iOS always asks for permissions. I suspect the same is true for unrooted Android.
But the general pattern is that you install some stupid vendor crapplet, and the first thing it does, is ask for every permission on your phone. Native apps can access a lot more stuff than ones restricted to a WebView sandbox. That's why they want you to use them.
They can "fingerprint" devices more easily. They have access to all kinds of subsystems, like Bluetooth, NFC, gestures (at low level), etc. Many require the user to give permission, but the first thing the app does, is ask for permission. As long as the statement in the request passes Apple muster, the app won't fail review, I seriously doubt that Apple will test after the app has shipped, to make sure that they stick to their word.
Some of this can be caught by the App Review process, if they do things like access private APIs, but we keep reading about clever app developers (and there are a lot of really smart crooks out there) that can fool the App Review testers. I read about a dodgy app that detected when it was in review, and modified its behavior (ala Volkswagen).
Really, I am not sure if there's a way to ensure the app works the same after review, than during. I would probably put a 4-day timer on it, starting the day of submission. After the timer expires, the app starts accessing private APIs via a hand-coded assembly interface. I would hope that Apple has already thought about this (It wouldn't be too difficult to test -just run it on a device with an advanced clock).
> They can "fingerprint" devices more easily. They have access to all kinds of subsystems, like Bluetooth, NFC, gestures (at low level), etc. Many require the user to give permission, but the first thing the app does, is ask for permission
So it’s a great conspiracy that apps have permission to do things after you explicitly give it permission?
No one is claiming that the app review process helps protect your privacy. The challenge is find something a native app can do surreptitiously to track you more than a website without you giving it permission bypassing OS safeguards.
And on iOS an app can’t access your NFC chip without you giving it permission.
“Running machine code” is not a security vulnerability. If your browser isn’t secure all sorts of exploits can happen from a web browser. That’s how a lot of the early iOS jailbreaks worked.
I used to write machine code, but I don’t, anymore. I am quite aware of how powerful it is, so I have to assume that the very smart people at Apple -who deal with current-day machine code- have a handle on dealing with it.
You didn’t state one example where it bypassed the sandbox. All apps on iOS are compiled to assembly. If writing in assembly magically bypasses a well designed OS’s security model, we are in trouble
But the general pattern is that you install some stupid vendor crapplet, and the first thing it does, is ask for every permission on your phone. Native apps can access a lot more stuff than ones restricted to a WebView sandbox. That's why they want you to use them.
No thankee.