I have worked on many mobile app development projects, and I am grateful that google and apple try to protect the consumer. App devs are in full control of the stack in the app, and it is very easy to unintentionally (or intentionally) handle your data insecurely. For example, app devs can disable https communication with their own external APIs, secretly transmit your data on their own servers, harvest your data from other apps like contacts, and build on buggy/sketchy/outdated middleware. And, there is typically no visibility for the user. Yes - same is true for desktop apps. I appreciate Apple's recent moves to make this more transparent. More needs to be done. It is much harder (not impossible) to maliciously handle your data in browsers because of standard security features (like the green lock icon when https is enabled) and powerful dev tools to examine network communication and code libraries. After building many apps, I tend to only install apps from companies that have commercial pressure to handle my data properly.
Google and apple are not securing your data. Any app on your phone that uses the internet already talks to an external API. And they can sell your data to anyone at any time without google/apple ever knowing about it. And that's normal. https doesnt really do much to make your data secure. But google/apple arent even needed to force apps to use https. Your phone can just say it's required by default. Google/apple are just pretending they do something for you, it's just all about control, so they can have all the profit. It's basically the same as the government saying they do not allow any other foodstores other than storeX. Because other stores might sell you food that's poisoned or expired. So to protect u, we dont allow any other stores. And storeX can just decide what the price is, what food you're allowed to buy, etc etc. It's shit. You dont want this.
