I want to buy into a platform that is controlled tightly by a single entity that I trust to deliver a good user experience reliably; in this case, that's Apple.
I consider the tight control a feature and I'm glad this philosophy of computing is available in the marketplace.
I don't think it's an underestimated view, it's quite common. I just don't think it would be compromised very much if there was an optional escape hatch.
Buying a hypothetical Apple device and never flicking on the sideloading switch would still give you that. Whereas the person who generally prefers the security engineering, design choices and/or integration of iOS but wants some exceptions is now told "If you care about this so much, you can go over to Android.".
> Buying a hypothetical Apple device and never flicking on the sideloading switch would still give you that.
Until someone (my abusive spouse? someone with a narrowly scoped zero-day and physical access to my phone?) abuses the existence of this functionality in ways that compromise my security.
> Whereas the person who generally prefers the security engineering, design choices and/or integration of iOS but wants some exceptions is now told "If you care about this so much, you can go over to Android.".
I agree with you here. It would be great if Apple offered two classes of iPhone, one where such a switch was present and one where unsigned code was prevented from executing by hardware.
> I agree with you here. It would be great if Apple offered two classes of iPhone, one where such a switch was present and one where unsigned code was prevented from executing by hardware.
You don't even need two classes of phone, just a setting to allow unsigned code which requires a factory reset to change.
Nobody can compromise the data on your phone with unsigned code if switching to unsigned code requires erasing the phone, and you're going to notice immediately if your phone has been wiped, which is no worse for you than someone with physical access smashing it with a hammer and replacing it with another phone.
Could be very visible. E.g. on some Androids (and I think Chromebooks too), unlocking the boot loader adds a large exclamation mark or other warning to the boot screen.
