The recent Facebook scandal of running a service to receive requests for tracking shows the app store sandbox model is far more of a denylist vs an allowlist, it's leaky by design in the name of "developer enablement" or "user experience".

Yes! I meant to also say that, thanks.

Sorry for going off on a tangent, but last week I asked Gemini about security and privacy advantages of running Gmail and Google Calendar using Safari and DuckDuckGo Browser - Gemini made good arguments for using the browser versions: ironic!

I also prefer web versions for similar reasons, and enjoy them while I still can.

It's even funnier when the desktop app is just the web app with a wrapper, but the desktop app is worse.