logoalt Hacker News

freedomben10/11/20241 replyview on HN

No disagreement here, although if past experience has proven anything I think it's that companies will abuse whatever "security features" they can to accomplish their objectives. It reminds me a lot of the old adage, "the same wall can keep people in just like it can keep people out."

When the OS is fundamentally in the user's control, they are limited in what they can do, but when the OS disregards it's owners preferences/desires and enforces it's creators desires.

Minor thing actually:

> If APIs were exposed to allow you to bless your own applications with the right permissions, you would probably not care so much about root restrictions.

I absolutely agree with this in theory, but in practice I'm not sure it would ever work because they just aren't going to put in the work to build and maintain APIs for things they don't care about, and there would be a very long tail of things to do (and sometimes those things are legitimately a lot of work). Call recording being a classic example.

But all in all, I very much agree. I love those features when they are in my control on my devices. Biggest issue is, they virtually never are and the number of occurences is trending down.

Anyway,


Replies

Arch-TK10/12/2024

> I absolutely agree with this in theory, but in practice I'm not sure it would ever work because they just aren't going to put in the work to build and maintain APIs for things they don't care about, and there would be a very long tail of things to do (and sometimes those things are legitimately a lot of work). Call recording being a classic example.

I thought about this a bit and I think that at the end of the day, the entire OS is just a bunch of these APIs. And I do think there's even a market for these APIs, they just don't want to set that precedent, I don't think it has anything to do with it being a lot more work than anything else they expose. They already have some very privileged APIs you can bless some apps (e.g. think of MDM) except not for everything and in the case of the MDM APIs it's very difficult to use it as a normal end-power-user.