Apple's goal was to kill malware, not general-purpose computing[0] as a whole. Unfortunately it turns out that killing general-purpose computing is an instrumental goal[1] to killing malware: if you want a phone that cannot get a virus then you need someone pre-approving every line of code that hits the processor.
Once you have any entity having control over your device, even if it is for your own benefit and you completely trust that entity, a whole bunch of other competing business considerations come into play. In the case of adversarial interoperability, that means business risks that Apple doesn't want to take on. Let's say that tomorrow Elon Musk goes absolutely insane[2] and decides that third-party Twitter clients are hacking as defined by the CFAA. If Apple knowingly distributes those clients, then they could be held criminally liable for signing and distributing the app.
Less dramatically, adversarial operability implies a lot of support headaches. Apple wants to sell working software, not stuff that needs updates every few hours to keep ahead of updates done on Twitter's side to kill it. Even if they wanted to fight for adversarial interop in court, the underlying constraint of "pre-approve software updates to keep malware away" makes updating the software in real time to work around Twitter's workaround to the software untenable.
For a non-Apple, pre-everything-being-locked-down example of how much of a pain adversarial interoperability is in practice, there's the time Microsoft tried to make MSN speak to AIM. They stopped once AOL started using buffer overflow exploits to validate that you were running AIM[3]. AOL did not need to actually sue Microsoft with a spurious application of the CFAA. They just needed to wrap their API and client in enough garbage to make interop monetarily painful to support.
[0] In the Cory Doctorow sense
[1] AI safety term for "thing you need to do to get to other things you want".
Malware/app security is always the excuse when it comes to app stores, though.
But there's no excuse that their OS can't sandbox apps as best it can to prevent issues like this. Sure there will still be scam apps, but it should be a lot easier to install apps from outside of an app store.
It's just a blatant money grab otherwise; Spotify for example is extremely trusted and unlikely to be malware - why can't they have an "install" button on their site to install their app? Because companies that run the app stores want a cut.
Why aren't mobile OS' more like desktop OS'? Everyone acts like it's about security but then we get things like Pegasus and Google's Project Zero which is constantly finding stuff anyway.
Even now the granularity on permissions and the main problem of user apathy towards this stuff are solvable. I'm on Android and I still don't understand why an app can only ask for gallery permission/access to all files and why I'm not able to only grant it read access to a particular folder in a streamlined way.
All of this stuff should be designed around a user's intentions.
Once you have any entity having control over your device, even if it is for your own benefit and you completely trust that entity, a whole bunch of other competing business considerations come into play. In the case of adversarial interoperability, that means business risks that Apple doesn't want to take on. Let's say that tomorrow Elon Musk goes absolutely insane[2] and decides that third-party Twitter clients are hacking as defined by the CFAA. If Apple knowingly distributes those clients, then they could be held criminally liable for signing and distributing the app.
Less dramatically, adversarial operability implies a lot of support headaches. Apple wants to sell working software, not stuff that needs updates every few hours to keep ahead of updates done on Twitter's side to kill it. Even if they wanted to fight for adversarial interop in court, the underlying constraint of "pre-approve software updates to keep malware away" makes updating the software in real time to work around Twitter's workaround to the software untenable.
For a non-Apple, pre-everything-being-locked-down example of how much of a pain adversarial interoperability is in practice, there's the time Microsoft tried to make MSN speak to AIM. They stopped once AOL started using buffer overflow exploits to validate that you were running AIM[3]. AOL did not need to actually sue Microsoft with a spurious application of the CFAA. They just needed to wrap their API and client in enough garbage to make interop monetarily painful to support.
[0] In the Cory Doctorow sense
[1] AI safety term for "thing you need to do to get to other things you want".
[2] More than he already has
[3] https://www.youtube.com/watch?v=w-7PjunSxLU