar, or of a text box label, or a dialog tab title.

In theory. In practice not so much.

I've had enough browser apps try that on my phone. Usually they start to lag out and become unbearably slow due to the framework bloat, compared to native apps that have no such issues.

“I have never wanted to type the letter ‘e’ in any of the 100,000 times I hit the ‘e’ key on the keyboard; it’s always felt suspicious to me why keyboards even have an ‘e’ key which can’t be disabled” said the perfectly normal hacker news commenter.

> I have never ever swiped back intentionally in over 100000 swipe backs

Real question here, what are you trying to do when you "swipe back"?

Lots of people use iPads for content creation. I think your worldview on this topic is a bit narrow. There have also been multiple feature length movies shot on an iPhone, at least two of them by Oscar winning directors! Those weren’t done on a mobile browser.

I’m still bitter about Apple backing off their stance against using web tech in apps. Most apps that are really bad, are really bad because they’re just wrapping websites.

> Where most of the modern applications are either web wrappers or Electron apps.

Only if you're stuck on a depreciated platform like Linux. If you are on Mac, native applications – real applications – are much more powerful and usable than any web wrapper on Linux.

I've noticed Linux users have taken a habit of proposing their broken way of using a computer through the browser for other platforms as well. But on other platforms we are already spoiled with quality software.

Have you tried building PWAs for large user bases?

Here are some of the frustrations I had with PWA's.

There are massive differences between browsers and Android/iOS when it comes to storage, access to local files, and size limitations. Proper backup/sync of large files using IndexedDB, Cache API, or localStorage is not as straightforward as native storage.

Service workers aren’t designed for complex or long-running computations, But they’re more like lightweight assistants, and you would have a HUGE pain trying to accommodate all the different browser/OS limitations if you need predictable background sync/backup. This seems maybe to be better going forward due to frameworks like Ionic/Capacitor or Workbox.js tho.

PWAs are tethered to the web’s security model, which means they’re generally restricted to HTTP and HTTPS for communication. This limits direct access to protocols like SMTP (email) and FTP (file transfer). You’re stuck with web-friendly options like WebSockets or WebRTC, or you’ll need a server to act as a middleman. Building a torrent client would be really annoying due to the limited protocol access. The WebTorrent JavaScript framework, which can run in the browser, does not fully support traditional TCP/UDP torrent protocols directly but instead relies on WebRTC data channels. Therefore, your app will only connect to peers supporting WebRTC, which significantly reduces available torrents and peer counts. Also, there often is an added level of restriction to background processes on mobile.

There are also limits to access of the devices APIs: - NFC (partial Web NFC support in Android Chrome) - Bluetooth (Web Bluetooth limited to Chrome Android, absent in iOS) - Native contacts, SMS inbox, telephony, or system-wide calendars. - Some system-level sensors (barometer, precise accelerometer data).

Also: Web apps often perform slower on heavy graphics or computation than native apps due to lack of direct GPU access. I have not tested this myself, but I know this has gotten better.

Onwards: - PWAs can't directly register as the default handler for specific file types or URL schemes across the OS. - PWAs cannot reliably run background tasks (like precise location tracking, audio playback, VoIP callbacks, or continuous data monitoring) when inactive. - WebAuthn supports biometrics, but native biometric APIs (like Face ID/Touch ID) offer deeper integration for specific app functionality. This is a HUGE need for our firm, as we rely on it for easy authentication for our app, and customers love it over other authentication methods. - PWAs can't easily embed widgets into the OS home screen or system-level UI components like control center integration.

YES, PWAs are much more capable than some people think and could, in many instances, work just as well as a native app. (I use GeForce Now on iOS with not many problems.)

And this is not even touching on how much easier it is to use Android/iOS SDKs to put together an application, and user expectations (which might be WRONG when they think PWAs are lesser or more insecure, but these attitudes are still reality).

All that said, I prefer PWA over native myself due to publication freedom, but I get annoyed when you talk down to people, and you seem to be the one that doesn't understand that there are actual limitations.

It’s not really possible in practice, see https://news.ycombinator.com/item?id=43522667.

Sometimes it’s a compliance thing, e.g we can only show health data if your device passes some security controls first.

What happens when you visit whatever URL is being wrapped?

I almost always book via apps. I can compare flights by looking at Kayak (app), then actually book it in the carrier app. I think the workflow just has to adapt to the tools you’re using, and trying to follow the same methods you’d use on desktop just don’t work. I don’t think either particular method is objectively worse than the other for every use case.

You are comparing desktops to phones.

I do most things on my desktop for the reasons you say but on a phone multiple tabs etc is a pain.

> Sounds like a broken web app.

>

> You are currently using a webapp that doesn't do this. It's called Hacker News, and it never asks me to login every time on my phone.

Every time I visit Hacker News on my iPad I'm logged out. Apple has decided that if you don't visit a website often enough it will expire all your cookies for the site.

In practice that means I can log in to HN while I'm at the cafe one weekend and be logged out by the time I visit the next weekend.

Passkeys do definitely make the mobile web experience better, but unfortunately they’re still not widely supported. I’m not saying mobile web apps can’t be good, but a native app allows for a lot of UX optimization.

The nice thing about reddit is that no one is forcing you to follow such broach subreddits which appeal to the common denominator. In my experience, any subreddit which has more than a few millions members is going to be pretty terrible.

Find a more niche subreddit like /r/<city_name>running (although location subreddits fall into a similar trap) or /r/longdistancerunning and you'd probably find them to be more interesting simply because moderators are beholden to a smaller community and their job is more about making things interesting for their niche and cultivating a community rather than just dealing with slurs, bots, and spam.

As someone who has moderated multiple subreddits, and single handedly brought a subreddit from 0 to 100,00 subscribers, this misunderstands subreddits, moderation, and the relationship between Reddit and moderators. IMO subreddits were supposed to be like random forums on the internet of old, but with a shared substrate. Those forums were singularly owned as well and if you didn't like the operators you moved on, because there was no one you could escalate to.

There is fundementally a social contract between Reddit and its moderators. Moderators get autonomy and control, and reddit gets content that keeps users around. As long as Reddit does not pay moderators, autonomy and control is all they can give moderators. I'm investing a lot of effort, and I'd like to retain some control. IMO creating a community is more like starting an open source project on Github with a lot of community contributions.

If you take away autonomy and control from moderators, what is in it for the moderator? Imagine if github started seizing projects wholesale, taking them over and installing new maintainers. People would move off the platform.

Some people say that moderators are unpaid employees, but IMO that is only to the degree that moderators are required to carry out Reddit's agenda and priorities. We don't call OS maintainers github employees. I don't mind if Reddit benefits from my communities, as long as I can run it the way I want. If you take away autonomy and control, moderators absolutely become unpaid employees.

If Reddit didn't like my policies and took my subreddits, I would take that as a strong signal that Reddit is not the place to build my communities. The API debacle, protests, and mod removals caused me to decentralize my community more. I spam a linktree in my subreddit that links to Discord and other resources, exactly to protect against community seizeure by Reddit.

I think you touch on some real issues. One is of namespacing; folks can sit on valuable portions of the namespace and basically extract rent. We have the same issues for domains, and haven't solved it there. Some places like github semi-solve it by putting repo's in organizations, but that shifts the namespace issue to the organizational level.

The other problem is second generation moderators. Most moderators are terrible at succession planning, and so generally chose terrible successors. Many second generation moderators don't understand the original decisions that shaped the community, and what makes the original community successfully. Reddit should do more to encourage succession planning, and teach moderators how to do it.

You are confused.

You seem to think Reddit Inc wants anything but control over the users. They are not at all interested in discussion or being a social network. If they could achieve their real goal without all the annoying comments, they would shut those off instantly.

Reddit is a narrative pushing machine first and foremost. The money they make on advertising - IS NOT - from the one of two ads you see per page.

The Reddit stock price is not at all reflective of their tech. It’s based on ability to push thoughts to users.

It also helps that you need to have a certain _rank_ to be able to downvote on here, as opposed to the default rights you get on reddit.

Exactly this can be seen here if the discussion is about climate.

Even better understands might be pushing it. “Better tolerates”

The US Customs & Border Control apps ("CBP Home" and "Mobile Passport Control") could check for blacklisted apps and flag you to be deported to an El Salvadorean gulag without due process.

Targeting and profiling. Reselling the data.

This is true, but if they didn't allow this permission for other browser apps that would be anti-competitive.

How would the OS know if the app that the browser is querying about is actually the current page? For all the OS knows, the user might be quickly visiting a ton of play.google.com pages for the top 1000 apps on the app store.

Yes I know about User Enrolment. The problem is the managed Apple IDs are a complete and total dealbreaker. So I'm not even considering this as an option.

The reason is that Apple demands that the UPN (the account ID) and the email address are the same. For us this is not the case (our UPN is our employee number as an email address, whereas our email address is just our name). And obviously we're not going to change this for ten thousand users because Apple wants to (most of which don't have Apple devices because we're a European company). Also, you have to manually decide what happens to each user that has already created an account with their corporate email address and what to do with the content they purchased on it. This is not feasible for a large corp. We have commented this to our Apple account manager for years and years but they simply don't care. If you work in this realm you probably know that Apple doesn't really care about things that matter for their corporate customers anyway. The consumer is their main client and it shows (unlike with Microsoft where it's the opposite).

So the whole account-driven enrolment (User Enrolment) as well as everything else depending on managed Apple IDs like DEP for Macs is completely out of the window.

The problem in my opinion is that I as an admin can simply query for example all the employees that have something like Grindr installed. Considering the current political climate in the US (or worse, the middle east where this can lead to a death sentence in some cases) it's obvious why this is super bad. And really, why should we be able to do this at all?

I'm working on implementing this for the company, and the annoying limitations on iOS is that you can't clone apps. If you want Gmail (as an example) as managed app, you can't have another Gmail as unmanaged app. While the company can't see inside the Gmail managed app (without the app itself explicitly providing that feature), the company can remove Gmail (and any local data inside the app) at any time.

Fun fact from the MDM implementation - the most private way (at least to the company policies) to have a company-connected device is to buy a separate phone and install company's MDM on it. On company provided devices, the company may locate company's assets at any time but doing so on a personal device is a privacy breach.

I think it’s a personal decision. I really, really do not want to carry two huge slabs around. One is already too much.

Account driven MDM enrolment pushes the Pareto front when it comes to privacy/conveniency compromises from my point of view. I will ask my IT if they have already looked at it.

No I (as a mobile admin) don't think it should be like that at all, at least not for BYOD devices.

Android has this really well worked out with their work profile. It's like having a company VM on your phone. Really great separation.

But on Apple we can't use a similar option which I admit does exist, but there's too many strings attached (see the discussion above).

ask a separate device for work.

I guess rather than closing my Google account I should have removed the 2FA and changed the password to a weak one on the HIBP list (:

> I have zero non-functioning apps on my iphone due to denied access to contacts.

You don’t have WhatsApp then.

> It is so annoying that it’s either "give access to ALL my contacts and ALL their information… […] I wish we could limit the number of contacts and the level of information we give.

iOS added fine-grained (at the contact level) access to contacts data last year.

https://lifehacker.com/tech/you-can-control-which-contacts-a...

Check if GrapheneOS suits your needs. It has "contact scopes", ie you cna literally allow the app to see single contact only.

Same with storage scopes: one directory and that's it.

iOS hasn’t allowed access to contact notes for several years, and last year added support for providing arbitrary subsets of contacts to all apps.

Photo access has improved a lot in this regard recently.

>Apple calls these Smart App Banners. Webkit cooperates with iOS to present them according to a meta tag in the page

JFC. Are they disabled if you ask for the desktop site?

> Why was the initial trust so easily given?

Because this architecture predates the existence of the current privacy nightmare.

In fact it predates the general availability of the internet. How could a program you would install from a floppy/compact disk bought on a store behave maliciously if you didn’t or barely had access to the internet ?

And then it stayed like this because Windows is heavily marketed as being retro compatible.

I have absolutely done all of these things on Windows, even for commercial applications. Programs that keylog (i.e. calls SetWindowsHookEx) sometimes get tagged by antivirus though.

(Only) the process is elevated, but the process has a window on a shared session, and the OS does not successfully protect processes that share a session (and user, and registry, and disk, etc., etc.) from controlling each other.

From an API point of view, only one process is elevated. From a security point of view, if one process is elevated they all are, due to a lack of any effective mechanism that actually stops them.

That, but consider also how an application running with your user privileges has full access to the filesystem with those privileges, so it can read your entire home directory, for example. That includes your browser profile with all cookies, and all credentials that applications store there unencrypted. Not to mention how that allows for all the fingerprinting even the most nefarious marketer could wish for.

Oh, and the UAC confirmations to elevate your apps permissions to root? People will gleefully confirm them without reading what needs access anyway, so you’re golden to do whatever you want.

The security model of Windows doesn’t exist.

> I can't imagine windows intentionally keeps the plaintext password anywhere longer than it needs to be.

Can’t tell if serious or not [1]. Also any program can read any saved password out of Windows Credential Manager.

https://en.wikipedia.org/wiki/Mimikatz

Obviously there's no way for a malicious program to grab your login credentials that you've entered into an incognito tab that have been closed. There might not be sandboxing, but viruses can't timetravel yet. However that's not going to be much of a defense when many users use password managers, and are terrible at detecting malware (so it's only a matter of time before their passwords are keylogged).

Actually windows can keep them in memory for a lot longer than you'd think, hence Mimikatz https://github.com/ParrotSec/mimikatz

ita disconcerting to see such naivety around security issues on hn.

not that windows is keeping passwords in plaintext, but that it's not immediately obvious that un-sandboxed apps that run on your windows/linux/mac desktop have virtually unlimited other avenues to capture passwords given they can read the entire state of other windows at the very least.

I dunno maybe macos is slightly better, and wayland definitely has some things which are better about this, but desktop os and $locally_installed_app means $locally_installed_app basically has root, there is just an exploding amount of vectors.

I'd like to see a linux based distrubution use some of the sandboxing in Android, it would be a order of magnitude improvement over what is going on now.

presumably the report comes out every year and it's discussed for some time after that

I don't know, sounds like any week.

Blue tick/check = verified Twitter accounts, from when Twitter staff chose who to give the blue tick and only gave it to journalists, technologists, etc that the twitter staff wanted to amplify. Nowadays a blue check simply means you purchased premium, but we remember the original meaning. This is not an Indian thing.

PIN codes = postal codes.