top | item 32998689

(no title)

Notably on iOS there's no good way to isolate unsafe native libraries from the rest of your app without violating app store policies, because Apple enforces apps to be single process and doesn't allow use of its own sandboxing apis.

discuss

black_puppydog|3 years ago

You have to understand, they enforce those rules for security reasons. /s

dagmx|3 years ago

I believe you’re able to use XPC Services to achieve that no?

Edit: actually no, XPC Services are Mac only so wouldn’t help on iOS.

WASI would be the closest thing to a secure runtime

biggerChris|3 years ago

[deleted]

londons_explore|3 years ago

You can compile your less trusted libraries to webassembly and then run them in a webview?

mattnewton|3 years ago

That sounds like a huge hit to energy use, if it is even feasible for something like implementing webrtc because of communication costs with the native process.

pjmlp|3 years ago

When most code is Objective-C it hardly matters anyway.

fsociety|3 years ago

Plenty of mobile code, especially at large companies like this, rely on a ton of C code. It makes it easier to support features on both Android and iOS. I’m sure there are more benefits I’m not aware of.

justapassenger|3 years ago

You only need a bug in a single line of code of your dependency to compromise the whole app. Most of the code doesn’t matter for security.