Any devs here? I’m wondering if an app is more secure / has more restrictions if installed through the App Store as opposed to a DMG you download on the internet. I’m mostly concerned with filesystem permissions: the app is RetroArch and it is available on both the iOS and macOS App Store. Is it safer and more private if it’s from the App Store? I know Apple’s filesystem security policy is around specific folders in Home (Desktop, Downloads, etc.) but do App Store apps get random access to “unprotected” folders in the user’s Home folder? Thanks!
Anything uploaded to the Apple App Store goes through a standard review process before Apple will let you release it on their store. Random DMG files you download from a website don’t.
Does that mean the app is more “secure”? Not necessarily. But you can at least be reasonably confident it’s not malware if nothing else.
There is always a chance of malware, but that chance goes down with reviews.
I did say reasonably confident, not 100% sure 😉
100%.
I only tossed that comment in there because there is always one Lemmy user who says “remember that one time” about a random app sneaking something past a reviewer.
Reviewers are humans and are imperfect. They’ve even missed garbage that I’ve accidentally submitted in a build. 😆
AFAIK the AppStore versions are often Sandboxed and have automatic update through the AppStore. I am not sure if they are better or more secure regarding the permissions API.
There’s more APIs available than those permitted for use by apps on the app stores, but apps don’t automatically become more dangerous just because the install origin was different.
Apps in the App Store go through a standard privacy and security review. It’s not perfect, but random downloaded apps don’t go through this process. But if you trust the developer, download away.
In the case of retro arch, AppStore downloads are new for them. Apple previously banned emulators in the App Store.
The developers recently added the AppStore to their offerings and they didn’t take away the ability to download the emulator the old fashioned way.
