Malware is less of a problem for Android now than any point in Windows' history except for possibly the past few years, so I think that sandboxing has succeeded rather well, given that Windows has had 34 years to evolve defenses and Android has only had 11. Even early on in its life, Android was still better off than Windows at the time, and what do you know - Android has allowed sideloading and alternative app stores this entire time. That is, Android is doing now what we're discussing what Apple might do, and it's worked out pretty well for them.
Don't you think there's a direct correlation between the ability to install APKs from random shady internet sources and the spread of malware on Android? Even macOS has a worse malware situation than iOS for the exact same reason.
If you believe this has "worked out well" for Android, you and I must have very different definitions of the phrase.
You also didn't address my other point, which is sandboxing is only meant to address operating system level security, not developer abuse of legitimate APIs.
> That's not exactly a ringing endorsement, is it? Sure, the malware situation on Android is better than Windows. It's still far worse compared to iOS.
> If you believe this has "worked out well" for Android, you and I must have very different definitions of the phrase.
Yes, it's a ringing endorsement. Android is good enough - actually, better than good enough. I've seen at least five cases of Windows malware from friends and family over the years, and zero Android cases.
As the article you listed above shows, xHelper has had 33K detected cases. That's literally two decimal orders of magnitude less than Conficker, which had over 9M cases, in 2008, when there were, if anything, fewer Windows devices than there are Android devices now.
iOS is only better than Android because it sacrifices a lot of user freedom for a little security - which is not an acceptable tradeoff. If I pay for a device, I (should) own it - not the company. If you, personally, are not going to check the box that says "let me install third-party apps" then you, personally, are at no risk of infection, and you have absolutely no right to tell me that you think that I should not have the right to check that box.
> Don't you think there's a direct correlation between the ability to install APKs from random shady internet sources and the spread of malware on Android? Even macOS has a worse malware situation than iOS for the exact same reason.
Yes, there's a direct correlation. If you give users sharp tools, the dumb ones will stab themselves. This is normal, and good. Users deserve the sharp tools. Put a sheath around them, but device makers intentionally restricting users from things that they might reasonably want to do, for the sake of their own profit, is borderline theft.
> You also didn't address my other point, which is sandboxing is only meant to address operating system level security, not developer abuse of legitimate APIs.
Yes, because developer abuse of legitimate APIs is irrelevant to what we're talking about here, which is whether or not to allow third-party app stores. Why? Because (a) both Apple and Google's app store review processes have let malware through before and (b) sandboxing, which doesn't necessarily prevent developers from abusing legitimate APIs, is necessary for it - and both iOS and Android take advantage of sandboxing to make it harder for devs to do bad things. For instance, iOS (now) gives you a notification if an application accesses the clipboard. Even better, there are modifications for Android that allow you to intercept and fake API data (so that an application doesn't refuse to work if you deny it access to an API) - which is significantly better than anything you can get on iOS.
> As the article you listed above shows, xHelper has had 33K detected cases. That's literally two decimal orders of magnitude less than Conficker, which had over 9M cases, in 2008, when there were, if anything, fewer Windows devices than there are Android devices now.
That's some odd cherry-picking when I actually listed several different articles with much larger case counts. If it's magnitude you're looking for, HummingBad has infected 85 million Android devices, Chamois has infected 199 million, SimBad has infected 150 million. If you total up all of the Android malware attacks since the platform launched you're looking at several hundred million infections at the very least. This is not a small problem and is far from "good enough".
> Yes, because developer abuse of legitimate APIs is irrelevant to what we're talking about here, which is whether or not to allow third-party app stores. Why?
Sorry, I disagree. There are many APIs that can be used for legitimate purposes (for example loading my contacts so I can message my friend) that can be abused by developers who don't care about privacy (for example subsequently scraping my contacts and selling them to advertisers without my consent). Sandboxing or permissions or notifications don't really help address this issue, whereas at least with an app review policy you can say this behavior is unacceptable and you will be banned if you abuse it. Will the review process catch all of theses abuses? No. But it serves as a deterrent, and if you're comparing an app that is distributed via the App Store and subject to its privacy rules versus a version distributed directly via their website where they can do whatever the hell they want, I'd prefer the former any day. That's why it's relevant to the discussion of third-party app distribution.
> both Apple and Google's app store review processes have let malware through before and
No process is perfect and of course sometimes things will slip through the cracks, that doesn't mean there isn't value in the process. The statistics indicate that malware is a significantly larger problem on the Android platform compared to iOS and this is directly tied to the existence of side-loading and third-party App Stores.
1. Android is responsible for 47.15% of mobile malware infections compared to 0.85% on iOS. Windows accounts for 35.82% and IoT devices take up the remaining 16.17%. In other words, Android is now a larger malware vector than Windows itself, and your suggestion that malware is less of a problem on Android compared to Windows is statistically incorrect. (https://onestore.nokia.com/asset/205835)
2. Google's own reports show that Android devices that use side-loading have an 8x higher incidence of malware compared to devices that only use the Play Store, meaning it's specifically direct downloading and third-party stores that are the cause of the problem. (https://source.android.com/security/reports/Google_Android_S...)
Sandboxing has not prevented the proliferation of malware on Android, why would it be any different on iOS?
Sandboxing also doesn't really address the other major risk which is theft of personal information by supposedly "trustworthy" apps.